ITIL Continual Service Improvement PDF

Over time business requirements will change, so even with
successful service operations in place, there is still a need

to re-align service provision with these changing business
needs. What was good enough last year is unlikely to meet
requirements next year; therefore improvement opportunities
need to be constantly assessed and implemented. This
continual cycle of service improvement will help protect against
losing competitive edge and will ensure that the best possible
outcomes are being achieved.
ITIL Continual Service Improvement focuses on the elements

involved in identifying and introducing a cycle of service
management improvements. It provides structure for the
approach to assessing and measuring services, and helps you
to avoid temporary fixes in favour of a continual improvement
ITIL Continual Service Improvement

in quality that truly benefits the business customer.
ISBN 978-0-11-331308-2
ANAGE
TM
ME
BES
2011 edition
NT PRAC
T
9 780113 313082 www.best-management-practice.com
UC
TIC
E PROD
7188 ITIL CSI AN Cover V1_3.indd 1-3 11/07/2011 11:54

London: TSO
CSI_Prelims.indd 1 09/07/2011 09:46

Published by TSO (The Stationery Office) and available from:
Online
www.tsoshop.co.uk
Mail, Telephone, Fax & E-mail

TSO
PO Box 29, Norwich, NR3 1GN
Telephone orders/General enquiries: 0870 600 5522
Fax orders: 0870 600 5533
E-mail: customer.services@tso.co.uk
Textphone 0870 240 3701
TSO@Blackwell and other Accredited Agents
Customers can also order publications from:

TSO Ireland
16 Arthur Street, Belfast BT1 4GD
Tel 028 9023 8451 Fax 028 9023 5401
Crown Copyright 2011
This is a Crown copyright value added product, reuse of which requires a Licence from the Cabinet Office
Applications to reuse, reproduce or republish material in this publication should be sent to

The Efficiency & Reform Group Service Desk, Cabinet Office, Rosebery Court, St Andrews Business Park,
Norwich, Norfolk NR7 0HS Tel No: (+44) (0)845 000 4999, E-mail: servicedesk@cabinet-office.gsi.gov.uk
or complete the application form on the Cabinet Office website, Licensing section.
Copyright in the typographical arrangement and design is vested in The Stationery Office Limited.
Applications for reproduction should be made in writing to The Stationery Office Limited, St Crispins,
Duke Street, Norwich, NR3 1PD.
The Swirl logo is a trade mark of the Cabinet Office

ITIL is a registered trade mark of the Cabinet Office
PRINCE2 is a registered trade mark of the Cabinet Office
M_o_R is a registered trade mark of the Cabinet Office
P3O is a registered trade mark of the Cabinet Office
MSP is a registered trade mark of the Cabinet Office
MoV is a trade mark of the Cabinet Office
MoP is a trade mark of the Cabinet Office
The OGC Official Product endorsement logo is a trade mark of the Cabinet Office
OGC (former owner of Best Management Practice) and its functions have moved into the Cabinet Office
part of HM Government www.cabinetoffice.gov.uk
First edition Crown Copyright 2007

Second edition Crown Copyright 2011
First published 2011
ISBN 9780113313082
Printed in the United Kingdom for The Stationery Office

Material is FSC certified and produced using ECF pulp.
Sourced from fully sustainable forests.
P002425506 c70 07/11

Contents
List of figures v 3.11 Frameworks, models, standards

and quality systems 42
List of tables vii 3.12 CSI inputs and outputs 44
Foreword viii 4 Continual service improvement
Preface ix processes 45
4.1 The seven-step improvement
Acknowledgements x process 47
1 Introduction 1 5 Continual service improvement

1.1 Overview 3
methods and techniques 71
5.1 Methods and techniques 73
1.2 Context 6
5.2 Assessments 74
1.3 ITIL in relation to other publications
in the Best Management Practice 5.3 Benchmarking 79
portfolio 8
5.4 Service measurement 85
1.4 Why is ITIL so successful? 8
5.5 Metrics 91
1.5 Chapter summary 10
5.6 Return on investment 106
2 Service management as a practice 11 5.7 Service reporting 111
2.1 Services and service management 13 5.8 CSI and other service
2.2 Basic concepts 20 management processes 112
2.3 Governance and management 5.9 Summary 125

systems 25
6 Organizing for continual service
2.4 The service lifecycle 27 improvement 127
3 Continual service improvement 6.1 Organizational development 129
principles 33 6.2 Functions 129
3.1 Continual service improvement 6.3 Roles 129
approach 35
6.4 Customer engagement 138
3.2 CSI and organizational change 36
6.5 Responsibility model RACI 138
3.3 Ownership 36
6.6 Competence and training 139
3.4 CSI register 36
3.5 External and internal drivers 37 7 Technology considerations 143
3.6 Service level management 37 7.1 Tools to support CSI activities 145
3.7 Knowledge management 38 7.2 Summary 152
3.8 The Deming Cycle 38

3.9 Service measurement 38
3.10 IT governance 42

iv | Contents
8 Implementing continual service Appendix B: Example of a continual

improvement 153 service improvement register 183
8.1 Critical considerations for
Appendix C: Risk assessment and
implementing CSI 155
management 187
8.2 Where do I start? 155
C.1 Definition of risk and risk
8.3 Governance 156 management 189
8.4 CSI and organizational change 157
C.2 Management of Risk (M_o_R) 189
8.5 Communication strategy and plan 162
C.3 ISO 31000 190
8.6 Summary 164
C.4 ISO/IEC 27001 191
9 Challenges, risks and critical
success factors 165 C.5 Risk IT 192
9.1 Challenges 167
Appendix D: Examples of inputs and
9.2 Critical success factors 167 outputs across the service lifecycle 195
9.3 Risks 167
Abbreviations and glossary 199
9.4 Summary 168
Index 239
Afterword 169
Appendix A: Related guidance 173

A.1 ITIL guidance and web services 175
A.2 Quality management system 175
A.3 Risk management 176
A.4 Governance of IT 176
A.5 COBIT 176
A.6 ISO/IEC 20000 service
management series 177
A.7 Environmental management
and green/sustainable IT 177
A.8 ISO standards and publications
for IT 178
A.9 ITIL and the OSI framework 178
A.10 Programme and project
management 179
A.11 Organizational change 179
A.12 Skills Framework for the
Information Age 180
A.13 Carnegie Mellon: CMMI and eSCM
framework 180
A.14 Balanced scorecard 180
A.15 Six Sigma 180

List of figures
Figure 1.1 The ITIL service lifecycle 3 Figure 4.5 First- to fourth-order drivers 64
Figure 1.2 ITILs relationship with other Best Figure 5.1 The relationship of services,
Management Practice guides 9 processes and systems 77
Figure 2.1 Conversation about the definition Figure 5.2 The value of a process versus the
and meaning of services 14 maturity of a process 79
Figure 2.2 Logic of value creation through Figure 5.3 Availability reporting 86
services 18
Figure 5.4 Service measurement model 88
Figure 2.3 Sources of service management
Figure 5.5 Technology domain versus
practice 19
service management 89
Figure 2.4 Examples of capabilities and
Figure 5.6 Service management model 90
resources 21
Figure 5.7 From vision to measurement 92
Figure 2.5 Process model 21
Figure 5.8 Number of incidents opened by
Figure 2.6 The service portfolio and its
service desk over time 96
contents 25
Figure 5.9 Comparison of incidents opened
Figure 2.7 Architectural layers of an SKMS 26
and resolved on first contact by
Figure 2.8 Plan-Do-Check-Act cycle 27 the service desk 96
Figure 2.9 Integration across the service Figure 5.10 Deriving measurements and
lifecycle 30 metrics from goals and
objectives 99
Figure 2.10 Continual service improvement
and the service lifecycle 31 Figure 5.11 Reported outage minutes for
a service 100
Figure 3.1 Continual service improvement
approach 35 Figure 5.12 IT balanced scorecard 104
Figure 3.2 Knowledge management leads to Figure 5.13 The expanded incident lifecycle 114
better IT decisions 38
Figure 5.14 Connecting business and service
Figure 3.3 Why do we measure? 39 capacity management 116
Figure 3.4 The seven-step improvement Figure 5.15 Business capacity growth model 117
process 40
Figure 5.16 Connecting service and component
Figure 3.5 Knowledge spiral a gathering capacity management 117
activity 41
Figure 5.17 Connecting businesses, service
Figure 3.6 Enterprise governance and component capacity
(source: CIMA) 42 management 117
Figure 4.1 From vision to measurements 50 Figure 5.18 Capacity management activities 120
Figure 4.2 Monitoring and data collection Figure 5.19 Sources of knowledge 123
procedures 55
Figure 5.20 Reasons for a risk management
Figure 4.3 Common procedures for process 124
processing the data 57
Figure 6.1 Activities and skill levels needed
Figure 4.4 Service level achievement chart 62 for continual service
improvement 134

vi | List of figures
Figure 6.2 Service management roles and

customer engagement 139
Figure 7.1 The application of the
architectural layers of the CMS 147
Figure 7.2 Service-centric view of the IT
enterprise 151
Figure 8.1 Process re-engineering changes
everything 157
Figure 8.2 Vision becomes blurred 163
Figure 8.3 CSI roles and inputs 164
Figure C.1 The M_o_R framework 190
Figure C.2 ISO 31000 risk management
process flow 191
Figure C.3 ISACA Risk IT process
framework 193

| vii
List of tables
Table 2.1 The processes described in each Table 6.1 Skills involved in Step 1 Identify
core ITIL publication 29 the strategy for improvement 135
Table 3.1 CSI inputs and outputs by Table 6.2 Skills involved in Step 2 Define
lifecycle stage 43 what you will measure 135
Table 4.1 Policy template example 49 Table 6.3 Skills involved in Step 3 Gather
the data 135
Table 4.2 Monitoring and data collection
procedures 55 Table 6.4 Skills involved in Step 4 Process
the data 135
Table 4.3 Procedures for processing the
data 57 Table 6.5 Skills involved in Step 5 Analyse
the information and data 136
Table 5.1 Pros and cons of assessment
approaches 76 Table 6.6 Skills involved in Step 6 Present
and use the information 136
Table 5.2 Average results of over 100
process assessments before Table 6.7 Skills involved in Step 7
improvement 84 Implement improvement 136
Table 5.3 CMMI maturity model 84 Table 6.8 Comparison of CSI manager,
service level manager, service
Table 5.4 Key performance indicators of
owner and business relationship
the value of service management
manager roles 137
processes 90
Table 6.9 An example of a simple RACI
Table 5.5 High-level goals and key
matrix 140
performance indicators 91
Table 8.1 Eight steps that need to be
Table 5.6 Examples of service quality
implemented, and the main
metrics 94
reasons why transformation
Table 5.7 Response times for three service efforts fail (from Kotter, 1996) 158
desks 97
Table 8.2 Table for sample communication
Table 5.8 An example of a summary report plan 163
format 100
Table 5.9 Service report of outage minutes
compared to goal 101
Table 5.10 Percentage of incidents meeting
target time for service restoration 101
Table 5.11 Sample key performance
indicators 102
Table 5.12 Service desk balanced scorecard
example 105
Table 5.13 SWOT analysis 107
Table 5.14 Sample SWOT analysis for CSI 107
Table 5.15 Departmental requirements 116
Table 5.16 Risk register 125

Foreword
Back in the 1980s no one truly understood IT There is an associated qualification scheme so that
service management (ITSM), although it was individuals can demonstrate their understanding
clear that it was a concept that needed to be and application of the ITIL practices. So whether
explored. Hence a UK government initiative was you are starting out or continuing along the ITIL
instigated and ITIL was born. Over the years, path, you are joining a legion of individuals and
ITIL has evolved and, arguably, is now the most organizations who have recognized the benefits of
widely adopted approach in ITSM. It is globally good quality service and have a genuine resolve to
recognized as the best-practice framework. ITILs improve their service level provision.
universal appeal is that it continues to provide a
ITIL is not a panacea to all problems. It is, however,
set of processes and procedures that are efficient,
a tried and tested approach that has been proven
reliable and adaptable to organizations of all
to work.
sizes, enabling them to improve their own service
provision. I wish you every success in your service
management journey.
Having progressed a service from strategy to
design through transition and then into live
operation, where do we go then? Continual service Frances Scarff
improvement (CSI) is the answer.
Head of Best Management Practice
One of the cornerstones of the ITIL service lifecycle Cabinet Office
is that we should always strive to improve, as to
do otherwise leads to standing still, potentially
followed by stagnation and ultimately death.
Improvements can be a reduction in weaknesses or
an enhancement of strengths, as well as adopting
new approaches to existing activities. ITIL Continual
Service Improvement offers guidance on ways to
measure, review and act to identify and adopt
improvements in service provision. If you have not
started your IT service management journey then
you may find that this publication is a good place
to start, as you can use it to identify those areas
where your organization will most benefit from
applying service management practices.
The principles contained within ITIL Continual
Service Improvement have been proven countless
times in the real world. We encourage feedback
from business and the ITSM community, as well
as other experts in the field, to ensure that ITIL
remains relevant. This practice of continual service
improvement is one of the cornerstones of the ITIL
framework and the fruits of this labour are here
before you in this updated edition.

Preface
Learning is not compulsory neither is survival. Contact information

W Edwards Deming Full details of the range of material published
under the ITIL banner can be found at:
This is the fifth book in the series of five ITIL core www.best-management-practice.com/IT-Service-
publications containing advice and guidance Management-ITIL/
around the activities and processes associated with
the five stages of the service lifecycle. The primary If you would like to inform us of any changes that
purpose of the continual service improvement may be required to this publication, please log
stage of the service lifecycle is to learn from them at:
experience and to apply that learning in order to www.best-management-practice.com/changelog/
continually improve the quality of IT services and
to optimize costs. For further information on qualifications and
training accreditation, please visit
Continual service improvement must permeate
and become woven into every stage of the www.itil-officialsite.com
service lifecycle and into every process, function, Alternatively, please contact:
activity, tool, supplier and member of staff. This
APM Group The Accreditor Service Desk
will involve the establishment of appropriate
Sword House
monitoring, measurement, analysis, reporting and
Totteridge Road
implementation of corrective actions to ensure
High Wycombe
that the IT services being provided, as well as
Buckinghamshire
the processes, tools and suppliers who deliver
HP13 6DG
and operate them, remain fit for purpose or are
UK
updated as required. It should also ensure that the
overall IT strategy itself remains robust, and that Tel: +44 (0) 1494 458948
the knowledge, skills, qualifications and experience Email: servicedesk@apmgroupltd.com
of IT staff are updated and maintained as required.
Continual service improvement is cyclical in nature;
there are periods of stability followed by more
improvements, then a new level of stability is
followed by more improvements and so on.
ITIL Continual Service Improvement gives practical
guidance on how to assess the overall health
and maturity of an organizations IT service
management capabilities, and explains how
continual service improvement is closely akin
to quality management. Both are aligned to a
Plan-Do-Check-Act cycle, so should be used in
conjunction to achieve ongoing service quality to
continually meet required business outcomes.

Acknowledgements
2011 EDITION For a full list of acknowledgements of the ATO

sub-group at the time of publication, please
Authors and mentors visit: www.itil-officialsite.com/Publications/
Vernon Lloyd (Fox IT) Author PublicationAcknowledgements.aspx
David Wheeldon Wider team

(David Wheeldon IT Service Management)
Mentor Change advisory board
Shirley Lacy (ConnectSphere) Project mentor The change advisory board (CAB) spent
considerable time and effort reviewing all the
Ashley Hanna (HP) Technical continuity editor comments submitted through the change control
log and their hard work was essential to this
Other members of the ITIL authoring project. Members of the CAB involved in this
team review included:
Thanks are due to the authors and mentors who
David Cannon, Emily Egle, David Favelle, Ashley
have worked on all the publications in the lifecycle
Hanna, Kevin Holland, Stuart Rance, Frances Scarff
suite and contributed to the content in this
and Sharon Taylor.
publication and consistency across the suite.
They are: Once authors and mentors were selected for the
2011 update, a revised CAB was appointed and
David Cannon (HP), Lou Hunnebeck (Third Sky),
now includes:
Anthony T. Orr (BMC Software), Stuart Rance (HP),
Colin Rudd (IT Enterprise Management Services Emily Egle, David Favelle, Phil Hearsum, Kevin
Ltd (ITEMS)) and Randy Steinberg (Migration Holland and Frances Scarff.
Technologies Inc.).
Reviewers
Project governance Claire Agutter, IT Training Zone; Deborah L.
Members of the project governance team included: Anthony, HP; Nancy Arellano, Tata Consultancy
Services; Ernest R. Brewster, Independent; David
Jessica Barry, APM Group, project assurance
M. Brink, Solutions3; Jeroen Bronkhorst, HP; Tony
(examinations); Marianna Billington, itSMFI, senior
Brough, DHL Supply Chain; Janaki Chakravarthy,
user; Emily Egle, TSO, team manager; Janine
Independent; Christiane Chung Ah Pong, NCS
Eves, TSO, senior supplier; Phil Hearsum, Cabinet
Pte Ltd, Singapore; Federico Corradi, Cogitek;
Office, project assurance (quality); Tony Jackson,
Jenny Dugmore, Service Matters; Frank Eggert,
TSO, project manager; Paul Martini, itSMFI, senior
MATERNA GmbH; David Favelle, UXC Consulting/
user; Richard Pharro, APM Group, senior supplier;
Lucid IT; Ryan Fraser, HP; Jenni Garvie; John Groom,
Frances Scarff, Cabinet Office, project executive;
WestGroom Consulting; Jabe Hickey, IBM; Kevin
Rob Stroud, itSMFI, senior user; Sharon Taylor,
Holland, NHS Connecting for Health; Kai Holthaus,
Aspect Group Inc., adviser to the project board
Third Sky; Steve Ingall, iCore-ltd; Brad Laatsch,
(technical) and the ATO sub-group, and adviser to
HP; Chandrika Labru, Tata Consultancy Services;
the project board (training).
Reginald Lo, Third Sky; Brian McCabe, Hitachi
For more information on the ATO sub-group see: Consulting; Jane McNamara, Lilliard Associates
Ltd; Judit Pongracz, ITeal Consulting; Murali
www.itil-officialsite.com/News/
Ramakrishnan, Process-Symphony; Daniel Ramalho,
ATOSubGroupAppointed.aspx
Unilever Global IT Services; Devang Raval, Quint
Wellington Redwood; Noel Scott, Symantec; Moira
Shaw, Steria; Arun Simha, L-3 Communications
CSI_Prelims.indd 10 09/07/2011 09:46

Acknowledgements | xi
STRATIS; Helen Sussex, Logica; J.R. Tietsort, Micron

Technology; Ken Turbitt, Service Management
Consultancy (SMCG) Ltd; A.D. Williams, Cornell
University; Neil Wilson, The Grey Matters
Education Ltd
2007 EDITION
Chief architect and authors

Thanks are still due to those who contributed to
the 2007 edition of Continual Service Improvement,
upon which this updated edition is based.
Sharon Taylor (Aspect Group Inc) Chief architect
Gary Case (Pink Elephant) Author
George Spalding (Pink Elephant) Author
All names and organizations were correct at
publication in 2007.
For a full list of all those who contributed to the
2007 and 2011 editions of Service Strategy, Service
Design, Service Transition, Service Operation and
Continual Service Improvement, please go to
www.itil-officialsite.com/Publications/
PublicationAcknowledgements.aspx
CSI_Prelims.indd 11 09/07/2011 09:46

CSI_Prelims.indd 12 09/07/2011 09:46
CSI_Chapter_01.indd 1
Introduction 1
09/07/2011 09:48
CSI_Chapter_01.indd 2 09/07/2011 09:48
| 3
1Introduction
ITIL is part of a suite of best-practice publications key principles, required processes and activities,
for IT service management (ITSM).1 ITIL provides organization and roles, technology, associated
guidance to service providers on the provision of challenges, critical success factors and risks. The
quality IT services, and on the processes, functions service lifecycle uses a hub-and-spoke design, with
and other capabilities needed to support them. service strategy at the hub, and service design,
ITIL is used by many hundreds of organizations transition and operation as the revolving lifecycle
around the world and offers best-practice guidance stages or spokes. Continual service improvement
applicable to all types of organization that (CSI) surrounds and supports all stages of the
provide services. ITIL is not a standard that has to service lifecycle. Each stage of the lifecycle exerts
be followed; it is guidance that should be read influence on the others and relies on them for
and understood, and used to create value for the inputs and feedback. In this way, a constant set
service provider and its customers. Organizations of checks and balances throughout the service
are encouraged to adopt ITIL best practices and to lifecycle ensures that as business demand changes
adapt them to work in their specific environments with business need, the services can adapt and
in ways that meet their needs. respond effectively.
ITIL is the most widely recognized framework for In addition to the core publications, there is also a
ITSM in the world. In the 20 years since it was complementary set of ITIL publications providing
created, ITIL has evolved and changed its breadth guidance specific to industry sectors, organization
and depth as technologies and business practices types, operating models and technology
have developed. ISO/IEC 20000 provides a formal architectures.
and universal standard for organizations seeking to
have their service management capabilities audited
1.1 OVERVIEW
and certified. While ISO/IEC 20000 is a standard to
be achieved and maintained, ITIL offers a body of ITIL Continual Service Improvement provides best-
knowledge useful for achieving the standard. practice guidance for the CSI stage of the ITIL
service lifecycle. Although this publication can be
In 2007, the second major refresh of ITIL was
published in response to significant advancements
in technology and emerging challenges for IT
service providers. New models and architectures Continual
such as outsourcing, shared services, utility service
improvement
computing, cloud computing, virtualization, web Service
transition
services and mobile commerce have become
widespread within IT. The process-based approach
of ITIL was augmented with the service lifecycle
to address these additional service management
challenges. In 2011, as part of its commitment Service
strategy
to continual improvement, the Cabinet Office
published this update to improve consistency across Service
design Service
the core publications. operation
The ITIL framework is based on the five stages

of the service lifecycle as shown in Figure 1.1,
with a core publication providing best-practice
guidance for each stage. This guidance includes
ITSM and other concepts from this chapter are described in

1
more detail in Chapter 2. Figure 1.1 The ITIL service lifecycle
CSI_Chapter_01.indd 3 09/07/2011 09:48

4 | Introduction
read in isolation, it is recommended that it is used n Ensure applicable quality management methods
in conjunction with the other core ITIL publications. are used to support continual improvement
activities
1.1.1 Purpose and objectives of CSI n Ensure that processes have clearly defined
The purpose of the CSI stage of the lifecycle is objectives and measurements that lead to
to align IT services with changing business needs actionable improvements
by identifying and implementing improvements n Understand what to measure, why it is being
to IT services that support business processes. measured and what the successful outcome
These improvement activities support the lifecycle should be.
approach through service strategy, service
design, service transition and service operation. 1.1.2 Scope
CSI is always seeking ways to improve service ITIL Continual Service Improvement provides
effectiveness, process effectiveness and cost guidance in four main areas:
effectiveness.
n The overall health of ITSM as a discipline
In order to identify improvement opportunities,
n The continual alignment of the service portfolio
the measurement of current performance is an
with the current and future business needs
important factor. Consider the following sayings
n The maturity and capability of the organization,
about measurements and management:
management, processes and people utilized by
You cannot manage what you cannot control. the services
You cannot control what you cannot measure. n Continual improvement of all aspects of the IT
service and the service assets that support them.
You cannot measure what you cannot define.
To implement CSI successfully it is important to
If services and processes are not implemented,
understand the different activities that need to be
managed and supported using clearly defined
applied. The following activities support CSI:
goals, objectives and relevant measurements that
lead to actionable improvements, the business will n Reviewing management information and trends
suffer. Depending upon the criticality of a specific to ensure that services are meeting agreed
IT service to the business, the organization could service levels
lose productive hours, experience higher costs, n Reviewing management information and trends
suffer loss of reputation or, perhaps, even risk to ensure that the output of the enabling
business failure. Ultimately it could also lead to processes are achieving the desired results
loss of customer business. That is why it is critically n Periodically conducting maturity assessments
important to understand what to measure, why against the process activities and associated
it is being measured and what the successful roles to demonstrate areas of improvement or,
outcome should be. conversely, areas of concern
The objectives of CSI are to: n Periodically conducting internal audits verifying
employee and process compliance
n Review, analyse, prioritize and make
n Reviewing existing deliverables for
recommendations on improvement
appropriateness
opportunities in each lifecycle stage: service
strategy, service design, service transition, n Periodically proposing recommendations for
service operation and CSI itself improvement opportunities
n Review and analyse service level achievement n Periodically conducting customer satisfaction
surveys
n Identify and implement specific activities to
improve IT service quality and improve the n Reviewing business trends and changed
efficiency and effectiveness of the enabling priorities, and keeping abreast of business
processes projections
n Improve cost effectiveness of delivering IT n Conducting external and internal service reviews
services without sacrificing customer satisfaction to identify CSI opportunities
CSI_Chapter_01.indd 4 09/07/2011 09:48

Introduction | 5
n Measuring and identifying the value created by Adopting and implementing standard and
CSI improvements. consistent approaches for CSI will:
These activities do not happen automatically. They n Lead to a gradual and continual improvement in
must be owned by individuals within the service service quality, where justified
provider organization who are empowered to n Ensure that IT services remain continuously
make things happen. They must also be planned aligned to business requirements
and scheduled on an ongoing basis. By default, n Result in gradual improvements in cost
improvement becomes a process within ITSM effectiveness through a reduction in costs and/
with defined activities, inputs, outputs, roles or the capability to handle more work at the
and reporting levels. CSI must ensure that ITSM same cost
processes are developed and deployed in support n Use monitoring and reporting to identify
of an end-to-end service management approach opportunities for improvement in all lifecycle
to business customers. It is essential to develop an stages and in all processes
ongoing continual improvement strategy for each n Identify opportunities for improvements
of the processes as well as for the services that they in organizational structures, resourcing
support. capabilities, partners, technology, staff skills and
The deliverables of CSI must be reviewed on an training, and communications.
ongoing basis to verify completeness, functionality
and feasibility, and to ensure that they remain 1.1.5 Target audience
relevant and do not become stale and unusable. ITIL Continual Service Improvement is relevant
It is also important to ensure that monitoring of to organizations involved in the development,
quality indicators and metrics will identify areas for delivery or support of services, including:
process improvement.
n Service providers, both internal and external
Since any improvement initiative will more than n Organizations that aim to improve services
likely necessitate changes, specific improvements through the effective application of service
will need to follow the defined change management and service lifecycle processes to
management process. improve their service quality
n Organizations that require a consistent
1.1.3 Usage managed approach across all service providers in
ITIL Continual Service Improvement provides access a supply chain or value network
to proven best practice based on the skill and n Organizations that are going out to tender for
knowledge of experienced industry practitioners their services.
in adopting a standardized and controlled
approach to service management. Although this In addition, ITIL Continual Service Improvement
publication can be used and applied in isolation, it is relevant to any professional involved in the
is recommended that it is used in conjunction with management of services, particularly:
the other core ITIL publications. All of the core n IT architects
publications need to be read to fully appreciate n IT managers and practitioners
and understand the overall lifecycle of services and
n CSI managers
IT service management.
n Process owners
1.1.4 Value to business n IT service owners
n Business relationship managers
Selecting and adopting the best practice as
recommended in this publication will assist n Any practitioner looking to improve their way
organizations in delivering significant benefits. of working and ultimately reduce costs.
It will help readers to set up CSI and the process
that supports it, and to make effective use of the
process to facilitate the effective improvement of
service quality.
CSI_Chapter_01.indd 5 11/07/2011 15:55

6 | Introduction
1.2 CONTEXT guidelines and processes across the ITIL service

lifecycle.
The context of this publication is the ITIL service
lifecycle as shown in Figure 1.1. Topics covered in ITIL Service Strategy include the
development of market spaces, characteristics
The ITIL core consists of five lifecycle publications.
of internal and external provider types, service
Each provides part of the guidance necessary for
assets, the service portfolio and implementation
an integrated approach as required by the ISO/IEC
of strategy through the service lifecycle. Business
20000 standard specification. The five publications
relationship management, demand management,
are:
financial management, organizational
n ITIL Service Strategy development and strategic risks are among the
n ITIL Service Design other major topics.
n ITIL Service Transition Organizations should use ITIL Service Strategy to
n ITIL Service Operation set objectives and expectations of performance
n ITIL Continual Service Improvement towards serving customers and market
spaces, and to identify, select and prioritize
Each one addresses capabilities having direct
opportunities. Service strategy is about ensuring
impact on a service providers performance. The
that organizations are in a position to handle
core is expected to provide structure, stability and
the costs and risks associated with their service
strength to service management capabilities, with
portfolios, and are set up not just for operational
durable principles, methods and tools. This serves
effectiveness but for distinctive performance.
to protect investments and provide the necessary
basis for measurement, learning and improvement. Organizations already practising ITIL can use ITIL
The introductory guide, Introduction to the ITIL Service Strategy to guide a strategic review of their
Service Lifecycle, provides an overview of the ITIL-based service management capabilities and to
lifecycle stages described in the ITIL core. improve the alignment between those capabilities
and their business strategies. ITIL Service Strategy
ITIL guidance can be adapted to support various
will encourage readers to stop and think about why
business environments and organizational
something is to be done before thinking of how.
strategies. Complementary ITIL publications
provide flexibility to implement the core in a
1.2.2 Service design
diverse range of environments. Practitioners can
select complementary publications as needed For services to provide true value to the business,
to provide traction for the ITIL core in a given they must be designed with the business objectives
context, in much the same way as tyres are selected in mind. Design encompasses the whole IT
based on the type of vehicle, purpose and road organization, for it is the organization as a whole
conditions. This is to increase the durability and that delivers and supports the services. Service
portability of knowledge assets and to protect design is the stage in the lifecycle that turns a
investments in service management capabilities. service strategy into a plan for delivering the
business objectives.
1.2.1 Service strategy ITIL Service Design provides guidance for the
At the centre of the service lifecycle is service design and development of services and service
strategy. Value creation begins here with management practices. It covers design principles
understanding organizational objectives and and methods for converting strategic objectives
customer needs. Every organizational asset into portfolios of services and service assets.
including people, processes and products should The scope of ITIL Service Design is not limited
support the strategy. to new services. It includes the changes and
improvements necessary to increase or maintain
ITIL Service Strategy provides guidance on how
value to customers over the lifecycle of services, the
to view service management not only as an
continuity of services, achievement of service levels,
organizational capability but as a strategic asset.
and conformance to standards and regulations. It
It describes the principles underpinning the
guides organizations on how to develop design
practice of service management which are useful
capabilities for service management.
for developing service management policies,
CSI_Chapter_01.indd 6 09/07/2011 09:48

Introduction | 7
Other topics in ITIL Service Design include design service levels. Organizations are provided with
coordination, service catalogue management, detailed process guidelines, methods and tools for
service level management, availability use in two major control perspectives: reactive and
management, capacity management, IT service proactive. Managers and practitioners are provided
continuity management, information security with knowledge allowing them to make better
management and supplier management. decisions in areas such as managing the availability
of services, controlling demand, optimizing
1.2.3 Service transition capacity utilization, scheduling of operations,
ITIL Service Transition provides guidance for the and avoiding or resolving service incidents and
development and improvement of capabilities managing problems. New models and architectures
for introducing new and changed services into such as shared services, utility computing, web
supported environments. It describes how to services and mobile commerce to support service
transition an organization from one state to operation are described.
another while controlling risk and supporting Other topics in ITIL Service Operation include event
organizational knowledge for decision support. It management, incident management, request
ensures that the value(s) identified in the service fulfilment, problem management and access
strategy, and encoded in service design, are management processes; as well as the service desk,
effectively transitioned so that they can be realized technical management, IT operations management
in service operation. and application management functions.
ITIL Service Transition describes best practice
in transition planning and support, change 1.2.5 Continual service improvement
management, service asset and configuration ITIL Continual Service Improvement (this
management, release and deployment publication) provides guidance on creating and
management, service validation and testing, maintaining value for customers through better
change evaluation and knowledge management. strategy, design, transition and operation of
It provides guidance on managing the complexity services. It combines principles, practices and
related to changes to services and service methods from quality management, change
management processes, preventing undesired management and capability improvement.
consequences while allowing for innovation.
ITIL Continual Service Improvement describes
ITIL Service Transition also introduces the service best practice for achieving incremental and large-
knowledge management system, which can scale improvements in service quality, operational
support organizational learning and help to efficiency and business continuity, and for ensuring
improve the overall efficiency and effectiveness that the service portfolio continues to be aligned
of all stages of the service lifecycle. This will to business needs. Guidance is provided for linking
enable people to benefit from the knowledge and improvement efforts and outcomes with service
experience of others, support informed decision- strategy, design, transition and operation. A closed
making, and improve the management of services. loop feedback system, based on the Plan-Do-Check-
Act (PDCA) cycle, is established. Feedback from any
1.2.4 Service operation stage of the service lifecycle can be used to identify
ITIL Service Operation describes best practice for improvement opportunities for any other stage of
managing services in supported environments. It the lifecycle.
includes guidance on achieving effectiveness and Other topics in ITIL Continual Service Improvement
efficiency in the delivery and support of services to include service measurement, demonstrating value
ensure value for the customer, the users and the with metrics, developing baselines and maturity
service provider. assessments.
Strategic objectives are ultimately realized through
service operation, therefore making it a critical
capability. ITIL Service Operation provides guidance
on how to maintain stability in service operation,
allowing for changes in design, scale, scope and
CSI_Chapter_01.indd 7 09/07/2011 09:48

8 | Introduction
1.3 ITIL IN RELATION TO OTHER possible. It will help organizations to put in

PUBLICATIONS IN THE BEST place effective methods to deliver enhanced
value across their portfolio, programmes,
MANAGEMENT PRACTICE PORTFOLIO
projects and operational activities to meet
ITIL is part of a portfolio of best-practice the challenges of ever-more competitive and
publications (known collectively as Best resource-constrained environments.
Management Practice or BMP) aimed at helping Office of Government Commerce (2010).
organizations and individuals manage projects, Management of Value. TSO, London.
programmes and services consistently and
effectively (see Figure 1.2). ITIL can be used n Managing Successful Programmes (MSP)
in harmony with other BMP products, and MSP provides a framework to enable the
international or internal organization standards. achievement of high-quality change outcomes
Where appropriate, BMP guidance is supported by and benefits that fundamentally affect the way
a qualification scheme and accredited training and in which organizations work. One of the core
consultancy services. All BMP guidance is intended themes in MSP is that a programme must add
to be tailored for use by individual organizations. more value than that provided by the sum of its
constituent project and major activities.
BMP publications include: Cabinet Office (2011). Managing Successful
n Management of Portfolios (MoP)Portfolio Programmes. TSO, London.
management concerns the twin issues of how n Managing Successful Projects with PRINCE2
to do the right projects and programmes in PRINCE2 (PRojects IN Controlled Environments,
the context of the organization's strategic V2) is a structured method to help effective
objectives, and how to do them correctly in project management via clearly defined
terms of achieving delivery and benefits at a products. Key themes that feature throughout
collective level. MoP encompasses consideration PRINCE2 are the dependence on a viable
of the principles upon which effective portfolio business case confirming the delivery of
management is based; the key practices in measurable benefits that are aligned to an
the portfolio definition and delivery cycles, organizations objectives and strategy, while
including examples of how they have been ensuring the management of risks, costs and
applied in real life; and guidance on how to quality.
implement portfolio management and sustain
Office of Government Commerce (2009).
progress in a wide variety of organizations
Managing Successful Projects with PRINCE2.
Office of Government Commerce (2011). TSO, London.
Management of Portfolios. TSO, London.
n Portfolio, Programme and Project Offices (P3O)
n Management of Risk (M_o_R)M_o_R P3O provides universally applicable guidance,
offers an effective framework for taking including principles, processes and techniques,
informed decisions about the risks that affect to successfully establish, develop and maintain
performance objectives. The framework appropriate support structures. These structures
allows organizations to assess risk accurately will facilitate delivery of business objectives
(selecting the correct responses to threats and (portfolios), programmes and projects within
opportunities created by uncertainty) and time, cost, quality and other organizational
thereby improve their service delivery. constraints.
Office of Government Commerce (2010). Office of Government Commerce (2008).
Management of Risk: Guidance for Practitioners. Portfolio, Programme and Project Offices. TSO,
TSO, London. London.
n Management of Value (MoV) MoV provides
a cross-sector and universally applicable guide 1.4 WHY IS ITIL SO SUCCESSFUL?
on how to maximize value in a way that takes ITIL embraces a practical approach to service
account of organizations priorities, differing management do what works. And what works
stakeholders needs and, at the same time, is adapting a common framework of practices
uses resources as efficiently and effectively as that unite all areas of IT service provision towards
CSI_Chapter_01.indd 8 09/07/2011 09:48

Introduction | 9
Glossary
Guidance
Models
Management Management Portfolio,

Portfolio, of Risk of Value Programme ITIL
Programme (M_o_R) (MoV) and Project
and Project Offices
Management (P3O)
Maturity
Model
(P3M3)
Portfolio management (MoP)
PRINCE2
Maturity Programme management (MSP)
Model
(P2MM)
Project management (PRINCE2)
Figure 1.2 ITILs relationship with other Best Management Practice guides
a single aim that of delivering value to the investment and sustained success. ITIL is adopted
business. The following list defines the key by organizations to enable them to:
characteristics of ITIL that contribute to its global
n Deliver value for customers through services
success:
n Integrate the strategy for services with the
n Vendor-neutral ITIL service management business strategy and customer needs
practices are applicable in any IT organization n Measure, monitor and optimize IT services and
because they are not based on any particular service provider performance
technology platform or industry type. ITIL is n Manage the IT investment and budget
owned by the UK government and is not tied to
n Manage risk
any commercial proprietary practice or solution.
n Manage knowledge
n Non-prescriptive ITIL offers robust, mature and
n Manage capabilities and resources to deliver
time-tested practices that have applicability to
services effectively and efficiently
all types of service organization. It continues
to be useful and relevant in public and private n Enable adoption of a standard approach to
sectors, internal and external service providers, service management across the enterprise
small, medium and large enterprises, and within n Change the organizational culture to support
any technical environment. Organizations the achievement of sustained success
should adopt ITIL and adapt it to meet n Improve the interaction and relationship with
the needs of the IT organization and their customers
customers. n Coordinate the delivery of goods and services
n Best practice ITIL represents the learning across the value network
experiences and thought leadership of the n Optimize and reduce costs.
worlds best-in-class service providers.
ITIL is successful because it describes practices that

enable organizations to deliver benefits, return on
CSI_Chapter_01.indd 9 09/07/2011 09:48

10 | Introduction
1.5 CHAPTER SUMMARY n Chapter 7 Technology considerations

ITIL service management practices gain
ITIL Continual Service Improvement comprises:
momentum when the right type of technical
n Chapter 2 Service management as a practice automation is applied. This chapter provides
This chapter explains the concepts of service recommendations for the use of technology
management and services, and describes in CSI and the basic requirements a service
how these can be used to create value. It also provider will need to consider when choosing
summarizes a number of generic ITIL concepts service management tools.
that the rest of the publication depends on.
n Chapter 8 Implementing continual service
n Chapter 3 Continual service improvement improvement
principles For organizations new to ITIL, or those
This chapter describes some of the key principles wishing to improve their maturity and service
of CSI that will enable service providers to capability, this chapter outlines effective ways to
plan and implement best practice in CSI. These implement the CSI lifecycle stage.
principles are the same irrespective of the
n Chapter 9 Challenges, risks and critical success
organization; however, the approach may
factors
need to be tailored to circumstances, including
It is important for any organization to
the size of the organization, geographic
understand the challenges, risks and critical
distribution, culture and available resources. It
success factors that could influence their success.
concludes with a table showing the major inputs
This chapter discusses typical examples of these
and outputs for the CSI lifecycle stage.
for the CSI lifecycle stage.
n Chapter 4 Continual service improvement
n Appendix A Related guidance
processes
This contains a list of some of the many external
Chapter 4 sets out the processes and activities
methods, practices and frameworks that align
on which effective CSI depends and how they
well with ITIL best practice. Notes are provided
integrate with the other stages of the lifecycle.
on how they integrate into the ITIL service
n Chapter 5 Continual service improvement lifecycle, and when and how they are useful.
methods and techniques
n Appendix B Example of a continual service
Chapter 5 explores the various methods and
improvement register
techniques for continual improvement. It looks
This appendix provides an example of a CSI
at ways of assessing organizations and explores
register.
benchmarking, the balanced scorecard, the
PDCA cycle, and service measurement and n Appendix C Risk assessment and management
reporting. This appendix contains basic information about
n Chapter 6 Organizing for continual service several commonly used approaches to the
improvement assessment and management of risk.
This chapter identifies the organizational roles n Appendix D Examples of inputs and outputs
and responsibilities that should be considered across the service lifecycle
to manage the CSI lifecycle stage and its related This appendix identifies some of the major
process. These roles are provided as guidelines inputs and outputs between each stage of the
and can be combined to fit into a variety of service lifecycle.
organization structures.
n Abbreviations and glossary
This contains a list of abbreviations and a
selected glossary of terms.
CSI_Chapter_01.indd 10 09/07/2011 09:48

Service management
as a practice 2
09/07/2011 09:53
CSI_Chapter_02.indd 2 09/07/2011 09:53
| 13
2 Service management as a practice
2.1 SERVICES AND SERVICE Customers seek outcomes but do not wish to have
MANAGEMENT accountability or ownership of all the associated
costs and risks. All services must have a budget
2.1.1 Services when they go live and this must be managed.
The service cost is reflected in financial terms
Services are a means of delivering value to
such as return on investment (ROI) and total cost
customers by facilitating the outcomes customers
of ownership (TCO). The customer will only be
want to achieve without the ownership of specific
exposed to the overall cost or price of a service,
costs and risks. Services facilitate outcomes by
which will include all the providers costs and risk
enhancing the performance of associated tasks and
mitigation measures (and any profit margin if
reducing the effect of constraints. These constraints
appropriate). The customer can then judge the
may include regulation, lack of funding or capacity,
value of a service based on a comparison of cost or
or technology limitations. The end result is an
price and reliability with the desired outcome.
increase in the probability of desired outcomes.
While some services enhance performance of tasks, Definitions
others have a more direct impact they perform
Service: A means of delivering value to customers
the task itself.
by facilitating outcomes customers want to
The preceding paragraph is not just a definition, achieve without the ownership of specific costs
as it is a recurring pattern found in a wide range and risks.
of services. Patterns are useful for managing
IT service: A service provided by an IT service
complexity, costs, flexibility and variety. They
provider. An IT service is made up of a
are generic structures useful to make an idea
combination of information technology, people
applicable in a wide range of environments and
and processes. A customer-facing IT service
situations. In each instance the pattern is applied
directly supports the business processes of one
with variations that make the idea effective,
or more customers and its service level targets
economical or simply useful in that particular case.
should be defined in a service level agreement.
Definition: outcome Other IT services, called supporting services, are
not directly used by the business but are required
The result of carrying out an activity, following a
by the service provider to deliver customer-facing
process, or delivering an IT service etc. The term
services.
is used to refer to intended results, as well as to
actual results. Customer satisfaction is also important. Customers
need to be satisfied with the level of service and
An outcome-based definition of service moves
feel confident in the ability of the service provider
IT organizations beyond businessIT alignment
to continue providing that level of service or
towards businessIT integration. Internal dialogue
even improving it over time. The difficulty is that
and discussion on the meaning of services is
customer expectations keep shifting, and a service
an elementary step towards alignment and
provider that does not track this will soon find
integration with a customers business (Figure 2.1).
itself losing business. ITIL Service Strategy is helpful
Customer outcomes become the ultimate concern
in understanding how this happens, and how a
of business relationship managers instead of the
service provider can adapt its services to meet the
gathering of requirements, which is necessary
changing customer environment.
but not sufficient. Requirements are generated
for internal coordination and control only after Services can be discussed in terms of how they
customer outcomes are well understood. relate to one another and their customers, and can
be classified as core, enabling or enhancing.
CSI_Chapter_02.indd 3 09/07/2011 09:53

14 | Service management as a practice
I must ask, do you I believe services are a means of delivering value by

have a definition facilitating outcomes customers want to achieve
for services? without the ownership of specific costs and risks.
What would that mean

in operational terms? Well, services facilitate outcomes by
Give me a few handles. having a positive effect on activities,
objects and tasks, to create conditions for
better performance. As a result, the
probability of desired outcomes is higher.
But without the ownership of
costs and risks? Customers
cannot wish them away.
No, they cannot, but what they can do is
Manager Manager let the provider take ownership. Thats
Aha! Because the provider is (Operations) (Strategy) really why it is a service. If customers
specialized with capabilities for manage it all by themselves, they
dealing with those costs and risks. wouldnt need a service, would they?
Yes, and also because the customer

(A casual conversation would rather specialize in those outcomes.
at the water cooler)
And also because the provider can

Lets write a book on
potentially spread those costs and
service management!
risks across more than one customer.
Figure 2.1 Conversation about the definition and meaning of services
Core services deliver the basic outcomes desired complex. They consist of a range of deliverables
by one or more customers. They represent the and functionality. If each individual aspect of these
value that the customer wants and for which they complex services were defined independently, the
are willing to pay. Core services anchor the value service provider would soon find it impossible to
proposition for the customer and provide the basis track and record all services.
for their continued utilization and satisfaction. Most service providers will follow a strategy where
Enabling services are services that are needed in they can deliver a set of more generic services
order for a core service to be delivered. Enabling to a broad range of customers, thus achieving
services may or may not be visible to the customer, economies of scale and competing on the basis
but the customer does not perceive them as of price and a certain amount of flexibility. One
services in their own right. They are basic factors way of achieving this is by using service packages.
which enable the customer to receive the real A service package is a collection of two or more
(core) service. services that have been combined to offer a
solution to a specific type of customer need or
Enhancing services are services that are added to a to underpin specific business outcomes. A service
core service to make it more exciting or enticing to package can consist of a combination of core
the customer. Enhancing services are not essential services, enabling services and enhancing services.
to the delivery of a core service, and are added to
Where a service or service package needs to be
a core service as excitement factors, which will
differentiated for different types of customer,
encourage customers to use the core service more
one or more components of the package can be
(or to choose the core service provided by one
changed, or offered at different levels of utility and
company over those of its competitors).
warranty, to create service options. These different
Services may be as simple as allowing a user to service options can then be offered to customers
complete a single transaction, but most services are and are sometimes called service level packages.
CSI_Chapter_02.indd 4 09/07/2011 09:53

Service management as a practice | 15
2.1.2 Service management materials or own the companies that produced

When we turn on a water tap, we expect to see them (Magretta, 2002).2
water flow from it. When we turn on a light Service management capabilities are similarly
switch, we expect to see light fill the room. Not so influenced by the following challenges that
many years ago, these very basic things were not distinguish services from other systems of value
as reliable as they are today. We know instinctively creation, such as manufacturing, mining and
that the advances in technology have made them agriculture:
reliable enough to be considered a utility. But it
n Intangible nature of the output and intermediate
isnt just the technology that makes the services
products of service processes: they are difficult to
reliable. It is how they are managed.
measure, control and validate (or prove)
The use of IT today has become the utility of n Demand is tightly coupled with the customers
business. Business today wants IT services that assets: users and other customer assets such
behave like other utilities such as water, electricity as processes, applications, documents and
or the telephone. Simply having the best transactions arrive with demand and stimulate
technology will not ensure that IT provides utility- service production
like reliability. Professional, responsive, value- n High level of contact for producers and
driven service management is what brings this consumers of services: there is little or no buffer
quality of service to the business. between the service providers creation of the
Service management is a set of specialized service and the customers consumption of that
organizational capabilities for providing value to service
customers in the form of services. The more mature n The perishable nature of service output and
a service providers capabilities are, the greater is service capacity: there is value for the customer
their ability to consistently produce quality services from assurance on the continued supply of
that meet the needs of the customer in a timely consistent quality. Providers need to secure a
and cost-effective manner. The act of transforming steady supply of demand from customers.
capabilities and resources into valuable services is
Service management is more than just a set
at the core of service management. Without these
of capabilities. It is also a professional practice
capabilities, a service organization is merely a
supported by an extensive body of knowledge,
bundle of resources that by itself has relatively low
experience and skills. A global community of
intrinsic value for customers.
individuals and organizations in the public and
Definitions private sectors fosters its growth and maturity.
Formal schemes exist for the education, training
Service management: A set of specialized
and certification of practising organizations, and
organizational capabilities for providing value to
individuals influence its quality. Industry best
customers in the form of services.
practices, academic research and formal standards
Service provider: An organization supplying contribute to and draw from its intellectual capital.
services to one or more internal or external
The origins of service management are in
customers.
traditional service businesses such as airlines, banks,
Organizational capabilities are shaped by the hotels and phone companies. Its practice has grown
challenges they are expected to overcome. An with the adoption by IT organizations of a service-
example of this is provided by Toyota in the 1950s oriented approach to managing IT applications,
when it developed unique capabilities to overcome infrastructure and processes. Solutions to business
the challenge of smaller scale and financial capital problems and support for business models,
compared to its American rivals. Toyota developed strategies and operations are increasingly in the
new capabilities in production engineering, form of services. The popularity of shared services
operations management and managing suppliers and outsourcing has contributed to the increase in
to compensate for its inability to afford large the number of organizations that behave as service
inventories, make components, produce raw providers, including internal IT organizations. This
2 Magretta, J. (2002). What Management Is: How it Works and Why its
Everyones Business. The Free Press, New York
CSI_Chapter_02.indd 5 09/07/2011 09:53

in turn has strengthened the practice of service ITSM must be carried out effectively and efficiently.
management while at the same time imposed Managing IT from the business perspective enables
greater challenges. organizational high performance and value
creation.
2.1.3 IT service management A good relationship between an IT service provider
Information technology (IT) is a commonly used and its customers relies on the customer receiving
term that changes meaning depending on the an IT service that meets its needs, at an acceptable
different perspectives that a business organization level of performance and at a cost that the
or people may have of it. A key challenge is to customer can afford. The IT service provider needs
recognize and balance these perspectives when to work out how to achieve a balance between
communicating the value of IT service management these three areas, and communicate with the
(ITSM) and understanding the context for how the customer if there is anything which prevents it
business sees the IT organization. Some of these from being able to deliver the required IT service at
meanings are: the agreed level of performance or price.
n IT is a collection of systems, applications and A service level agreement (SLA) is used to document
infrastructures which are components or sub- agreements between an IT service provider
assemblies of a larger product. They enable or and a customer. An SLA describes the IT service,
are embedded in processes and services. documents service level targets, and specifies the
n IT is an organization with its own set of responsibilities of the IT service provider and the
capabilities and resources. IT organizations can customer. A single agreement may cover multiple IT
be of various types such as business functions, services or multiple customers.
shared services units and enterprise-level core
units. 2.1.4 Service providers
n IT is a category of services utilized by business. There are three main types of service provider.
The services are typically IT applications and While most aspects of service management apply
infrastructure that are packaged and offered equally to all types of service provider, other
by internal IT organizations or external service aspects such as customers, contracts, competition,
providers. IT costs are treated as business market spaces, revenue and strategy take on
expenses. different meanings depending on the specific type.
n IT is a category of business assets that provide a The three types are:
stream of benefits for their owners, including,
n Type I internal service provider An internal
but not limited to, revenue, income and profit.
service provider that is embedded within a
IT costs are treated as investments.
business unit. There may be several Type I
Every IT organization should act as a service service providers within an organization.
provider, using the principles of service n Type II shared services unit An internal
management to ensure that they deliver the service provider that provides shared IT services
outcomes required by their customers. to more than one business unit.
n Type III external service provider A service
Definitions
provider that provides IT services to external
IT service management (ITSM):The customers.
implementation and management of quality IT
services that meet the needs of the business. IT ITSM concepts are often described in the context
service management is performed by IT service of only one of these types and as if only one type
providers through an appropriate mix of people, of IT service provider exists or is used by a given
process and information technology. organization. In reality most organizations have
a combination of IT service providers. In a single
IT service provider: A service provider that organization it is possible that some IT units
provides IT services to internal or external are dedicated to a single business unit, others
customers. provide shared services, and yet others have
CSI_Chapter_02.indd 6 09/07/2011 09:53

been outsourced or depend on external service service provider. For example, the marketing
providers. department is an internal customer of the IT
organization because it uses IT services. The
Many IT organizations who traditionally provide
head of marketing and the chief information
services to internal customers find that they
officer both report to the chief executive officer.
are dealing directly with external users because
If IT charges for its services, the money paid is
of the online services that they provide. ITIL
an internal transaction in the organizations
Service Strategy provides guidance on how the IT
accounting system, not real revenue.
organization interacts with these users, and who
owns and manages the relationship with them. n External customers These are customers who
work for a different business from the IT service
2.1.5 Stakeholders in service management provider. External customers typically purchase
services from the service provider by means of a
Stakeholders have an interest in an organization,
legally binding contract or agreement.
project or service etc. and may be interested in
the activities, targets, resources or deliverables
from service management. Examples include
2.1.6 Utility and warranty
organizations, service providers, customers, The value of a service can be considered to be
consumers, users, partners, employees, the level to which that service meets a customers
shareholders, owners and suppliers. The term expectations. It is often measured by how much
organization is used to define a company, legal the customer is willing to pay for the service, rather
entity or other institution. It is also used to refer to than the cost to the service provider of providing
any entity that has people, resources and budgets the service or any other intrinsic attribute of the
for example, a project or business. service itself.
Within the service provider organization there Unlike products, services do not have much intrinsic
are many different stakeholders including the value. The value of a service comes from what it
functions, groups and teams that deliver the enables someone to do. The value of a service is
services. There are also many stakeholders external not determined by the provider, but by the person
to the service provider organization, for example: who receives it because they decide what they
will do with the service, and what type of return
n Customers Those who buy goods or services. they will achieve by using the service. Services
The customer of an IT service provider is the contribute value to an organization only when
person or group who defines and agrees the their value is perceived to be higher than the cost
service level targets. This term is also sometimes of obtaining the service.
used informally to mean user for example,
This is a customer-focused organization. From the customers perspective, value consists of
n Users Those who use the service on a day- achieving business objectives. The value of a service
to-day basis. Users are distinct from customers, is created by combining two primary elements:
as some customers do not use the IT service utility (fitness for purpose) and warranty (fitness for
directly. use). These two elements work together to achieve
the desired outcomes upon which the customer and
n Suppliers Third parties responsible for
the business base their perceptions of a service.
supplying goods or services that are required
to deliver IT services. Examples of suppliers Utility is the functionality offered by a product or
include commodity hardware and software service to meet a particular need. Utility can be
vendors, network and telecom providers, and summarized as what the service does and can
outsourcing organizations. be used to determine whether a service is able to
meet its required outcomes or is fit for purpose.
There is a difference between customers who work
Utility refers to those aspects of a service that
in the same organization as the IT service provider,
contribute to tasks associated with achieving
and customers who work for other organizations.
outcomes. For example, a service that enables a
They are distinguished as follows:
business unit to process orders should allow sales
n Internal customers These are customers people to access customer details, stock availability,
who work for the same business as the IT shipping information etc. Any aspect of the service
CSI_Chapter_02.indd 7 09/07/2011 09:53

that improves the ability of sales people to improve task from being performed adequately (or both).
the performance of the task of processing sales Warranty requires the service to be available,
orders would be considered utility. Utility can continuous and secure and to have sufficient
therefore represent any attribute of a service that capacity for the service to perform at the required
removes, or reduces the effect of, constraints on level. If the service is both fit for purpose and fit
the performance of a task. for use, it will create value.
Warranty is an assurance that a product or service It should be noted that the elements of warranty in
will meet its agreed requirements. This may be a Figure 2.2 are not exclusive. It is possible to define
formal agreement such as a service level agreement other components of warranty, such as usability,
or contract, or a marketing message or brand which refers to how easy it is for the user to access
image. Warranty refers to the ability of a service to and use the features of the service to achieve the
be available when needed, to provide the required desired outcomes.
capacity, and to provide the required reliability in The warranty aspect of the service needs to be
terms of continuity and security. Warranty can be designed at the same time as the utility aspect in
summarized as how the service is delivered, and order to deliver the required value to the business.
can be used to determine whether a service is fit Attempts to design warranty aspects after a
for use. For example, any aspect of the service that service has been deployed can be expensive and
increases the availability or speed of the service disruptive.
would be considered warranty. Warranty can
therefore represent any attribute of a service that Information about the desired business outcomes,
increases the potential of the business to be able opportunities, customers, utility and warranty of
to perform a task. Warranty refers to any means by the service is used to develop the definition of a
which utility is made available to the users. service. Using an outcome-based definition helps to
ensure that managers plan and execute all aspects
Utility is what the service does, and warranty is of service management from the perspective of
how it is delivered. what is valuable to the customer.
Customers cannot benefit from something that is
fit for purpose but not fit for use, and vice versa. 2.1.7 Best practices in the public domain
The value of a service is therefore only delivered Organizations benchmark themselves against peers
when both utility and warranty are designed and seek to close gaps in capabilities. This enables
and delivered. Figure 2.2 illustrates the logic that them to become more competitive by improving
a service has to have both utility and warranty their ability to deliver quality services that meet
to create value. Utility is used to improve the the needs of their customers at a price their
performance of the tasks required to achieve an customers can afford. One way to close such gaps is
outcome, or to remove constraints that prevent the the adoption of best practices in wide industry use.
UTILITY
Performance supported? T/F

OR
Constraints removed? Fit for
purpose?
AND Value created

Available enough? T/F
Fit for use?
Capacity enough?
AND
Continuous enough? T/F
T: True
Secure enough? F: False
WARRANTY
Figure 2.2 Logic of value creation through services
CSI_Chapter_02.indd 8 09/07/2011 09:53

There are several sources for best practice including n Owners of proprietary knowledge expect to
public frameworks, standards and the proprietary be rewarded for their investments. They may
knowledge of organizations and individuals (Figure make such knowledge available only under
2.3). ITIL is the most widely recognized and trusted commercial terms through purchases and
source of best-practice guidance in the area of licensing agreements.
ITSM. n Publicly available frameworks and standards
Public frameworks and standards are attractive such as ITIL, LEAN, Six Sigma, COBIT, CMMI,
when compared with proprietary knowledge for PRINCE2, PMBOK, ISO 9000, ISO/IEC 20000 and
the following reasons: ISO/IEC 27001 are validated across a diverse set
of environments and situations rather than the
n Proprietary knowledge is deeply embedded in limited experience of a single organization.
organizations and therefore difficult to adopt, They are subject to broad review across
replicate or even transfer with the cooperation multiple organizations and disciplines, and
of the owners. Such knowledge is often in the vetted by diverse sets of partners, suppliers and
form of tacit knowledge which is inextricable competitors.
and poorly documented.
n The knowledge of public frameworks is more
n Proprietary knowledge is customized for the likely to be widely distributed among a large
local context and the specific needs of the community of professionals through publicly
business to the point of being idiosyncratic. available training and certification. It is easier
Unless the recipients of such knowledge have for organizations to acquire such knowledge
matching circumstances, the knowledge may through the labour market.
not be as effective in use.
Standards Employees
Industry practices Customers
Sources Enablers
Academic research Suppliers
(generate) (aggregate)
Training and education Advisers
Internal experience Technologies
Substitutes Competition
Drivers Regulators Compliance Scenarios

(filter) (filter)
Customers Commitments
Knowledge fit for business

Objectives, context and purpose
Figure 2.3 Sources of service management best practice
CSI_Chapter_02.indd 9 09/07/2011 09:53

Ignoring public frameworks and standards resources compared to capabilities (see Figure 2.4
can needlessly place an organization at a for examples of capabilities and resources).
disadvantage. Organizations should cultivate their
Service providers need to develop distinctive
own proprietary knowledge on top of a body
capabilities to retain customers with value
of knowledge based on public frameworks and
propositions that are hard for competitors to
standards. Collaboration and coordination across
duplicate. For example, two service providers
organizations become easier on the basis of shared
may have similar resources such as applications,
practices and standards. Further information on
infrastructure and access to finance. Their
best practice in the public domain is provided in
capabilities, however, differ in terms of
Appendix A.
management systems, organization structure,
processes and knowledge assets. This difference is
2.2 BASIC CONCEPTS reflected in actual performance.
Capabilities by themselves cannot produce value
2.2.1 Assets, resources and capabilities without adequate and appropriate resources.
The service relationship between service providers The productive capacity of a service provider is
and their customers revolves around the use of dependent on the resources under its control.
assets both those of the service provider and Capabilities are used to develop, deploy and
those of the customer. Each relationship involves coordinate this productive capacity. For example,
an interaction between the assets of each party. capabilities such as capacity management and
Many customers use the service they receive to availability management are used to manage
build and deliver services or products of their own the performance and utilization of processes,
and then deliver them on to their own customers. applications and infrastructure, ensuring service
In these cases, what the service provider considers levels are effectively delivered.
to be the customer asset would be considered to
be a service asset by their customer. 2.2.2 Processes
Without customer assets, there is no basis for Definition: process
defining the value of a service. The performance of
A process is a structured set of activities designed
customer assets is therefore a primary concern for
to accomplish a specific objective. A process takes
service management.
one or more defined inputs and turns them into
Definitions defined outputs.
Asset: Any resource or capability. Processes define actions, dependencies and
Customer asset: Any resource or capability used sequence. Well-defined processes can improve
by a customer to achieve a business outcome. productivity within and across organizations and
functions. Process characteristics include:
Service asset: Any resource or capability used
by a service provider to deliver services to a n Measurability We are able to measure the
customer. process in a relevant manner. It is performance-
driven. Managers want to measure cost, quality
There are two types of asset used by both and other variables while practitioners are
service providers and customers resources and concerned with duration and productivity.
capabilities. Organizations use them to create value
n Specific results The reason a process exists is
in the form of goods and services. Resources are
to deliver a specific result. This result must be
direct inputs for production. Capabilities represent
individually identifiable and countable.
an organizations ability to coordinate, control and
n Customers Every process delivers its primary
deploy resources to produce value. Capabilities are
results to a customer or stakeholder. Customers
typically experience-driven, knowledge-intensive,
may be internal or external to the organization,
information-based and firmly embedded within
but the process must meet their expectations.
an organizations people, systems, processes
and technologies. It is relatively easy to acquire
CSI_Chapter_02.indd 10 09/07/2011 09:53

Capabilities Resources The output produced by a process has to conform

to operational norms that are derived from
Management Financial capital business objectives. If products conform to the
set norm, the process can be considered effective
(because it can be repeated, measured and
Organization Infrastructure
managed, and achieves the required outcome). If
the activities of the process are carried out with a
Processes Applications minimum use of resources, the process can also be
considered efficient.
Knowledge Information Inputs are data or information used by the process
and may be the output from another process.
People (experience, skills People (number
and relationships) of employees) A process, or an activity within a process, is
initiated by a trigger. A trigger may be the arrival
Figure 2.4 Examples of capabilities and resources of an input or other event. For example, the failure
of a server may trigger the event management and
n Responsiveness to specific triggers While a incident management processes.
process may be ongoing or iterative, it should A process may include any of the roles,
be traceable to a specific trigger. responsibilities, tools and management controls
A process is organized around a set of objectives. required to deliver the outputs reliably. A process
The main outputs from the process should be may define policies, standards, guidelines, activities
driven by the objectives and should include process and work instructions if they are needed.
measurements (metrics), reports and process Processes, once defined, should be documented
improvement. and controlled. Once under control, they can be
Process control
Process policy
Process owner Process objectives
Triggers Process
documentation Process feedback
Process
Process metrics
Process activities Process roles
Process Process Process Process

inputs procedures improvements outputs
Process Including process

work instructions reports and reviews
Process enablers
Process
Process resources capabilities
Figure 2.5 Process model
CSI_Chapter_02.indd 11 09/07/2011 09:53

repeated and managed. Process measurement and people who resolve incidents complete the
metrics can be built into the process to control incident record in the same way.
and improve the process as illustrated in Figure n Team A team is a more formal type of group.
2.5. Process analysis, results and metrics should be These are people who work together to achieve
incorporated in regular management reports and a common objective, but not necessarily in the
process improvements. same organizational structure. Team members
can be co-located, or work in multiple locations
2.2.3 Organizing for service management and operate virtually. Teams are useful for
There is no single best way to organize, and collaboration, or for dealing with a situation of
best practices described in ITIL need to be a temporary or transitional nature. Examples
tailored to suit individual organizations and of teams include project teams, application
situations. Any changes made will need to take development teams (often consisting of people
into account resource constraints and the size, from several different business units) and
nature and needs of the business and customers. incident or problem resolution teams.
The starting point for organizational design is n Department Departments are formal
strategy. Organizational development for service organizational structures which exist to perform
management is described in more detail in ITIL a specific set of defined activities on an ongoing
Service Strategy Chapter 6. basis. Departments have a hierarchical reporting
structure with managers who are usually
2.2.3.1Functions responsible for the execution of the activities
A function is a team or group of people and and also for day-to-day management of the
the tools or other resources they use to carry staff in the department.
out one or more processes or activities. In larger n Division A division refers to a number of
organizations, a function may be broken out departments that have been grouped together,
and performed by several departments, teams often by geography or product line. A division is
and groups, or it may be embodied within a normally self-contained.
single organizational unit (e.g. the service desk).
ITIL Service Operation describes the following
In smaller organizations, one person or group
functions in detail:
can perform multiple functions for example,
n Service desk The single point of contact for
a technical management department could also
users when there is a service disruption, for
incorporate the service desk function.
service requests, or even for some categories of
For the service lifecycle to be successful, an request for change. The service desk provides
organization will need to clearly define the roles a point of communication to users and a point
and responsibilities required to undertake the of coordination for several IT groups and
processes and activities involved in each lifecycle processes.
stage. These roles will need to be assigned to n Technical management Provides detailed
individuals, and an appropriate organization technical skills and resources needed to support
structure of teams, groups or functions will need to the ongoing operation of IT services and the
be established and managed. These are defined as management of the IT infrastructure. Technical
follows: management also plays an important role in the
n Group A group is a number of people who design, testing, release and improvement of IT
are similar in some way. In ITIL, groups refer services.
to people who perform similar activities n IT operations management Executes the daily
even though they may work on different operational activities needed to manage IT
technologies or report into different services and the supporting IT infrastructure.
organizational structures or even different This is done according to the performance
companies. Groups are usually not formal standards defined during service design. IT
organizational structures, but are very useful operations management has two sub-functions
in defining common processes across the that are generally organizationally distinct.
organization for example, ensuring that all These are IT operations control and facilities
management.
CSI_Chapter_02.indd 12 09/07/2011 09:53

n Application management Is responsible See Chapter 6 for more details about the roles and
for managing applications throughout their responsibilities described in ITIL Continual Service
lifecycle. The application management function Improvement.
supports and maintains operational applications
and also plays an important role in the design, 2.2.3.3 Organizational culture and behaviour
testing and improvement of applications that Organizational culture is the set of shared values
form part of IT services. and norms that control the service providers
The other core ITIL publications do not define interactions with all stakeholders, including
any functions in detail, but they do rely on the customers, users, suppliers, internal staff etc.
technical and application management functions An organizations values are desired modes of
described in ITIL Service Operation. Technical and behaviour that affect its culture. Examples of
application management provide the technical organizational values include high standards,
resources and expertise to manage the whole customer care, respecting tradition and authority,
service lifecycle, and practitioner roles within a acting cautiously and conservatively, and being
particular lifecycle stage may be performed by frugal.
members of these functions. High-performing service providers continually
align the value network for efficiency and
2.2.3.2Roles effectiveness. Culture through the value network is
A number of roles need to be performed transmitted to staff through socialization, training
during the service lifecycle. The core ITIL programmes, stories, ceremonies and language.
publications provide guidelines and examples Constraints such as governance, capabilities,
of role descriptions. These are not exhaustive or standards, resources, values and ethics play a
prescriptive, and in many cases roles will need to significant role in organizational culture and
be combined or separated. Organizations should behaviour. Organizational culture can also be
take care to apply this guidance in a way that suits affected by structure or management styles
their own structure and objectives. resulting in a positive or negative impact on
Definition: role performance. Organizational structures and
management styles contribute to the behaviour
A role is a set of responsibilities, activities and of people, process, technology and partners.
authorities granted to a person or team. A role These are important aspects in adopting service
is defined in a process or function. One person management practices and ITIL.
or team may have multiple roles for example,
the roles of configuration manager and change Change related to service management
manager may be carried out by a single person. programmes will affect organizational culture and
it is important to prepare people with effective
Roles are often confused with job titles but it is communication plans, training, policies and
important to realize that they are not the same. procedures to achieve the desired performance
Each organization will define appropriate job titles outcomes. Establishing cultural change is also
and job descriptions which suit their needs, and an important factor for collaborative working
individuals holding these job titles can perform one between the many different people involved in
or more of the required roles. service management. Managing people through
service transitions is discussed at more length in
It should also be recognized that a person may,
Chapter 5 of ITIL Service Transition.
as part of their job assignment, perform a single
task that represents participation in more than
2.2.4 The service portfolio
one process. For example, a technical analyst
who submits a request for change (RFC) to add The service portfolio is the complete set of services
memory to a server to resolve a performance that is managed by a service provider and it
problem is participating in activities of the change represents the service providers commitments and
management process at the same time as taking investments across all customers and market spaces.
part in activities of the capacity management and It also represents present contractual commitments,
problem management processes. new service development, and ongoing service
CSI_Chapter_02.indd 13 09/07/2011 09:53

improvement plans initiated by continual service Figure 2.6 illustrates the components of the service
improvement. The portfolio may include third- portfolio, which are discussed in detail in ITIL
party services, which are an integral part of service Service Strategy. These are important components
offerings to customers. of the service knowledge management system
(SKMS) described in section 2.2.5.
The service portfolio represents all the resources
presently engaged or being released in various
2.2.5 Knowledge management
stages of the service lifecycle. It is a database or
structured document in three parts:
and the SKMS
Quality knowledge and information enable people
n Service pipeline All services that are under to perform process activities and support the flow
consideration or development, but are not of information between service lifecycle stages and
yet available to customers. It includes major processes. Understanding, defining, establishing
investment opportunities that have to be traced and maintaining information is a responsibility of
to the delivery of services, and the value that the knowledge management process.
will be realized. The service pipeline provides a
business view of possible future services and is Implementing an SKMS enables effective decision
part of the service portfolio that is not normally support and reduces the risks that arise from a lack
published to customers. of proper mechanisms. However, implementing
n Service catalogue All live IT services, including an SKMS can involve a large investment in tools
those available for deployment. It is the only to store and manage data, information and
part of the service portfolio published to knowledge. Every organization will start this work
customers, and is used to support the sale and in a different place, and have their own vision
delivery of IT services. It includes a customer- of where they want to be, so there is no simple
facing view (or views) of the IT services in use, answer to the question What tools and systems
how they are intended to be used, the business are needed to support knowledge management?
processes they enable, and the levels and quality Data, information and knowledge need to be
of service the customer can expect for each interrelated across the organization. A document
service. The service catalogue also includes management system and/or a configuration
information about supporting services required management system (CMS) can be used as a
by the service provider to deliver customer- foundation for implementation of the SKMS.
facing services. Information about services Figure 2.7 illustrates an architecture for service
can only enter the service catalogue after due knowledge management that has four layers
diligence has been performed on related costs including examples of possible content at each
and risks. layer. These are:
n Retired services All services that have been
n Presentation layer Enables searching,
phased out or retired. Retired services are not
browsing, retrieving, updating, subscribing and
available to new customers or contracts unless a
collaboration. The different views onto the
special business case is made.
other layers are suitable for different audiences.
Service providers often find it useful to distinguish Each view should be protected to ensure that
customer-facing services from supporting services: only authorized people can see or modify the
n Customer-facing services IT services that are underlying knowledge, information and data.
visible to the customer. These are normally n Knowledge processing layer Is where the
services that support the customers business information is converted into useful knowledge
processes and facilitate one or more outcomes which enables decision-making.
desired by the customer. n Information integration layer Provides
n Supporting services IT services that support or integrated information that may be gathered
underpin the customer-facing services. These from data in multiple sources in the data layer.
are typically invisible to the customer, but are n Data layer Includes tools for data discovery
essential to the delivery of customer-facing IT and data collection, and data items in
services. unstructured and structured forms.
CSI_Chapter_02.indd 14 09/07/2011 09:53

would like the organization to work instead of

Service knowledge management system
working within the existing governance structures.
Definition: governance
Service portfolio
Service status Ensures that policies and strategy are actually

Requirements implemented, and that required processes
Definition Service
are correctly followed. Governance includes
Analysis
pipeline defining roles and responsibilities, measuring
Approved and reporting, and taking actions to resolve any
Service lifecycle
Chartered issues identified.

Design
Customer/support
Development team viewable
Build
section of the Governance works to apply a consistently managed
service portfolio
Test Service (the service approach at all levels of the organization first by
catalogue catalogue, with
Release selected fields ensuring a clear strategy is set, then by defining
Operational/live viewable) the policies whereby the strategy will be achieved.
Retiring The policies also define boundaries, or what the
Retired Retired services organization may not do as part of its operations.
Governance needs to be able to evaluate, direct
Figure 2.6 The service portfolio and its contents and monitor the strategy, policies and plans.
Further information on governance and service
In practice, an SKMS is likely to consist of multiple management is provided in Chapter 5 of ITIL
tools and repositories. For example, there may be Service Strategy. The international standard for
a tool that provides all four layers for the support corporate governance of IT is ISO/IEC 38500,
of different processes or combinations of processes. described in Appendix A.
Various tools providing a range of perspectives
will be used by different stakeholders to access 2.3.2 Management systems
this common repository for collaborative decision A system is a number of related things that work
support. together to achieve an overall objective. Systems
This architecture is applicable for many of the should be self-regulating for agility and timeliness.
management information systems in ITIL. A primary In order to accomplish this, the relationships within
component of the SKMS is the service portfolio, the system must influence one another for the sake
covered in section 2.2.4. Other examples include of the whole. Key components of the system are
the CMS, the availability management information the structure and processes that work together.
system (AMIS) and the capacity management A systems approach to service management
information system (CMIS). ensures learning and improvement through a big-
picture view of services and service management.
2.3 GOVERNANCE AND MANAGEMENT It extends the management horizon and provides a
sustainable long-term approach.
SYSTEMS
By understanding the system structure, the
2.3.1 Governance interconnections between all the assets and service
Governance is the single overarching area that components, and how changes in any area will
ties IT and the business together, and services affect the whole system and its constituent parts
are one way of ensuring that the organization is over time, a service provider can deliver benefits
able to execute that governance. Governance is such as:
what defines the common directions, policies and n Ability to adapt to the changing needs of
rules that both the business and IT use to conduct customers and markets
business. n Sustainable performance
Many ITSM strategies fail because they try to build n Better approach to managing services, risks,
a structure or processes according to how they costs and value delivery
CSI_Chapter_02.indd 15 09/07/2011 09:53

Presentation Portals IT governance Quality Services view Asset and Service desk Self-service
layer scorecards view management configuration and support view
dashboards view view view
reports
Search, browse, retrieve, update, publish, subscribe, collaborate
Knowledge Query and Monitoring

processing analysis Reporting Performance management Modelling
and alerting
layer
Service knowledge management base

Information
integration
layer
Integrated CMDB Other integrated data and information
Schema mapping, metadata management, reconciliation, extract, transform, mining
DML Unstructured data

CMDB Service Other External
Data layer CMDB
portfolio structured database
data links
CMDB
CMDB
Discovery, collection, audit
Figure 2.7 Architectural layers of an SKMS
n Effective and efficient service management n A service management system (ISO/IEC 20000)
n Simplified approach that is easier for people to n An information security management system
use (ISO/IEC 27001)
n Less conflict between processes n A management system for software asset
n Reduced duplication and bureaucracy. management (ISO/IEC 19770).
Many businesses have adopted management Service providers are increasingly adopting these
system standards for competitive advantage and standards to be able to demonstrate their service
to ensure a consistent approach in implementing management capability. As there are common
service management across their value network. elements between such management systems, they
Implementation of a management system also should be managed in an integrated way rather
provides support for governance (see section 2.3.1). than having separate management systems. To
meet the requirements of a specific management
Definition: management system (ISO 9001) system standard, an organization needs to analyse
The framework of policy, processes, functions, the requirements of the relevant standard in detail
standards, guidelines and tools that ensures and compare them with those that have already
an organization or part of an organization can been incorporated in the existing integrated
achieve its objectives. management system. Appendix A provides further
information on these standards.
A management system of an organization can
ISO management system standards use the Plan-
adopt multiple management system standards,
Do-Check-Act (PDCA) cycle shown in Figure 2.8.
such as:
The ITIL service lifecycle approach embraces and
n A quality management system (ISO 9001) enhances the interpretation of the PDCA cycle.
n An environmental management system You will see the PDCA cycle used in the structure
(ISO 14000) of the guidance provided in each of the core ITIL
CSI_Chapter_02.indd 16 09/07/2011 09:53

publications. This guidance recognizes the need n Continually improves the SMS and the services
to drive governance, organizational design and based on objective measurements.
management systems from the business strategy,
Service providers across the world have successfully
service strategy and service requirements.
established an SMS to direct and control their service
Definition: ISO/IEC 20000 management activities. The adoption of an SMS
should be a strategic decision for an organization.
An international standard for IT service
management. One of the most common routes for an
organization to achieve the requirements of ISO/
ISO/IEC 20000 is an internationally recognized IEC 20000 is by adopting ITIL service management
standard that allows organizations to demonstrate best practices and using the ITIL qualification
excellence and prove best practice in ITSM. scheme for professional development.
Part 1 specifies requirements for the service
Certification to ISO/IEC 20000-1 by an accredited
provider to plan, establish, implement, operate,
certification body shows that a service provider is
monitor, review, maintain and improve a
committed to delivering value to its customers and
service management system (SMS). Coordinated
continual service improvement. It demonstrates
integration and implementation of an SMS, to
the existence of an effective SMS that satisfies the
meet the Part 1 requirements, provides ongoing
requirements of an independent external audit.
control, greater effectiveness, efficiency and
Certification gives a service provider a competitive
opportunities for continual improvement. It
edge in marketing. Many organizations specify a
ensures that the service provider:
requirement to comply with ISO/IEC 20000 in their
n Understands and fulfils the service requirements contracts and agreements.
to achieve customer satisfaction
n Establishes the policy and objectives for service
management 2.4 THE SERVICE LIFECYCLE
n Designs and delivers changes and services that Services and processes describe how things
add value for the customer change, whereas structure describes how they are
n Monitors, measures and reviews performance of connected. Structure helps to determine the correct
the SMS and the services behaviours required for service management.
Continual quality control and consolidation
Plan Project plan

Do Project
Check Audit
Act New actions
Maturity level
ACT PLAN
Business
IT
alignment
CHECK DO
Effective quality
improvement
Consolidation of the level reached

i.e. baseline
Timescale
Figure 2.8 Plan-Do-Check-Act cycle
CSI_Chapter_02.indd 17 09/07/2011 09:53

Structure describes how process, people, outcomes instead of just IT objectives and projects.
technology and partners are connected. Structure Coordination is also essential between functional
is essential for organizing information. Without groups, across the value network, and between
structure, our service management knowledge processes and technology.
is merely a collection of observations, practices Feedback and control between organizational
and conflicting goals. The structure of the service assets helps to enable operational efficiency,
lifecycle is an organizing framework, supported by organizational effectiveness and economies of
the organizational structure, service portfolio and scale.
service models within an organization. Structure
can influence or determine the behaviour of the 2.4.2 Processes through the service
organization and people. Altering the structure of
lifecycle
service management can be more effective than
simply controlling discrete events. Each core ITIL lifecycle publication includes
guidance on service management processes as
Without structure, it is difficult to learn from shown in Table 2.1.
experience. It is difficult to use the past to educate
for the future. We can learn from experience but Service management is more effective if people
we also need to confront directly many of the most have a clear understanding of how processes
important consequences of our actions. interact throughout the service lifecycle, within
the organization and with other parties (users,
See Chapter 1 for an introduction to each ITIL customers, suppliers).
service lifecycle stage.
Process integration across the service lifecycle
2.4.1 Specialization and coordination depends on the service owner, process owners,
process practitioners and other stakeholders
across the lifecycle
understanding:
Organizations need a collaborative approach
for the management of assets which are used to n The context of use, scope, purpose and limits of
deliver and support services for their customers. each process
n The strategies, policies and standards that apply
Organizations should function in the same manner to the processes and to the management of
as a high-performing sports team. Each player in a interfaces between processes
team and each member of the teams organization
n Authorities and responsibilities of those
who are not players position themselves to
involved in each process
support the goal of the team. Each player and
n The information provided by each process
team member has a different specialization that
that flows from one process to another; who
contributes to the whole. The team matures
produces it; and how it is used by integrated
over time taking into account feedback from
processes.
experience, best practice, current process and
procedures to become an agile high-performing Integrating service management processes
team. depends on the flow of information across process
and organizational boundaries. This in turn
Specialization and coordination are necessary in depends on implementing supporting technology
the lifecycle approach. Specialization allows for and management information systems across
expert focus on components of the service but organizational boundaries, rather than in silos. If
components of the service also need to work service management processes are implemented,
together for value. Specialization combined with followed or changed in isolation, they can become
coordination helps to manage expertise, improve a bureaucratic overhead that does not deliver value
focus and reduce overlaps and gaps in processes. for money. They could also damage or negate the
Specialization and coordination together help to operation or value of other processes and services.
create a collaborative and agile organizational
architecture that maximizes utilization of assets. As discussed in section 2.2.2, each process has a
clear scope with a structured set of activities that
Coordination across the lifecycle creates an transform inputs to deliver the outputs reliably. A
environment focused on business and customer process interface is the boundary of the process.
CSI_Chapter_02.indd 18 09/07/2011 09:53

Table 2.1 The processes described in each core ITIL publication

Core ITIL lifecycle publication Processes described in the publication
ITIL Service Strategy Strategy management for IT services
Service portfolio management
Financial management for IT services
Demand management
Business relationship management
ITIL Service Design Design coordination
Service catalogue management
Service level management
Availability management
Capacity management
IT service continuity management
Information security management
Supplier management
ITIL Service Transition Transition planning and support
Change management
Service asset and configuration management
Release and deployment management
Service validation and testing
Change evaluation
Knowledge management
ITIL Service Operation Event management
Incident management
Request fulfilment
Problem management
Access management
ITIL Continual Service Improvement Seven-step improvement process
Process integration is the linking of processes by service portfolio represents all the assets presently
ensuring that information flows from one process engaged or being released in various stages of the
to another effectively and efficiently. If there is lifecycle.
management commitment to process integration,
Chapter 1 provides a summary of each stage in
processes are generally easier to implement and
the service lifecycle but it is also important to
there will be fewer conflicts between processes.
understand how the lifecycle stages work together.
Stages of the lifecycle work together as an
Service strategy establishes policies and principles
integrated system to support the ultimate
that provide guidance for the whole service
objective of service management for business value
lifecycle. The service portfolio is defined in this
realization. Every stage is interdependent as shown
lifecycle stage, and new or changed services are
in Figure 2.9. See Appendix D for examples of
chartered.
inputs and outputs across the service lifecycle.
During the service design stage of the lifecycle,
The SKMS, described in section 2.2.5, enables
everything needed to transition and operate
integration across the service lifecycle stages.
the new or changed service is documented in a
It provides secure and controlled access to the
service design package. This lifecycle stage also
knowledge, information and data that are
designs everything needed to create, transition
needed to manage and deliver services. The
CSI_Chapter_02.indd 19 09/07/2011 09:53

Requirements The business/customers
Service Change proposals

strategy and service
management system
Resources and
Service knowledge
constraints charters
Policies
Strategies
Service Service design

design packages
Standards
Solution Architectures
designs
Service Implementation
transition of transition plans
Tested SKMS updates
New/changed/ solutions
retired services
Business
Service Operational/live value
portfolio Service Achievements services
operation against targets
Service
catalogue
Continual
service
improvement CSI register, improvement
actions and plans
Figure 2.9 Integration across the service lifecycle
and operate the services, including management n The technical management function may
information systems and tools, architectures, provide input to strategic decisions about
processes, measurement methods and metrics. technology, as well as assisting in the design and
transition of infrastructure components.
The activities of the service transition and service
operation stages of the lifecycle are defined during n Business relationship managers may assist in
service design. Service transition ensures that the gathering detailed requirements during the
requirements of the service strategy, developed in service design stage of the lifecycle, or take part
service design, are effectively realized in service in the management of major incidents during
operation while controlling the risks of failure and the service operation stage.
disruption. n All service lifecycle stages contribute to the
seven-step improvement process.
The service operation stage of the service lifecycle
carries out the activities and processes required to Appendix D identifies some of the major inputs
deliver the agreed services. During this stage of the and outputs between each stage of the service
lifecycle, the value defined in the service strategy is lifecycle. Chapter 3 of each core ITIL publication
realized. provides more detail on the inputs and outputs of
the specific lifecycle stage it describes.
Continual service improvement acts in tandem
with all the other lifecycle stages. All processes, The strength of the service lifecycle rests upon
activities, roles, services and technology should be continual feedback throughout each stage of
measured and subjected to continual improvement. the lifecycle. This feedback ensures that service
optimization is managed from a business
Most ITIL processes and functions have activities
perspective and is measured in terms of the value
that take place across multiple stages of the service
the business derives from services at any point
lifecycle. For example:
in time during the service lifecycle. The service
n The service validation and testing process may lifecycle is non-linear in design. At every point in
design tests during the service design stage and the service lifecycle, the process of monitoring,
perform these tests during service transition. assessment and feedback between each stage
CSI_Chapter_02.indd 20 09/07/2011 09:53

Service strategy
Strategies, policies,
standards Feedback
Lessons learned Feedback
for improvement Lessons learned
for improvement
Service design
Plans to create and modify

Output
services and service
management processes Feedback
Lessons learned Feedback
for improvement Lessons learned
for improvement
Service transition
Manage the transition of a

Output new or changed service
and/or service management Feedback
process into production Lessons learned
for improvement
Service operation
Day-to-day operation of
Output services and service
management processes
Continual service improvement

Activities are embedded in the service lifecycle
Figure 2.10 Continual service improvement and the service lifecycle
drives decisions about the need for minor Adopting appropriate technology to automate
course corrections or major service improvement the processes and provide management with
initiatives. the information that supports the processes is
also important for effective and efficient service
Figure 2.10 illustrates some examples of the
management.
continual feedback system built into the service
lifecycle.
CSI_Chapter_02.indd 21 09/07/2011 09:53

CSI_Chapter_02.indd 22 09/07/2011 09:53
Continual service
improvement principles
3
09/07/2011 09:54
CSI_Chapter_03.indd 2 09/07/2011 09:54
| 35
3 Continual service improvement

principles
Service improvement must focus on increasing n Understand and agree on the priorities for
the efficiency, maximizing the effectiveness and improvement based on a deeper development
optimizing the cost of services and the underlying of the principles defined in the vision. The full
IT service management (ITSM) processes. The only vision may be years away but this step provides
way to do this is to ensure that improvement specific goals and a manageable timeframe.
opportunities are identified throughout the entire n Detail the CSI plan to achieve higher quality
service lifecycle. service provision by implementing or improving
ITSM processes.
3.1 CONTINUAL SERVICE IMPROVEMENT n Verify that measurements and metrics are in
APPROACH place and that the milestones were achieved,
process compliance is high, and business
Figure 3.1 shows an overall approach to continual objectives and priorities were met by the level
service improvement (CSI) and illustrates a of service.
continual cycle of improvement. This approach to n Finally, the approach should ensure that
improvement can be summarized as follows: the momentum for quality improvement is
n Embrace the vision by understanding the high- maintained by assuring that changes become
level business objectives. The vision should align embedded in the organization.
the business and IT strategies.
n Assess the current situation to obtain an 3.1.1 Business questions for CSI
accurate, unbiased snapshot of where the The business needs to be involved with CSI in
organization is right now. This baseline decision-making on what improvement initiatives
assessment is an analysis of the current position make sense and add the greatest value back to
in terms of the business, organization, people, the business. There are some key questions that
process and technology.
Business vision,
What is the vision? mission, goals and
objectives
Baseline
Where are we now?
assessments
How do we keep the Where do we want Measurable

momentum going? to be? targets
Service and process

How do we get there?
improvement
Measurements and
Did we get there? metrics
Figure 3.1 Continual service improvement approach
CSI_Chapter_03.indd 3 09/07/2011 09:54

36 | Continual service improvement principles
will assist the business in making decisions about One approach to managing organizational change
whether a CSI initiative is warranted or not. is that of John P. Kotter. His eight-step approach to
transforming an organization is discussed in detail
The CSI approach will enable the correct questions
in section 8.4.
to be asked from both a business and an IT
perspective. Not understanding some of these
questions can lead to challenges, perceived poor 3.3 OWNERSHIP
service or in some cases actual poor service:
The principle of ownership is fundamental to
n What is the vision? The question should be any improvement strategy. CSI is a best practice
asked by the IT service provider to understand and one of the keys to successful implementation
what the ultimate and long term aims are. is to ensure that a specific manager, a CSI
n Where are we now? This is a question every manager, is accountable for ensuring the best
business should start out asking as this creates practice is adopted and sustained throughout
a baseline of data for services currently being the organization. The CSI manager is the
delivered. chief advocate and owns all CSI issues. The CSI
n Where do we want to be? This is often manager is accountable for the success of CSI in
expressed as business requirements. the organization. This ownership responsibility
n How do we get there? What improvement extends beyond ensuring the CSI practices are
initiatives are required in the short, medium and embedded in the organization but also to
long term? These initiatives should be logged in ensuring there are adequate resources (including
the CSI register (see section 3.4). people and technology) to support and enable
CSI. Also included are ongoing CSI activities
n Did we get there? This is documented through
such as monitoring, analysing, evaluating trends
monitoring, reporting and reviewing of service
and reporting as well as project-based service
level achievements and actual performance
improvement activities activities that are
against targets identified by the business
fundamental to the ITIL framework. Improvement
requirements.
will be difficult without clear and unambiguous
There is a common belief that CSI activities cannot accountability.
improve a service that doesnt yet exist and that
While the CSI manager is responsible and
the service has to be operational to identify
accountable for CSI, the CSI manager is not
improvement opportunities. However, CSI can
accountable for improvements to specific services.
add value in designing a new service by bringing
Specific service improvements are the responsibility
the knowledge and experience from improving
of the appropriate service owner working within
existing services. CSI can proactively prevent the
the CSI framework.
potential flaws in the new service. CSI activities can
be executed within service strategy, service design,
service transition and service operation. 3.4 CSI REGISTER
It is likely that several initiatives or possibilities for
3.2 CSI AND ORGANIZATIONAL CHANGE improvement are identified. It is recommended
that a CSI register is kept to record all the
Improving service management is to embark
improvement opportunities and that each one
upon an organizational change programme.
should be categorized into small, medium or
Many organizational change programmes fail to
large undertakings. Additionally they should be
achieve the desired results. Successful ITSM requires
categorized into initiatives that can be achieved
understanding the way in which work is done and
quickly, or in the medium term or longer
putting in place a programme of change within
term. Each improvement initiative should also
the IT organization. This type of change is, by its
show the benefits that will be achieved by its
very nature, prone to difficulties. It involves people
implementation. With this information a clear
and the way they work. People generally do not
prioritized list can be produced. One failing that
like to change; the benefits must be explained to
has been observed is when something has been
everyone to gain their support and to ensure that
identified as a lower priority. It never makes its way
they break out of old working practices.
higher up the list for a further consideration, so
CSI_Chapter_03.indd 4 09/07/2011 09:54

Continual service improvement principles | 37
automated raising of priorities over time may be a opportunities for improvement. The strengths and
useful addition to the register. weaknesses focus on the internal aspects of the
organization while the opportunities and threats
The CSI register contains important information
focus on aspects external to the organization.
for the overall service provider and should be held
and regarded as part of the service knowledge
management system (SKMS). 3.6 SERVICE LEVEL MANAGEMENT
The CSI register will introduce a structure and Adopting the service level management (SLM)
visibility to CSI ensuring that all initiatives are process is a key principle of CSI. While in the past
captured and recorded, and benefits realized. many IT organizations viewed SLM as merely a
Additionally the benefits will be measured to smattering of isolated agreements around system
show that they have given the desired results. availability or service desk calls, this is no longer
In forecasting the benefits of each proposed true. SLM is no longer optional. Todays business
improvement we should also try to quantify the demands that IT be driven by service requirements
benefit in terms of aspirational key performance and outcomes. This service orientation of IT
indicator (KPI) metrics. This will assist in prioritizing toward the business becomes the foundation for
those changes that deliver the most significant the trusted partnership that IT must endeavour to
incremental benefit to the business. create. Today IT is a core enabler of every critical
business process. It cannot be overemphasized
The CSI register provides a coordinated, consistent
that IT organizations can no longer afford to
view of the potentially numerous improvement
operate with a technology-only bias, but rather
activities. It is important to define the interface
must consistently strive to be included in every
from the CSI register of initiatives with strategic
conceivable channel of communication and level of
initiatives and with processes such as problem
decision-making all the way to the boardroom.
management, capacity management and
change management. In particular the service SLM involves a number of steps:
review meeting is likely to result in a number of
n Involving the business and determining its
requirements for improvement.
service level requirements (SLRs)
The CSI manager should have accountability and n Identifying internal relationships in IT
responsibility for the production and maintenance organizations, negotiating the terms and
of the CSI register. responsibilities of the internal relationships,
Appendix B shows a simple example of what a CSI and codifying them with operational level
register could look like. Each organization should agreements (OLAs)
evaluate its own requirements and amend the n Identifying existing contractual relationships
register to suit their own purposes. with external vendors; working with the
supplier manager to verify that these
underpinning contracts (UCs) meet the revised
3.5 EXTERNAL AND INTERNAL DRIVERS business requirements
There are two major areas within every n Using the service catalogue as the baseline to
organization driving improvement: aspects that are negotiate service level agreements (SLAs) with
external to the organization such as regulation, the business
legislation, competition, external customer n Reviewing service achievement and identifying
requirements, market pressures and economics; where improvements are required, feeding
and aspects that are internal to the organization them into CSI.
such as organizational structures, culture, new
knowledge, new technologies, new skills, existing Once the IT organization and the business begin
and projected staffing levels, union rules etc. In working together through SLM, IT management
some cases these aspects may serve to hinder soon realizes that the old definitions of successful
improvement rather than drive it forward. A IT are beginning to fall by the wayside. A high
SWOT analysis (examining strengths, weaknesses, network availability percentage or great ratings
opportunities and threats), discussed in section in a customer satisfaction survey are no longer
5.5.9, may be helpful in illuminating significant the end goal but merely positive metrics rolling
CSI_Chapter_03.indd 5 09/07/2011 09:54

towards the achievement of a service level and

the required business outcomes. IT management Context
understands that with the adoption of SLM a

fundamental shift has taken place. The definition
of success in IT is both the agreed service level Wisdom
Why?
achieved and the resulting business outcomes
achieved. IT is then structured, managed, staffed, Knowledge
funded and operated to meet or exceed the service How?
levels. The service level rules and everything else Information
are just details. The SLM process is fully defined in Who, what,
when, where?
ITIL Service Design.
Data
Understanding
3.7 KNOWLEDGE MANAGEMENT

Figure 3.2 Knowledge management leads to better
Those who cannot remember the past are IT decisions
condemned to repeat it. George Santayana
now more commonly known) is steady, ongoing
Knowledge management is explained fully in ITIL improvement. It is a fundamental tenet of CSI.
Service Transition but it plays a key role in CSI.
The PDCA cycle is critical at two points in CSI:
Within each service lifecycle stage, data should
implementation of CSI, and for the application of
be captured to enable knowledge gain and an
CSI to services and service management processes.
understanding of what is actually happening, thus
At implementation, all four stages of the PDCA
enabling wisdom. This is often referred to as the
cycle are used. With ongoing improvement, CSI
Data-to-Information-to-Knowledge-to-Wisdom
draws on the check and act stages to monitor,
(DIKW) structure (see Figure 3.2). All too often an
measure, review and implement initiatives.
organization will capture the appropriate data
but fail to process the data into information, The seven-step improvement process fully
synthesize the information into knowledge, and described in Chapter 4 can be viewed as an
then combine that knowledge with others to bring example of an implementation of the PDCA cycle,
wisdom. Wisdom will lead to better decisions with each of the steps falling within one of the
around improvement. phases of the cycle: Plan, Do, Check, Act.
This applies both when looking at the IT services The cycle is underpinned by a process-led approach
themselves and when drilling down into each to management where defined processes are in
individual IT process. Knowledge management is a place, the activities are measured for compliance
mainstay of any improvement process. to expected values and outputs are audited to
validate and improve the process.
3.8 THE DEMING CYCLE It should be noted that the PDCA cycle is a
fundamental part of many quality standards
W. Edwards Deming is best known for his
including ISO/IEC 20000.
management philosophy leading to higher quality,
increased productivity, and a more competitive
position. As part of this philosophy he formulated 3.9 SERVICE MEASUREMENT
14 points of attention for managers. Some of them
are more appropriate to service management than 3.9.1 Baselines
others. For quality improvement he proposed the An important beginning point for highlighting
Deming Cycle or Circle. This cycle is particularly improvement is to establish baselines as markers
applicable in CSI. As already mentioned in or starting points for later comparison. Baselines
section 2.3.2, the four key stages of the cycle are are also used to establish an initial data point
Plan, Do, Check and Act, after which a phase of to determine if a service or process needs to
consolidation prevents the circle from rolling be improved. As a result, it is important that
back down the hill (see Figure 2.8). Our goal in baselines are documented, recognized and
using the Deming Cycle (or the PDCA cycle, as it is accepted throughout the organization. Baselines
CSI_Chapter_03.indd 6 09/07/2011 09:54

must be established at each level: strategic goals

and objectives, tactical process maturity, and
operational metrics and KPIs.
If a baseline is not initially established the first
measurement efforts will become the baseline. To validate To direct
That is why it is essential to collect data at the
Your measurement framework
outset, even if the integrity of the data is in
question. It is better to have data to question than
To justify To intervene
to have no data at all.
3.9.2 Why do we measure?

As shown in Figure 3.3 there are four reasons to
monitor and measure:
n To validate Monitoring and measuring to
validate previous decisions Figure 3.3 Why do we measure?
n To direct Monitoring and measuring to set happen. The improvement process spans not only
the direction for activities in order to meet set the management organization but the entire
targets; this is the most prevalent reason for service lifecycle. This is a cornerstone of CSI, the
monitoring and measuring main steps of which are as follows:
n To justify Monitoring and measuring to justify,
1 Identify the strategy for improvement
with factual evidence or proof, that a course of
Identify the overall vision, business need, the
action is required
strategy and the tactical and operational goals.
n To intervene Monitoring and measuring
to identify a point of intervention including 2 Define what you will measure
subsequent changes and corrective actions. Service strategy and service design should have
identified this information early in the lifecycle.
The four basic reasons to monitor and measure
CSI can then start its cycle all over again at
lead to three key questions: Why are we
Where are we now? and Where do we want
monitoring and measuring?, When do we stop?
to be? This identifies the ideal situation for
and Is anyone using the data? To answer these
both the business and IT. CSI can conduct a
questions, it is important to identify which of the
gap analysis to identify the opportunities for
above reasons is driving the measurement effort.
improvement as well as answering the question
Too often, we continue to measure long after the
How do we get there?
need has passed. Every time you produce a report
you should ask: Do we still need this? 3 Gather the data
In order to properly answer the question Did
3.9.3 The seven-step improvement we get there?, data must first be gathered
process (usually through service operations). Data can
Fundamental to CSI is the concept of measurement. be gathered from many different sources based
CSI uses the seven-step improvement process on goals and objectives identified. At this point
shown in Figure 3.4. The seven-step improvement the data is raw and no conclusions are drawn.
process is a crucial part of CSI and is described 4 Process the data
in detail in section Chapter 4 but it is briefly Here the data is processed in alignment with the
introduced here so it can be seen alongside the critical success factors (CSFs) and KPIs specified.
other key principles. This means that timeframes are coordinated,
unaligned data is rationalized and made
3.9.3.1 Which steps support CSI? consistent, and gaps in the data are identified.
It is obvious that all the activities of the The simple goal of this step is to process data
improvement process assist CSI in some way. It is from multiple disparate sources to give it
relatively simple to identify what takes place but context that can be compared. Once we have
more difficult to understand exactly how this will rationalized the data we can begin analysis.
CSI_Chapter_03.indd 7 09/07/2011 09:54

Wisdom 1. Identify the strategy for 2. Define what you will Data
improvement measure
Vision
Business need
Strategy
Tactical goals Apply
Operational goals
PLAN
7. Implement improvement 3. Gather the data
Who? How? When?
Criteria to evaluate
integrity of data
Operational goals
Service measurement
ACT DO
6. Present and use the

information
Assessment summary
Action plans
Etc.
CHECK
5. Analyse the information 4. Process the data

and data Frequency?
Trends? Format?
Targets? Tools and systems?
Improvements required? Accuracy?
Knowledge Information
Figure 3.4 The seven-step improvement process
5 Analyse the information and data 7 Implement improvement

As we bring the data more and more into The knowledge gained is used to optimize,
context, it evolves from raw data into improve and correct services and processes.
information with which we can start to answer Issues have been identified and now solutions
questions about who, what, when, where and are implemented wisdom is applied to
how as well as trends and the impact on the the knowledge. The improvements that
business. It is the analysing step that is most need to be taken to improve the service or
often overlooked or forgotten in the rush to process are communicated and explained
present data to management. to the organization. Following this step the
organization establishes a new baseline and the
6 Present and use the information
cycle begins anew.
Here the answer to Did we get there? is
formatted and communicated in whatever way While these seven steps appear to form a
necessary to present to the various stakeholders circular set of activities, in fact, they constitute
an accurate picture of the results of the a knowledge spiral (see Figure 3.5). In practice,
improvement efforts. Knowledge is presented to knowledge gathered and wisdom derived from
the business in a form and manner that reflects the knowledge at one level of the organization
their needs and assists them in determining the becomes a data input to the next.
next steps.
People often believe data, information, knowledge
and wisdom to be synonymous or at least broadly
similar in meaning. This view is incorrect. There is
CSI_Chapter_03.indd 8 09/07/2011 09:54

Step 1 Step 2
PLAN
Step 7 Step 3
Operational management ACT DO
Step 4
CHECK
Step 6 Step 5
Step 1 Step 2
PLAN
Step 7 Step 3
ACT DO
Step 4
CHECK
Step 6 Step 5
Tactical management
Step 1 Step 2
PLAN
Step 7 Step 3
ACT DO
Step 4
CHECK
Step 6 Step 5
Strategic management
Figure 3.5 Knowledge spiral a gathering activity
a significant difference between each of the four and organizing data in a way that adds to the
items. knowledge of the person receiving it.
Data is quantitative. Data is defined as numbers, By processing data into information it is possible to
characters, images or other outputs from devices know the breakdown of which customers are using
to convert physical quantities into symbols, in a the service desk and the specific issues that are
very broad sense. Essentially it can be defined as incidents or service requests. For example, further
a collection of facts, whereas information is the processing of the data into information may show
result of processing and organizing data in a way that 32% of all contacts to the service desk are How
that adds to the knowledge of the person receiving to questions, and that 18% of all contacts are service
it. Raw data is a relative term; data processing incidents with the organizations email system.
commonly occurs by stages, and the processed
Knowledge can be defined as information
data from one stage may be considered the raw
combined with experience, context, interpretation
data of the next. For example, the service desk
and reflection. For example, based on the data and
and incident management may collect data on an
information, and an understanding of who uses
average of 12,000 incidents per month. Data can
the service, and their reasons for using the service,
also be qualitative such as comments in a customer
the impact to the business can be determined.
satisfaction survey.
Wisdom is defined as the ability to make correct
Data can be defined as a collection of facts
judgements and decisions. It consists of making
in context from which conclusions may be
the best use of available knowledge. For example,
drawn. Information is the result of processing
knowledge about the customer impact of incidents
CSI_Chapter_03.indd 9 09/07/2011 09:54

can lead to identifying improvement opportunities

such as training programmes or initiating a service
improvement plan (SIP) for improving the email Enterprise governance
service.
3.10 IT GOVERNANCE
Corporate governance Business governance
IT governance is only part of an organizations i.e. conformance i.e. performance
corporate governance, but it is an important part.
Governance is important for all organizations and
will provide an environment within which CSI can
operate and thrive. With the exposure of high-level Accountability Value creation
assurance Resource utilization
corporate fraud in the early years of this century,
IT was forced to comply with new legislation and
an ever-increasing number of external regulations.
External auditors are now commonplace in large IT
Figure 3.6 Enterprise governance (source: CIMA)
organizations.
Chapter 5 of ITIL Service Strategy includes a the business and, soon after, cease to exist. This
detailed description of governance and how it continual and unceasing drive toward greater
should be applied to ITSM. business value with greater internal efficiency is at
the heart of CSI.
The Chartered Institute of Management
Accountants (CIMA) has a framework for enterprise
governance as shown in Figure 3.6, which covers 3.11 FRAMEWORKS, MODELS,
the corporate governance and the business STANDARDS AND QUALITY SYSTEMS
management aspects of the organization.
Appendix A gives a detailed description of related
IT governance guidance and outlines the frameworks, models,
standards and quality systems that an organization
IT governance is the responsibility of the board may choose to use in support of ITSM. As well as
of directors and executive management. It ITIL itself this includes:
is an integral part of enterprise governance
and consists of the leadership, organizational n Quality management system ISO 9000
structures and processes that ensure that the n Total Quality Management (TQM)
organizations IT sustains and extends the n Risk management
organizations strategies and objectives. IT n Control OBjectives for Information and related
Governance Institute (2003). Board Briefing on IT Technology (COBIT)
Governance, 2nd edition. n ISO/IEC 20000 and other ISO standards for IT
n ISO 14001 Environmental management
IT governance touches nearly every area detailed
standard
in Figure 3.6. On the one hand, IT organizations
must now comply with new rules and legislation n Programme and project management including
and continually demonstrate their compliance PRINCE2
through successful independent audits by external n Skills Framework for the Information Age (SFIA)
organizations. On the other hand, IT organizations n Capability Maturity Model Integration (CMMI)
are increasingly being called on to do more with n ISO/IEC 27001 Information security
less and create additional value while maximizing management system.
the use of existing resources.
These increasing pressures dovetail perfectly with 3.11.1 Which one should I choose?
the basic premise of ITIL: IT is a service business. Experience has shown that while each may be
Existing internal IT organizations must transform complete unto itself, none provides a total answer
themselves into effective and efficient IT service for IT management. Indeed, there is a good
providers or they will cease to be relevant to deal of overlap between them but, for the most
CSI_Chapter_03.indd 10 09/07/2011 09:54

Table 3.1 CSI inputs and outputs by lifecycle stage

Lifecycle stage CSI inputs (from the lifecycle stages in the CSI outputs (to the lifecycle stages in the first
first column) column)
Service strategy Vision and mission Results of customer and user satisfaction surveys
Service portfolio Input to business cases and the service portfolio
Policies Feedback on strategies and policies
Strategies and strategic plans Financial information regarding improvement
initiatives for input to budgets
Priorities
Data required for metrics, KPIs and CSFs
Financial information and budgets
Service reports
Patterns of business activity
Requests for change (RFCs) for implementing
Achievements against metrics, KPIs and CSFs
improvements
Improvement opportunities logged in the CSI
register
Service design Service catalogue Results of customer and user satisfaction surveys
Service design packages including details of Input to design requirements
utility and warranty
Knowledge and information in the SKMS
Service reports
Feedback on service design packages
Design of services, measurements, processes,
RFCs for implementing improvements
infrastructure and systems
Design for the seven-step improvement
process and procedures
register
Service transition Test reports Results of customer and user satisfaction surveys
Change evaluation reports Input to testing requirements
Knowledge and information in the SKMS Data required for metrics, KPIs and CSFs
Achievements against metrics, KPIs and CSFs Input to change evaluation and change advisory
board meetings
register Service reports
Service operation Operational performance data and service Results of customer and user satisfaction surveys
records
Service reports and dashboards
Proposed problem resolutions and proactive
measures
register
CSI_Chapter_03.indd 11 09/07/2011 09:54

part, they are not competitive or exclusive but An effective CSI practice will be integrated within
complementary. In fact, many organizations use all stages of the service lifecycle. The greatest value
a combination to manage and improve IT more to the business and IT will be realized by having
effectively. a continuous monitoring and feedback loop as
It should be emphasized that ISO/IEC 20000 (the the service and ITSM processes move through
IT service management standard) is most closely the service lifecycle. Look for improvement
aligned with ITIL and is specifically aimed at IT opportunities within service strategy, service
service providers. design, service transition and service operation.
It is imperative that the concept of continual
ISACA, in conjunction with the Office of improvement be woven into the day-to-day fabric
Government Commerce (OGC), created a briefing of the organization.
paper entitled Aligning COBIT, ITIL and ISO17799
for Business Benefit. Other organizations have
combined ITIL, CMMI and Six Sigma as their 3.12 CSI INPUTS AND OUTPUTS
formula for success. Table 3.1 shows the major CSI inputs and outputs,
Some organizations have doubts about which by lifecycle stage. Appendix D provides a summary
frameworks, models, standards or quality system to of the major inputs and outputs between each
choose, not wishing to go down the wrong path. stage of the service lifecycle.
The decision is not Which one should I choose?
but rather What should I improve first?
CSI_Chapter_03.indd 12 09/07/2011 09:54

Continual service
improvement processes
4
09/07/2011 09:55
CSI_Chapter_04.indd 2 09/07/2011 09:55
| 47
4 Continual service improvement

processes
Many activities have to be completed to ensure n Reduce the cost of providing services and
continual service improvement (CSI) across the ensuring that IT services enable the required
service lifecycle. Some of them could be regarded business outcomes to be achieved. A clear
as processes in their own right but in order that objective will be cost reduction, but this is not
readers get the full picture they have been pulled the only criterion. If service delivery or quality
together into a single contiguous process: the reduces as a result the overall impact may be
seven-step improvement process. neutral or even negative.
n Identify what needs to be measured, analysed
4.1 THE SEVEN-STEP IMPROVEMENT and reported to establish improvement
opportunities.
PROCESS
n Continually review service achievements
Chapter 3 introduced the seven-step improvement to ensure they remain matched to business
process shown in Figure 3.4 and its interaction with requirements; continually align and re-align
the Plan-Do-Check-Act (PDCA) cycle and the CSI service provision with outcome requirements.
approach. The PDCA cycle provides steady, ongoing n Understand what to measure, why it is being
improvement, which is a fundamental tenet of CSI. measured and carefully define the successful
Figure 3.4 also shows how the cycle fits into the outcome.
Data-to-Information-to-Knowledge-to-Wisdom
It is important to note that improvements in
(DIKW) structure of knowledge management. The
quality should not be implemented if there is
integration of the PDCA cycle and the seven-step
a cost associated with the improvement and if
improvement process is as follows:
this cost has not been justified. Every potential
n Plan improvement opportunity will have to have a
1. Identify the strategy for improvement business case justification to show that the business
2. Define what you will measure will have an overall benefit. For small initiatives
n Do the business case does not have to be a full
blown report but could be a simple justification.
3. Gather the data
The seven-step improvement process is not free-
4. Process the data
standing and will only achieve its desired outcomes
n Check when applied to technology, services, processes,
5. Analyse the information and data organization or partners.
6. Present and use the information
n Act 4.1.2 Scope
7. Implement improvement. The seven-step improvement process includes
analysis of the performance and capabilities
4.1.1 Purpose and objectives of services, processes throughout the lifecycle,
The purpose of the seven-step improvement partners and technology. It includes the continual
process is to define and manage the steps needed alignment of the portfolio of IT services with
to identify, define, gather, process, analyse, present the current and future business needs as well
and implement improvements. as the maturity of the enabling IT processes for
each service. It also includes making best use of
The objectives of the seven-step improvement the technology that the organization has and
process are to: looks to exploit new technology as it becomes
n Identify opportunities for improving services, available where there is a business case for doing
processes, tools etc. so. Also within the scope are the organizational
CSI_Chapter_04.indd 3 09/07/2011 09:55

48 | Continual service improvement processes
structure, the capabilities of the personnel, and On a regular basis means that the activity is not
asking whether people are working in appropriate done ad hoc but on scheduled dates such as
functions and roles, and if they have the required monthly or quarterly. Most organizations review
skills. service achievement and service management
process results on a monthly basis.
4.1.3 Value to business If a new service is being introduced, it is
The value of the seven-step improvement process recommended to monitor, report and review
is that by monitoring and analysing the delivery much sooner than after a month. You may want
of services it will ensure the current and future to review the new service daily, as part of early life
business outcome requirements can be met. The support, for a period of time, before changing to
seven-step improvement process enables continual weekly and finally monthly reviews.
assessment of the current situation against business
The following are additional CSI policies that an IT
needs and identifies opportunities to improve
service provider should implement:
service provision for customers.
n All improvement initiatives must use the formal
4.1.4 Policies, principles and basic concepts change management process
The seven-step improvement process puts a n All functional groups within IT have a
structure in place to enable continual assessment responsibility for CSI activities. This might be
of the current situation against business needs only one person in the group, but the intent
and looks for opportunities to improve service here is that CSI is not usually a functional group
provision, thus enabling the overall business to be within an organization but that everyone has a
more successful. hand in supporting CSI activities
n Roles and responsibilities will be documented,
4.1.4.1Policies communicated and filled within IT.
Many of the policies that support the seven-step When defining the CSI policies you may want to
improvement process are often found as a part of use a consistent template. The template in Table
other processes such as service level management 4.1 is an example that documents the policy
(SLM), availability management and capacity statement, reason for the policy and a definition
management. Examples of some of these policies of the benefits of the policy. If an organization
are: has difficulty defining the reason for and benefits
n Monitoring requirements must be defined and of a policy it should consider whether the policy
implemented is needed. If compliance to a policy cannot be
n Data must be gathered and analysed and its monitored then the value of the policy must be in
integrity checked on a consistent basis doubt.
n Trend reporting must be provided on a
consistent basis 4.1.4.2Principles
n Service level achievement reports must be Many service providers operate in a competitive
provided on a consistent basis environment and they need to continually assess
n Internal and external service reviews must be their services against market expectations to
completed on a consistent basis (internal is ensure they remain competitive. Also, new delivery
within IT and external is with the business) mechanisms (e.g. cloud computing) can introduce
service efficiencies and need to be reviewed. The
n Services must have either clearly defined service
following activities should be regularly performed:
levels or service targets that can be used to
determine if there are gaps in the services n Services must be checked against competitive
provided service offerings to ensure they continue to add
n Service management processes must have critical true business value to the client, and the service
success factors (CSFs) and key performance provider remains competitive in its delivery of
indicators (KPIs) to determine if there are gaps such services.
between the expected outcome and the real n Services must be reviewed in the light of new
outcome. technological advances (e.g. cloud deployment
CSI_Chapter_04.indd 4 09/07/2011 09:55

Continual service improvement processes | 49
Table 4.1 Policy template example

Title Monitoring services, systems and components
Policy statement IT and the business must agree on what to monitor and collect data for each service.
This data should be aligned with the service level agreements (SLAs), operational level
agreements (OLAs) and contracts.
Reason for policy Provides input into CSI activities to identify gaps and improvement opportunities.
Benefits Ensures agreement on defining what to monitor (work with SLM).
Defines monitoring requirements for new services and/or existing services to support CSI
activities.
Identifies trends and gaps.
Supports prioritization of improvement projects.
architectures) to ensure they are delivering the to truly improve services or service management
most efficient services to the customer. processes. Think through the strategy and plan for
reporting and using the data. Reporting is partly a
4.1.4.3 Basic concepts marketing activity. It is important that IT managers
focus on the value added to the organization as
CSI is often viewed as an ad hoc activity within
well as reporting on issues and achievements. In
IT services. The activity is only triggered when
order for steps 5 to 7 to be carried out correctly, it
someone in IT management flags up that there
is imperative that the target audience is considered
is a problem. This is not the right way to address
when packaging the information.
CSI. Often these reactionary events are not even
providing continual improvement, but simply An organization can find improvement
stopping a single failure from occurring again. opportunities throughout the entire service
lifecycle. An IT organization does not need to wait
CSI takes a commitment from everyone in IT
until a service or service management process is
working throughout the service lifecycle to
transitioned into the operations area to begin
be successful at improving services and service
identifying improvement opportunities.
management processes. It requires ongoing
attention, a well-thought-out plan, and consistent
4.1.5 Process activities, methods and
attention to monitoring, analysing and reporting
results with an eye toward improvement.
techniques
Improvements can be incremental in nature but The seven-step improvement process is shown in
also require a huge commitment to implement a Figure 3.4 and is discussed at the start of section 4.1.
new service or meet new business requirements. Figure 4.1 shows the trail from metrics to KPI
This section spells out the seven steps of to CSF, all the way back to the vision where
improvement, each of which needs attention. appropriate. Elements from this trail are used at
There is no reward for taking a short cut or not points throughout the seven-step improvement
addressing each step in a sequential nature. If any process.
step is missed, there is a risk of not being efficient These are the seven steps.
and effective in meeting the goals of CSI.
IT services must ensure that proper staffing and 4.1.5.1 Step 1 Identify the strategy for
tools are identified and implemented to support improvement
CSI activities. It is also important to understand the Before any further activity can be started it is
difference between what should be measured and imperative that the overall vision is identified.
what can be measured. Start small dont expect What are we trying to achieve for the business as
to measure everything at once. Understand the a whole? The questions we need to ask are: What
organizational capability to gather and process initiatives does the business have that could be
the data. Be sure to spend time analysing data undermined by poor IT service provision? Or, more
as this is where the real value comes in. Without positively: How can improvements in IT enable
analysis of the data, there is no real opportunity the business vision to be achieved? The answers to
CSI_Chapter_04.indd 5 09/07/2011 09:55

Vision
Step 1 Step 2
Mission
Business and
IT alignment Step 3
Goals
Step 7 Step 4
Objectives
Step 6 Step 5
CSF
KPI
Step 1 Step 2
Business and
Step 3 Metrics
IT alignment
Step 7 Step 4
Measurements
Step 6 Step 5
Figure 4.1 From vision to measurements
these questions will come from stepping through One of the potential sources for a revisit would be
the seven-step improvement process. one or more initiatives raised and documented in
the CSI register. Inputs for this step are:
What are the business and IT strategy and plans for
the coming months and years? Why do we want n Business plans and strategy
to measure for improvement? The overall strategy n Service review meetings
should be assessed and analysed to see where we n Vision and mission statements
need to focus our measurements, for example. n Corporate, divisional and departmental goals
The technical and operational goals as well as the and objectives
strategic goals need to be identified and assessed.
n Legislative requirements
The vision should not be to have state-of-the-art
n Governance requirements
servers and desk-top computers, but to have state-
of-the-art services that ensure and enable the n Customer satisfaction surveys
overall business to perform as well as possible so it n CSI initiatives as logged in the CSI register.
is not in any way constrained by the quality or cost
of the IT services. 4.1.5.2 Step 2 Define what you will
Like all the steps in the process, this should be measure
revisited to reassess the potentially changing vision This step is directly related to the strategic, tactical
and goals. When revisiting this process we would and operational goals that have been defined
apply any wisdom gained from previous iterations. for measuring services and service management
processes as well as the existing technology and
capability to support measuring and CSI activities.
CSI_Chapter_04.indd 6 09/07/2011 09:55

In this step you need to define what you should requirements that cannot be met. This always
measure; define what you can actually measure; leads to significant customer dissatisfaction.
carry out a gap analysis; and then finalize the n Tools are very sophisticated and can gather
actual measurement plan. myriads of data points. IT organizations get
As stated previously, measurement will take place lulled into a false sense of security in the
at service, process and technology levels. knowledge that the data will be there when
they need it. Too often the tool is too powerful
Step 2 is iterative during the rest of the activities. for the needs of the organization. It is like
Depending on the goals and objectives to support hammering a small finishing nail using a
service improvement activities, an organization sledgehammer.
may have to purchase and install new technology
to support the gathering and processing of the When the data is finally presented (Step 6) without
data and/or hire staff with the required skills sets. going through the rest of the steps, the results
appear incorrect or incomplete. People blame
Effective service measures concentrate on a few each other, the vendor, the tools, anyone but
vital, meaningful indicators that are economical, themselves. This step is crucial. A dialogue must
quantitative and usable for the desired results. take place between IT and the customer. Goals
If there are too many measures, organizations and objectives of the target audience must be
may become too intent on measurement and lose identified in order to properly identify what should
focus on improving results. A guiding principle is be measured and what can be measured.
to measure that which matters most. IT has never
lacked in the measuring area. In fact, many IT Based on the goals of the target audience
organizations measure far too many things that (operational, tactical or strategic) the service
have little or no value. There is often no thought owners need to define what they should measure
or effort given to aligning measures to the business in a perfect world by:
and IT goals and objectives. n Mapping the activities or elements of the service
As part of the measuring process it is important to or service management processes that need to
confirm regularly that the data being collected and be measured
collated is still required and that measurements are n Considering what measurements would indicate
being adjusted where necessary. This responsibility that each service and service management
falls on the owner of each report or dashboard. activity is being performed consistently to
They are the individuals designated to keep the determine the health of the service.
reports useful and to make sure that effective use
Identify the measurements that can be provided
is being made of the results.
based on existing toolsets, organizational culture
The overall step is too often ignored because: and process maturity. Note there may be a gap in
what can be measured compared with what should
n The process does not include this step. Too often
be measured. Quantify the cost and business risk
people start gathering information without
of this gap to validate any expenditures for tools.
asking what should be collected in the first
The actual definition of what you will measure will
place and if we have the capabilities to do the
come from this analysis.
measurements. Often what is going to done
with the data later is not considered. This is When initially implementing service management
common but poor practice. processes do not try to measure everything;
n The IT organization thinks it knows better. rather be selective of what measures will help to
When it comes to data, IT believes, incorrectly, understand the health of a process. Chapter 5 will
that they know the needs of their customers. discuss the use of CSFs, KPIs and activity metrics. A
The reality is that neither the customer nor the major mistake many organizations make is trying
IT organization sits down together to discuss to do too much in the beginning. Be smart about
what should be measured or to identify the what you choose to measure.
purpose of the data in the first place. Even in
organizations where SLAs have been signed,
they often include measurement and reporting
CSI_Chapter_04.indd 7 09/07/2011 09:55

Question: What do you actually want to Question: What can you actually measure?
measure? Answer: Start by listing the tools you currently
Answer: Talk to the business, the customers and have in place. These tools will include service
IT management. Use the service catalogue as management tools, monitoring tools, reporting
your starting point as well as the service level tools, investigation tools and others. Compile a list
requirements (SLRs) of the different customers. of what each tool can currently measure without
This is the place where you start with the end in any configuration or customization.
mind. What you should measure is that which is
Question: Where do you actually find the
important to the business.
information?
Compile a list of what you should measure driven
Answer: The information is found within each
by business requirements. Dont try to cover every
service, process, procedure and work instruction.
single eventuality or possible metric in the world.
The tools are merely a way to collect and provide
Make it simple. The number of items you should
the data. Look at existing reports and databases.
measure can grow rapidly. So too can the number
What data is currently being collected and what
of metrics and measurements.
data is being reported on? (These two things are
Identify and link the following items: often not the same although of course they should
be.)
n Corporate vision, mission, goals and objectives
n IT vision, mission, goals and objectives To produce the final definition of what you will
n CSFs, KPIs, metrics and measurements measure perform a gap analysis between the data
n Service level targets collected and the data being reported on. Report
the gap analysis information back to the business,
n Service provider personnel.
the customers and IT management. It is possible
Inputs include (note some of these can also be that new tools are required or that configuration
input into other steps): or customization is required to be able to measure
what is needed.
n SLRs and targets
n Service review meeting The following are some other potential areas for
n Service portfolio and the service catalogue measurement:
n Vision and mission statements n Service levels As well as normal SLAs targets
n Corporate, divisional and departmental goals we may need to collect availability management
and objectives measures such as mean time to repair (MTTR)
n Legislative requirements and mean time to restore service (MTRS), which
n Governance requirements are also used by problem management.
n Budget cycle n Customer satisfaction Surveys are conducted
n Measurement results and reports, e.g. balanced on a continual basis to measure and track how
scorecard satisfied customers are with the IT organization.
n Customer satisfaction surveys n Business impact Measure what actions are
invoked for any disruption in service that
n Service operation plan
adversely affects the customers business
n Service models
operation, processes or its own customers.
n Service design package
n Supplier performance Whenever an
n Budgeting and accounting requirements organization has entered into a supplier
n Benchmark data relationship where some services or parts of
n Baseline data services have been outsourced or co-sourced it
n Risk assessments and risk mitigation plans. is important to measure the performance of the
supplier.
Every organization may find that they have
n Market performance This ensures the services
limitations on what can actually be measured. If
remain aligned with those being delivered by
you cannot measure something, then it should not
other service providers in the IT service delivery
appear in an SLA.
community.
CSI_Chapter_04.indd 8 09/07/2011 09:55

One of CSIs key sets of activities is to measure, When a new service is being designed or an
analyse and report on IT services and IT service existing one changed, this is a perfect opportunity
management (ITSM) results. Measurements to ensure that what CSI needs to monitor is
produce data, which should be analysed over time designed into the service requirements (see ITIL
to produce a trend. This will tell a story that may Service Design).
be good or bad. It is essential that measurements
This has two main implications:
of this kind have ongoing relevance. What was
important to know last year may no longer be n Monitoring for CSI will change over time. They
pertinent this year. may be interested in monitoring the messaging
service one quarter, and then move on to look
4.1.5.3 Step 3 Gather the data at human resources (HR) systems in the next
quarter.
Key message
n This means that service operation and CSI need
Gathering the data is synonymous with service to build a process which will help them to agree
measurement (see section 5.4). on what areas need to be monitored and for
what purpose.
Gathering data requires having monitoring
in place. Monitoring could be executed using It is important to remember that there are three
technology such as application, system and types of metrics that an organization will need to
component monitoring tools as used in the event collect to support CSI and other process activities:
management process (documented in service n Technology metrics These are often associated
operation) or even be a manual process for certain with component and application-based metrics
tasks. The accuracy and integrity of the data should such as performance, availability etc.
always be maintained. n Process metrics These are captured in the form
Quality is the key objective of monitoring for of CSFs, KPIs and activity metrics for the service
CSI. Monitoring will therefore focus on the management processes. These metrics can
effectiveness and efficiency of a service, process, help determine the overall health of a process.
tool, organization or configuration item (CI). KPIs can help answer key questions on quality,
The emphasis is not on assuring real-time service performance, value and compliance in following
performance; rather it is on identifying where the process. CSI would use these metrics as input
improvements can be made to the existing level of in identifying improvement opportunities for
service, or IT performance. Monitoring for CSI will each process.
therefore tend to focus on detecting exceptions n Service metrics These are the results of the
and resolutions. For example, CSI is not as end-to-end service. Technology metrics are
interested in whether an incident was resolved, but normally used to help compute the service
whether it was resolved within the agreed time, metrics.
and whether future incidents can be prevented.
Question: What needs to be gathered?
CSI is not only interested in exceptions, though. If
Answer: You gather whatever data has been
an SLA is consistently met over time, CSI will also
identified as both needed and measurable. Not
be interested in determining whether that level of
all data is gathered automatically so manual
performance can be sustained at a lower cost or
procedures will have to be implemented as well.
whether it needs to be upgraded to an even better
A lot of data is entered manually by people. It is
level of performance because of changing business
important to ensure that policies are in place to
requirements. CSI may therefore also need access
drive the right behaviour.
to regular performance reports.
As much as possible, you need to standardize the
However since CSI is unlikely to need, or be able
data structure through policies and published
to cope with, the vast quantities of data that are
standards. For example, how do you enter names
produced by all monitoring activity, they will most
in your tools John Smith; Smith, John; or J. Smith?
likely focus on a specific subset of monitoring at
These can be the same or different individuals.
any given time. This could be determined by input
Having three different ways of entering the same
from the business or improvements to technology.
CSI_Chapter_04.indd 9 09/07/2011 09:55

name would slow down trend analysis and severely n Volume To determine the loading and
impede any CSI initiative. throughput on the service management
processes (e.g. number of incidents or number
Question: Where do you actually find the
of changes).
information?
Monitoring is often associated with automated
Answer: IT service management tools, monitoring
monitoring of infrastructure components for
tools, reporting tools, investigation tools, existing
performance such as availability or capacity etc.,
reports and other sources.
but monitoring should also be used for monitoring
Gathering data is defined as the act of monitoring staff behaviour such as adherence to process
and data collection. This activity needs to clearly activities and use of authorized tools, as well as
define: project schedules and budgets.
n Who is responsible for monitoring and Exceptions and alerts need to be considered
gathering the data? during the monitoring activity as they can serve as
n How will the data be gathered? early warning indicators that services are failing.
n When and how often is the data gathered? Sometimes the exceptions and alerts will come
n Criteria to evaluate the integrity of the data. from tools, but they will often come from those
who are using the service or service management
The answers will be different for every processes. These alerts should not be ignored.
organization.
Inputs to gathering the data include:
Service monitoring allows weak areas to be
identified, so that remedial action can be taken (if n New business requirements
there is a justifiable business case), thus improving n Existing SLAs
future service quality. Service monitoring also n Existing monitoring and data capture capability
can show where customer actions are causing the n Plans from other processes, e.g. availability
fault and thus lead to identifying where working management and capacity management
efficiency and/or training can be improved. n The CSI register and existing service
Service monitoring should also address both improvement plans (SIPs)
internal and external suppliers since their n Previous trend analysis reports
performance must be evaluated and managed as n List of what you should measure
well. n List of what you can measure
Service management monitoring helps determine n Gap analysis report
the health and welfare of service management n List of what to measure
processes in the following manner: n Customer satisfaction surveys.
n Process compliance Are the processes being Figure 4.2 and Table 4.2 show the common
followed? Process compliance seeks to monitor procedures to follow in monitoring.
the compliance of the IT organization to the
Note: Monitoring and event management solutions
new or modified service management processes
become, by definition, services in their own
and also the use of the authorized service
right and hence require continual assessment,
management tool that was implemented.
effectiveness reviews, provisioning and change
n Quality How well are the processes working? processes etc.
Monitor the individual or key activities as they
relate to the objectives of the end-to-end Outputs from gathering the data include:
process. n Updated availability and capacity plans
n Performance How fast or slow? Monitor the n Monitoring procedures
process efficiency such as throughput or cycle n Identified tools to use
times.
n Monitoring plan
n Value Is this making a difference? Monitor the
n Input on IT capability
effectiveness and perceived value of the process
n Collection of data
to the stakeholders and the IT staff executing
the process activities. n Agreement on the integrity of the data.
CSI_Chapter_04.indd 10 09/07/2011 09:55

It is also important in this activity to look at the

Define monitoring and data that was collected and ask whether it makes
Task 1
data collection requirements any sense.
Define frequency of monitoring

4.1.5.4 Step 4 Process the data
Task 2
and data collection This step is to convert the data into the required
format and for the required audience. Follow the
Determine tool requirements trail from metric to KPI to CSF, all the way back to
Task 3 for monitoring and the vision if necessary (see Figure 4.1).
data collection
Report-generating technologies are typically
Develop monitoring and used at this stage as various amounts of data
Task 4
data collection procedures are condensed into information for use in the
analysis activity. The data is also typically put into
Develop and communicate a format that provides an end-to-end perspective
Task 5 monitoring and on the overall performance of a service. This
data collection plan activity begins the transformation of raw data into
packaged information. Use the information to
Task 6 Update availability and develop insight into the performance of the service
capacity plans
and/or processes. Process the data into information
(by creating logical groupings), which provides a
Task 7 Begin monitoring and better means to analyse the information and data
data collection the next step in CSI.
Figure 4.2 Monitoring and data collection

procedures
Table 4.2 Monitoring and data collection procedures

Tasks Procedures
Task 1 Based on service improvement strategies, goals and objectives plus the business requirements, determine
what services, systems, applications and/or components as well as service management process activities will
require monitoring.
Specify monitoring requirements.
Define data collection requirements, changes in budgets.
Document the outcome.
Get agreement with internal IT, customers, suppliers as appropriate.
Task 2 Determine frequency of monitoring and data gathering.
Determine method of monitoring and data gathering.
Task 3 Define tools required for monitoring and data gathering.
Build, purchase or modify tools for monitoring and data gathering.
Test the tool.
Install the tool.
Task 4 Write monitoring procedures and work instructions when required for monitoring and data collection.
Task 5 Produce and communicate monitoring and data collection plan.
Get approval from internal IT and external vendors who may be impacted.
Task 6 Update availability and capacity plans if required.
Task 7 Begin monitoring and data collection.
Process data into a logical grouping and report format.
Review data to ensure the data makes sense.
CSI_Chapter_04.indd 11 09/07/2011 09:55

Example of poor data management n What is the frequency of processing the data?
This could be hourly, daily, weekly or monthly.
An organization that was developing some When introducing a new service or service
management information activities asked a management process it is a good idea to
consultant to review the data they had collected. monitor and process in shorter intervals than
The data was for incident management and the longer intervals. How often analysis and trend
service desk. It was provided in a spreadsheet investigation activities take place will drive how
format and when the consultant opened the often the data is processed.
spreadsheet it showed that for the month the
n What format is required for the output? This is
organization had opened approximately 42,000
also driven by how analysis is carried out and
new incidents and 65,000 incidents were closed
ultimately how the information is used.
on the first contact. It is hard to close more
n What tools and systems can be used for
incidents than were opened in other words the
processing the data?
data did not make sense.
n How do we evaluate the accuracy of the
However, all is not lost. Even if the data did processed data?
not make any sense, it provides insight into the
ability to monitor and gather data, the tools There are two aspects to processing data. One
that are used to support monitoring and data is automated and the other is manual. While
gathering, and the procedures for processing both are important and contribute greatly
the raw data into a report that can be used for to the measuring process, accuracy is a major
analysis. When investigating the example above, differentiator between the two types. The accuracy
it was discovered that it was a combination of of the automated data gathering and processing
how data was pulled from the tools plus human is not the issue here. Nearly all CSI-related data
error in inputting the data into a spreadsheet. will be gathered by automated means. Human
There was no check and balance before the data data gathering and processing is the issue. It is
was actually processed and presented to key important for staff to properly document their
people in the organization. compliance activities, to update logs and records.
Common excuses are that people are too busy,
The output of logical groupings could be in that this is not important or that it is not their
spreadsheets, reports generated directly from the job. Ongoing communication about the benefits
service management tool suite, system monitoring of performing administrative tasks is of utmost
and reporting tools, or telephony tools such as an importance. Tying these administrative tasks to job
automatic call distribution tool. performance is one way to alleviate this issue.
Processing the data is an important CSI activity Inputs to processing data include:
that is often overlooked. While monitoring
and collecting data on a single infrastructure n Data collected through monitoring
component is important, it is also important to n Reporting requirements
understand that components impact on the larger n SLAs
infrastructure and IT service. Knowing that a n OLAs
server was up 99.99% of the time is one thing; n Service catalogue
knowing that no one could access the server is n List of metrics, KPI, CSF, objectives and goals
another. An example of processing the data is
n Report frequency
taking the data from monitoring of individual
n Report template.
components, such as the mainframe, applications,
WAN, LAN, servers etc., and processing it into Figure 4.3 and Table 4.3 show common procedures
a structure of an end-to-end service from the for processing data.
customers perspective.
A flow diagram is nice to look at and gracefully
Key questions that need to be addressed in the summarizes the procedure but it does not contain
processing activity are: all the required information. It is important to
CSI_Chapter_04.indd 12 09/07/2011 09:55

Define processing
Task 1
data requirements
Define frequency of data Process into

Task 2 logical groupings Task 8
processing
Determine format and tool Evaluate for

Task 3 accuracy Task 9
requirements for processing data
Develop processing
Task 4
data procedures
Develop and communicate

Task 5
processing data plan
Update availability and

Task 6
capacity plans
Task 7 Begin processing data
Figure 4.3 Common procedures for processing the data
Table 4.3 Procedures for processing the data

Tasks Procedures
Task 1 Based on strategy, goals and SLAs, define the data processing requirements.
Task 2 Determine frequency of processing the data.
Determine method of processing the data.
Task 3 Identify and document the format of logical grouping of data elements.
Define tools required for processing data.
Build, purchase or modify tools for measuring.
Test tool.
Install tool.
Task 4 Develop processing data procedures.
Train people on procedures.
Task 5 Develop and communicate monitoring plan.
Get approval from internal IT and external vendors who may be impacted.
Task 6 Update availability and capacity plans if required.
Task 7 Begin the data processing.
Task 8 Process into logical groupings.
Task 9 Evaluate processed data for accuracy.
CSI_Chapter_04.indd 13 09/07/2011 09:55

translate the flow diagram in a more meaningful n Are improvements required?

way so that people can understand the procedure n Are there underlying structural problems?
with the appropriate level of detail, including
In this step you apply knowledge to your
roles and responsibilities, timeframes, inputs and
information. Without this, you have nothing more
outputs, and more.
than sets of numbers showing metrics that are
While it is important to identify the outputs of meaningless. It is not enough to simply look at this
each activity such as data and decisions, it is even months figures and accept them without question,
more important to determine the output of the even if they meet SLA targets. You should analyse
procedure, the level of detail, the quality, the the figures to stay ahead of the game. Without
format etc. analysis you merely have information. With analysis
Examples of outputs of processing data from you have knowledge. If you find anomalies or poor
procedures include: results, then look for ways to improve.
n Updated availability and capacity plans It is interesting to note the number of job titles for
IT professionals that contain the word analyst and
n Reports
even more surprising to discover that few of these
n Logical groupings of data ready for analysis.
professionals actually analyse anything. This step
4.1.5.5 Step 5 Analyse the information takes time. It requires concentration, knowledge,
skills, experience etc. One of the major assumptions
and data
is that the automated processing, reporting,
Your organizations service desk has a trend of monitoring tool has actually done the analysis. Too
reduced call volumes consistently over the last four often people simply point at a trend and say, Look,
months. Even though this is a trend, you need to numbers have gone up over the last quarter.
ask yourself the question: Is this a good trend or a However, key questions need to be asked, such as:
bad trend? You dont know if the call reduction is
because you have reduced the number of recurring n Is this good?
errors in the infrastructure by good problem n Is this bad?
management activities or if the customers feel that n Is this expected?
the service desk doesnt provide any value and n Is this in line with targets?
have started bypassing the service desk and going n Are there any side effects (whether positive or
directly to second-level support groups. negative) on any other process, component of
Data analysis transforms the information into the system, or service?
knowledge of the events that are affecting the Combining multiple data points on a graph may
organization. More skill and experience is required look nice but it is important to know what it
to perform data analysis than data gathering means. There is a saying A picture is worth a
and processing. Verification against goals and thousand words; in analysing the data one needs
objectives is expected during this activity. This to ask, Which thousand words? To transform this
verification validates that objectives are being data into knowledge, compare the information
supported and value is being added. It is not from Step 3 against the requirements from Step 2
sufficient to simply produce graphs of various types and what could realistically be measured from this
but to document the observations and conclusions. step.
Question: What do you actually analyse? Be sure also to compare the information with the
Answer: Once the data is processed into clearly defined objectives with measurable targets
information, you can then analyse the results, that were set in the service design, transition and
looking for answers to questions such as: operations lifecycle stages. Seek confirmation
that these objectives and the milestones were
n Are there any clear trends?
reached. If not, have improvement initiatives
n Are they positive or negative trends?
been implemented? If so, then the CSI activities
n Are changes required? start again by gathering data, processing data
n Are we operating according to plan? and analysing data to identify if the desired
n Are we meeting targets? improvement in service quality has been achieved.
CSI_Chapter_04.indd 14 09/07/2011 09:55

At the completion of each significant stage which customers use what resource, how they
or milestone, conduct a review to ensure the use the resource, when they use the resource
objectives have been met. It is possible here to use and how this impacts the overall performance of
the post-implementation review (PIR) from the the resource. You will also be able to see if there
change management process. The PIR will include is a trend on the usage of the resource over a
a review of supporting documentation and the period of time. From an incremental improvement
general awareness among staff of the refined process this could lead to some focus on demand
processes or service. A comparison is required of management, or influencing the behaviour of
what has been achieved against the original goals. customers.
During the analysis activity, but after the results are Consideration must be given to the skills required
compiled and the trends analysed and evaluated, to analyse from both a technical viewpoint and
it is recommended that internal meetings be held from an interpretation viewpoint.
within IT managers to review the results and
When analysing data, it is important to seek
collectively identify improvement opportunities. It
answers to questions such as:
is important to have these internal meetings before
you begin presenting and using the information, n Are operations running according to plan?
which is the next activity of CSI. IT is a key player in This could be a project plan, financial plan,
determining how the results and any actions items availability plan, capacity plan or even an IT
are presented to the business. service continuity management (ITSCM) plan.
n Are targets defined in SLAs or the service
This puts IT in a better position to formulate a
catalogue being met?
plan of presenting the results and any action
items to the business and senior IT management. n Are there underlying structural problems that
Throughout this publication the terms service and can be identified?
service management have been used extensively. n Are improvements required?
IT is too often focused on managing the various n Are there any trends? If so, what are the trends
systems used by the business, often (but incorrectly) showing? Are they positive trends or negative
equating service and system. A service is actually trends?
made up of systems as well as other entities such n What is leading to or causing the trends?
as people and suppliers. Therefore if an IT service
Reviewing trends over a period of time is another
provider wants to be perceived as a key player,
important task. It is not good enough to see a
it must move from a systems-based organization
snapshot of a data point at a specific moment in
to a service-based organization. This transition
time, but to look at the data points over a period
will force the improvement of communication
of time. How did we do this month compared
between the different IT silos that exist in many IT
with last month, this quarter compared with last
organizations.
quarter, this year compared with last year?
Performing proper analysis on the data also places
It is not enough only to look at the results; one
the business in a position to make strategic, tactical
needs to look at what led to the results for the
and operational decisions about whether there is a
current period. If we had a bad month, was it
need for service improvement. Unfortunately, the
because of an anomaly? Is this a demonstrable
analysis activity is often not performed. Whether
trend or simply a one-off?
this is because of lack of people with the right skills
and/or simply a lack of time is unclear. What is clear Trends are an indicator that more analysis is
is that without proper analysis, errors will continue needed to understand what is causing it. When a
to occur and mistakes will continue to be repeated. trend goes up or down it is a signal that further
There will be little improvement. investigation is needed to determine if it is positive
or negative.
Data analysis transforms the information into
knowledge of the events that are affecting the Without analysis the data is merely information.
organization. As an example, a sub-activity of With analysis come improvement opportunities.
capacity management is workload management.
This involves analysing the data to determine
CSI_Chapter_04.indd 15 09/07/2011 09:55

Example of the benefits of trend analysis 4.1.5.6 Step 6 Present and use the
information
When one organization started performing trend
analysis activities around incident management, Key message
it discovered that the number of incidents Presenting the information is synonymous with
increased for a one month period every three service reporting (see section 5.7)
months. When staff investigated the cause, they
found it was tied directly to a quarterly release The sixth step is to take our knowledge, which
of an application change. This provided statistical is represented in the reports, monitors, action
data for them to review the effectiveness of plans, reviews, evaluations and opportunities,
their change management and release and and present it to the target audience in a clear,
deployment management processes as well as digestible and timely way. Consider the target
understand the impact each release would have audience; make sure that you identify exceptions
on the service desk with the number of increased to the service, benefits that have been revealed,
call volumes. The service desk was also able to or can be expected. Data gathering occurs at the
begin identifying key skill sets needed to support operational level of an organization. Format this
this specific application. data into knowledge that all levels can appreciate
and gain insight into their needs and expectations.
Example of different ways of interpreting trends This stage involves presenting the information
A change manager communicates that the in a format that is understandable, at the right
change management process is doing well level, provides value, notes exceptions to service,
because the volume of requests for changes has identifies benefits that were revealed during
steadily decreased. Is this positive or negative? If the time period, and allows those receiving
problem management is working well, it could the information to make strategic, tactical and
be positive as recurring incidents are removed, operational decisions. In other words, present the
therefore fewer changes are required as the information in the manner that makes it the most
infrastructure is more stable. However, if users useful for the target audience.
have stopped submitting requests for changes Most organizations create reports and present
because the process is not meeting expectations, information to some extent or another; however,
the trend is negative. it is often not done well. Many organizations
Throughout CSI, assessment should identify simply take the gathered raw data (often straight
whether targets were achieved and, if so, whether from the tool) and report it to everyone, without
new targets (and therefore new KPIs) need to necessarily processing or analysing the data. The
be defined. If targets were achieved but the report should emphasize and ideally highlight
perception has not improved, then new targets areas where the recipient needs to take action.
may need to be set and new measures put in place The other issue often associated with presenting
to ensure that these new targets are being met. and using information is that it is overdone.
When analysing the results from process metrics Managers at all levels are bombarded with too
keep in mind that a process will only be as efficient many emails, too many meetings, too many
as its limited bottleneck activity. So if the analysis reports. The reality is that the managers often
shows that a process activity is not efficient and dont need this information or, at the very least,
continually creates a bottleneck then this would not in that format. It is often unclear what role the
be a logical place to begin looking for a process manager has in making decisions and providing
improvement opportunity. guidance on improvement programmes.
Inputs include: As we have discussed, CSI is an ongoing activity

of monitoring and gathering data, processing
n Results of the monitored data
the data into logical groupings, and analysing it
n Existing KPIs and targets in order to meet targets, and identify trends and
n Perceptions from customer satisfaction surveys improvement opportunities. There is no value in all
etc. the work done to this point if we dont do a good
CSI_Chapter_04.indd 16 09/07/2011 09:55

job of presenting our findings and then using them What the business really wants to understand
to make decisions that will lead to improvements. is the number of outages that occurred and the
Begin with the end in mind is habit number 2 duration of the outages with an analysis describing
in Stephen Coveys The Seven Habits of Highly the impact on the business processes, in essence,
Effective People.3 Even though the book is about unavailability expressed in a commonly understood
personal leadership, the habit holds true with measure time. Of course what the business is
presenting and using information. In addition really interested in is what the service provider is
to understanding the target audience, it is also going to do to prevent it happening again.
important to understand the purpose of any Now more than ever, IT managers must invest the
information being presented. If the purpose and time to understand specific business goals and
value cannot be articulated, then it is important to translate IT metrics to reflect an impact against
question if it is needed at all. these goals. Businesses invest in tools and services
There are usually four distinct audiences: that affect productivity, and support should be
one of those services. The major challenge, and
n The customers Their real need is to understand one that can be met, is to communicate effectively
whether IT delivered the service they promised the business benefits of a well-run IT support
at the levels they promised and, if not, what group. The starting point is a new perspective on
improvements are being implemented to goals, measures, reporting and how IT actions
improve the situation. affect business results. You will then be prepared
n Senior IT management This group is often to answer the question: How does IT help to
focused on the results surrounding CSFs and generate value for your company?
KPIs, such as customer satisfaction, actual
versus plan, and costing and revenue targets. Although most reports tend to concentrate on
Information provided at this level helps areas where things are not going as well as hoped
determine strategic and tactical improvements for, do not forget to report on the good news
on a larger scale. Senior IT management often as well. A report showing improvement trends
wants this type of information provided in the is IT services best marketing vehicle. It is vitally
form of a balanced scorecard or IT scorecard important that reports show whether CSI has
format to see the big picture at one glance. actually improved the overall service provision
and, if it has not, the actions taken to rectify the
n Internal IT This group is often interested in
situation.
KPIs and activity metrics that help them plan,
coordinate, schedule and identify incremental Figure 4.4 is an example of an SLA monitoring
improvement opportunities. chart that provides a visual representation of an
n Suppliers This group will be interested in organizations ability to meet defined targets over
KPIs and activity metrics related to their own a period of months.
services and performance. Suppliers may also be These are some of the common problems
targeted with improvement initiatives. associated with the presenting and reporting
Often there is a gap between what IT reports and activity:
what is of interest to the business. IT is famous n Everyone (business, senior management and IT
for reporting availability in percentages such managers) gets the same report.
as 99.85% available. In most cases this is not
n The format is not what people want. It is
calculated from an end-to-end perspective but
important to understand the audience and how
only considers mainframe or server availability or
they like to receive information. Some like the
application availability; it often doesnt take into
information in text format, some in graphs,
consideration LAN/WAN or desktop downtime. In
some in pie charts etc. It is hard to please
reality, most people in IT dont know the difference
everyone, but getting agreement on the report
between 99.95% and 99.99% availability, let alone
format is a step in the right direction.
other people in the business. Yet reports continue
to show availability achievements in percentages. This is why many organizations are moving to
a balanced scorecard or IT scorecard concept.
3 Covey, S. (1989). The Seven Habits of Highly Effective People. Free Press,
New York. This concept can start at the business level, then
CSI_Chapter_04.indd 17 09/07/2011 09:55

Period
January February March April May June July August
Target
Target Target Target

met breached threatened
Figure 4.4 Service level achievement chart
the IT level, and then functional groups and/or n Duration of outages for each service, e.g.
services within IT. Service 1 outages lasted 179 minutes
n Lack of an executive summary the executive n The impact of the outages to each business,
summary should discuss the current results, e.g. Business 1 uses five services; there were
what led to the results and what actions have or 11 outages, whose total duration was 1,749
will be taken to address any issues. minutes. During this time the business was
n Reports are not linked to any baseline, IT unable to generate revenue.
scorecard or balanced scorecard.
Inputs include:
n Too much supporting data is provided.
n Reports are presented in terms that are not n Collated information
understandable. For example, availability is n Format details and templates etc.
reported in percentages when the business n Stakeholder contact details.
often is interested in knowing the number,
Note: The results from Step 6 may indicate the
duration and impact of outages.
need for improvement initiatives. In all such cases
The resources required to produce, verify and use the CSI register to document the requirements
distribute reports should not be underestimated. and initiatives.
Even with automation, this can be a time-
consuming activity. 4.1.5.7 Step 7 Implement improvement
When measuring and reporting, IT managers need Use the knowledge gained and combine it with
to shift from their normal way of reporting to a previous experience to make informed decisions
more business view that the business can really about optimizing, improving and correcting
understand. As discussed above, the traditional IT services. Managers need to identify issues and
approach on measuring and reporting availability is present solutions.
to present the results in percentages, but these are This stage may include any number of activities
often at a component level and not at the service such as approval of improvement activities,
level. Availability when measured and reported prioritization and submitting a business case,
should reflect the experience of the customer. integration with change management, integration
Below are the common measurements that are with other lifecycle stages, and guidance on how
meaningful to a customer: to manage an ongoing improvement project
n Number of outages on each service, e.g. there successfully, and on checking whether the
were two outages this month on Service 1 improvement actually achieved its objective.
CSI_Chapter_04.indd 18 09/07/2011 09:55

Example of poor advice training and documentation are required to

move a new or improved service, tool or service
An organization hired an expensive consulting management process into production.
firm to assess the maturity of the processes
against the ITIL framework. The report from Example of improvement being implemented
the consulting organization had the following A financial organization with a strategically
observation and recommendation about the important website continually failed to meet
incident management process: its operational targets, especially with regard
The help desk is not doing incident management to the quality of service delivered by the site.
the way ITIL does. Our recommendation is that The prime reason for this was its lack of focus
you must implement incident management. on the monitoring of operational events,
service availability and response. This situation
The reaction from the customer was simple. They
was allowed to develop until senior business
fired the consulting organization.
managers demanded action from the senior IT
CSI identifies many opportunities for improvement, management. There were major repercussions,
but organizations cannot afford to implement and reviews were undertaken to determine
all of them. As discussed earlier, an organization the underlying cause of the failure to meet an
needs to prioritize improvement activities for its acceptable quality of service. After considerable
goals, objectives, return on investment (ROI), types pain and disruption, an operations group was
of service breaches etc., and document them in identified to monitor this particular service. A
the CSI register. Improvement initiatives can also part of the requirement was the establishment
be externally driven by regulatory requirements, of weekly internal reviews and weekly reports
changes in competition, or even political decisions. on operational performance. Operational
events were immediately investigated whenever
If organizations were implementing improvement
they occurred and were individually reviewed
according to CSI, there would be no need for this
after resolution. An improvement team was
publication. Improvement often takes place in
established, with representation from all areas,
reaction to a single event that caused a (severe)
to implement the recommendations from the
outage to part or all of the organization. At other
reviews and the feedback from the monitoring
times, minor problems are noticed and specific
group. This eventually resulted in considerable
improvements are implemented in no relation
improvement in the quality of service delivered
to the priorities of the organization, thus taking
to the business and its customers.
valuable resources away from real emergencies.
This is common practice but obviously not best Often steps are forgotten or are taken for granted,
practice. or someone assumes that someone else has
completed the step. This indicates a breakdown in
After a decision to improve a service and/or service
the process and a lack of understanding of roles
management process is made, then the service
and responsibilities. The harsh reality is that some
lifecycle continues. A new service strategy may
steps are overdone while others are incomplete or
be defined, service design builds the changes,
overlooked.
service transition implements the changes into
production and then service operation manages There are various levels of management in an
the day-to-day operations of the service and/or organization; when implementing improvements
service management processes. Keep in mind that it is important to understand which level to focus
CSI activities continue through each stage of the their activities on. Managers need to show overall
service lifecycle. performance and improvement. Directors need
to show that quality and performance targets are
Each service lifecycle stage requires resources
being met, while risk is being minimized. Overall,
to build or modify the services and/or service
senior management need to know what is going
management processes, potential new technology
on so they can make informed choices and exercise
or modifications to existing technology, potential
judgement. Each level has its own perspective.
changes to KPIs and other metrics, and possibly
Understanding these perspectives is where
even new or modified OLAs or underpinning
maximum value of information is leveraged.
contracts (UCs) to support SLAs. Communication,
CSI_Chapter_04.indd 19 09/07/2011 09:55

Core business measures

First level of management
IT core strategic measures
IT management process measures Second level of management
Revenue
Third level of management
Market share
Profit
ROI
Balanced scorecard
IT business excellence framework;
EFQM; Malcolm Baldrige; ISO/IEC 20000;
IT operational measures PDCA cycle; ITIL best practices
Fourth level of management
Operational measures within

individual functions and processes,
e.g. service desk, incident,
problem and change, release,
availability, capacity
Cost per transaction
Figure 4.5 First- to fourth-order drivers
Understanding the level your intended audience their skills (and gaps in skills) and identify training
occupies and their drivers helps you present the opportunities are essential in getting these people
issues and benefits of your process in the correct to participate in the processes willingly.
manner. At the highest level of the organization
The four levels of management are shown in Figure
are the strategic thinkers. Reports need to be
4.5.
short, quick to read and aligned to their drivers.
Discussions about risk avoidance, protecting the Inputs include:
image or brand of the organization, profitability n Knowledge gained from presenting and using
and cost savings are compelling reasons to support the information
your improvement efforts.
n Agreed implementation plans (from Step 6)
The second level of management consists of vice n A CSI register for those initiatives that have
presidents and directors. Reports can be more been initiated from other sources.
detailed, but need to summarize findings over
time. Identifying how processes support the Note: Implementing improvement is also discussed
business objectives, early warning around issues in section 5.1.2 and assessments are discussed in
that place the business at risk, and alignment to section 5.2.
existing measurement frameworks that they use
are strong methods you can use to sell the process 4.1.6 Triggers, inputs, outputs and
benefits to them. interfaces
Monitoring to identify improvement opportunities
The third level of management consists of
is and must be an ongoing process. New incentives
managers and high level supervisors. Compliance
may trigger additional measurement activity
to stated objectives, overall team and process
such as changing business requirements, poor
performance, insight into resource constraints and
performance with a process or spiralling costs.
continual improvement initiatives are their drivers.
Measurements and reports need to market how Many inputs and outputs to the process are
these are being supported by the process outputs. documented within the steps discussed earlier but
examples of key inputs include:
Lastly at the fourth level of the hierarchy are
the staff members and team leaders. At a n Service catalogue
personal level, the personal benefits need to be n SLRs
emphasized. Therefore metrics that show their n The service review meeting
individual performance, provide recognition of n Vision and mission statements
CSI_Chapter_04.indd 20 09/07/2011 09:55

n Corporate, divisional and departmental goals the monitoring procedures and criteria to be used
and objectives during and after implementation.
n Legislative requirements It is during the service operation lifecycle stage
n Governance requirements that the actual monitoring of services in the live
n Budget cycle environment takes place. People working in the
n Customer satisfaction surveys service operation functions will play a large part
n The overall IT strategy in the processing activity. Service operation staff
n Market expectations (especially in relation to provide input into what can be measured and
competitive IT service providers) processed into logical groupings, and then process
n New technology drivers (e.g. cloud based the data. Service operation staff would also be
delivery and external hosting) responsible for taking the component data and
processing it in the format to provide a better end-
n Flexible commercial models (e.g. low capital
to-end perspective of the service achievements.
expenditure and high operational expenditure
Service operation staff analyse current results
commercial models, and rental models).
as well as trends over a period of time. Service
4.1.6.1Interfaces operation staff also identify both incremental and
large-scale improvement opportunities, providing
In order to support improvement activities it is
input into what can be measured and processed
important to have CSI integrated within each
into logical groupings. They also perform the
lifecycle stage including the underlying processes
actual data processing.
residing in each lifecycle stage. Each step of the CSI
lifecycle will be involved in every one of the other The seven-step improvement process receives
lifecycle stages. and collects the data as an input. If there is a CSI
functional group within an organization, it can be
Examples include monitoring the progress of
the single point for combining all analysis, trend
strategies, standards, policies and architectural
data and comparison of results to targets. This
decisions that have been made and implemented.
group could then review all proposed improvement
Service strategy will also analyse results associated
opportunities and help prioritize the opportunities
with implemented strategies, policies and
and finally make a consolidated recommendation
standards.
to senior management. For smaller organizations,
Within the service design stage, monitoring and this may fall to an individual or smaller group
gathering data are associated with creating and acting as a coordinating point and owning CSI.
modifying services and service management This is a key point. Too often data is gathered in
processes. This part of the service lifecycle also the various technical domains never to be heard of
measures against the effectiveness and ability to again. Designating a CSI group provides a single
measure CSFs and KPIs that were defined through place in the organization for all the data to reside
gathering business requirements. It is during and be analysed.
service design that the definition of what should
be measured is produced. Service design analyses 4.1.7 Role of other processes in gathering
current results of design and project activities. and processing the data (Steps 3
Trends are also noted with results compared
and 4)
against the design goals. Service design also
identifies improvement opportunities and analyses All the ITIL processes have responsibility for
the effectiveness and ability to measure CSFs and continual improvement of the process itself. The
KPIs that were defined when gathering business process metrics will indicate where improvements
requirements. or cost reductions can be made. Some of the key
processes related to general improvement are
Service transition develops and tests the documented below.
monitoring procedures and criteria to be used
during and after implementation. Service 4.1.7.1 Service level management
transition monitors and gathers data on the actual
The SLM process is fully documented in ITIL Service
release into production of services and service
Design. It is important the CSI is involved in the
management processes. Service transition develops
CSI_Chapter_04.indd 21 09/07/2011 09:55

design of SLM and has a constant interface with n SLM is responsible for developing and getting
the SLM team to ensure that measurable targets agreement on OLAs and external UCs that
are created from which to identify potential service require internal or external monitoring.
improvements.
SLM supports the CSI data processing activity by:
The SLM process plays a key role in CSI activities
n Ensuring that the SLAs only incorporate
and supports the seven-step improvement
measurements that truly can be measured and
process by helping to drive what to measure
reported on
and monitoring requirements, and by reporting
service level achievements. This provides input into n Negotiating and documenting OLAs and UCs
CSI activities and helps prioritize improvement that define the required measurements
projects. n Reviewing the results of the processed data
from an end-to-end approach
SLM is essential in any organization so that the
n Helping define the reporting frequency of
levels of IT service needed to support the business
processing and reporting formats.
can be determined and monitoring can be initiated
to identify whether the required service levels are
4.1.7.2 Availability management and
being achieved.
capacity management
If an organization is outsourcing its service
Availability management and capacity
provision to a third party, the issue of service
management support the data processing activities
improvement should be discussed at the outset
of CSI by:
and covered (and budgeted for) in the contract,
otherwise there is no incentive during the lifetime n Providing significant input into existing
of the contract for suppliers to improve service monitoring and data collection capabilities and
targets if they are already meeting contractual tool requirements to meet new data collection
obligations and additional expenditure is needed requirements, and ensuring the availability
to make the improvements. and capacity plans are updated to reflect new
or modified monitoring and data collection
SLM plays a key role in the data gathering activity
requirements
as SLM is responsible for defining not only business
requirements but also ITs capabilities to achieve n Being accountable for the actual infrastructure
them: monitoring and data collection activities that
take place; therefore roles and responsibilities
n SLM needs to look at what is happening with need to be defined and the roles filled with
the monitoring data to ensure that end-to-end properly skilled and trained staff
service performance is being monitored and n Being accountable for ensuring tools are in
analysed. place to gather data
n SLM should also identify who gets the data, n Being accountable for ensuring that the actual
whether any analysis takes place on the monitoring and data collection activities are
data before it is presented, and if any trend consistently performed
evaluation is undertaken to understand the
n Being responsible for processing the data at a
performance over a period of time. This
component level and then working with SLM to
information will be helpful in following CSI
provide service level data
activities.
n Processing data on KPIs such as availability or
n Through the negotiation process with the
performance measures
business, SLM would define what to measure
n Utilizing the agreed reporting formats
and which aspects to report. This would in
turn drive the monitoring and data collection n Analysing processed data for accuracy.
requirements. If there is no capability to
monitor and/or collect data on an item then it
should not appear in the SLA. SLM should be a
part of the review process to monitor results.
CSI_Chapter_04.indd 22 09/07/2011 09:55

4.1.7.3 Event management, incident n Assisting in determining effects of security

management and service desk measures on the data monitoring and collection
Event management, incident management and the from the confidentiality (accessible only to those
service desk support the data processing activities who should), integrity (data is accurate and not
of CSI: corrupted or not corruptible) and availability
(data is available when needed) perspectives
n Through incident management defining n Processing response and resolution data on
monitoring requirements to support event security incidents
and incident detection through automation;
n Creating trend analyses on security breaches
incident management also has the ability to
n Validating success of risk mitigation strategies
automatically open incidents and/or auto-
escalate incidents n Utilizing the agreed upon reporting format
n Through event management automatically n Analysing processed data for accuracy.
monitoring events and producing alerts, some 4.1.7.5 Financial management for IT services
of which may require CSI activities to correct
Financial management for IT services is responsible
n Through event and incident monitoring
for monitoring and collecting data associated with
identifying abnormal situations and conditions,
the actual expenditures versus budget and is able
which helps with predicting and pre-empting
to provide input on questions such as whether
situations and conditions thereby avoiding
costing or revenue targets are on track. Financial
possible service and component failures
management for IT services should also monitor
n By monitoring the response times, repair times, the ongoing cost per service etc.
resolution times and incident escalations
n By monitoring telephony items such as call In addition financial management for IT services
volumes, average speed of answer, call will provide the necessary templates to assist CSI
abandonment rates etc. so that immediate to create the budget and expenditure reports
action can be taken when there is an increase in for the various improvement initiatives as well as
contacts to the service desk; this is important for providing the means to compute the ROI of the
the service desk as a single point of contact; it improvements.
also applies to those service desks that provide
support via email and the web 4.1.8 Role of other processes in analysing
n By processing data on incidents and service the data (Step 5)
requests such as who is using the service desk
4.1.8.1 Service level management
and what is the nature of the incidents
n By collecting and processing data on KPIs such SLM supports the CSI data analysis activity by:
as MTRS and percentage of incidents resolved n Analysing the service level achievements
within service targets compared to SLAs and service level targets
n By processing data for telephony statistics at n Documenting and reviewing trends over
the service desk such as number of inbound/ a period of time to identify any consistent
outbound calls, average talk time, average patterns
speed of answer, abandoned calls etc. n Identifying improvement opportunities
n By utilizing the agreed reporting format n Identifying the need to modify existing OLAs or
n By analysing processed data for accuracy. UCs.
4.1.7.4Information security management 4.1.8.2 Availability management and

Information security management contributes to capacity management
monitoring and data collection by: Availability management and capacity management
support the CSI data analysis activity by:
n Defining security monitoring and data collection
requirements n Analysing and identifying trends on component
n Monitoring, verifying and tracking the levels of and service data
security according to the organizational security n Comparing results with prior months, quarters
policies and guidelines or annual reports
CSI_Chapter_04.indd 23 09/07/2011 09:55

n Identifying the need for updating the requirement corrections or for new updates to, for example,
for improvement in gathering and processing the anti-virus software. Other processes such as
data availability management (recoverability), capacity
n Analysing the performance of components management (capacity and performance) and
against defined technical specifications ITSCM (planning on how to handle crisis) will
n Documenting and reviewing trends over assist in planning longer term. In turn information
a period of time to identify any consistent security management will play a key role in
patterns assisting CSI regarding all security aspects of
improvement initiatives or for security-related
n Identifying improvement opportunities
improvements by:
n Analysing processed data for accuracy.
n Documenting and reviewing security incidents
4.1.8.3 Incident management and for the current time period
service desk n Comparing results with prior results
n Identifying the need for a SIP or improvements
Incident management and service desk support the
CSI data analysis activity by: n Analysing processed data for accuracy.
n Documenting and reviewing incident trends

4.1.9 Role of other processes in
on incidents, service requests and telephony
statistics over a period of time to identify any
presenting and using the
consistent patterns information (Step 6)
n Comparing results with prior months, quarters
4.1.9.1 Service level management
or annual reports
SLM presents information to the business and
n Comparing results with agreed-to levels of
discusses the service achievements for the current
service
time period as well as any longer trends that were
n Identifying improvement opportunities
identified. These discussions should also include
n Analysing processed data for accuracy. information about what led to the results and any
incremental or fine-tuning actions required.
4.1.8.4 Problem management
Overall, SLM:
Problem management plays a key role in the
analysis activity as this process supports other n Conducts consistent service review meetings
processes in identifying trends and performing root (internal and external)
cause analysis. Problem management is usually n Supports the preparation of reports
associated with reducing incidents, but a good n Updates the SLA monitoring (SLAM) chart
problem management process is also involved in n Provides input into prioritizing improvement
helping define process-related problems as well as activities.
those associated with services.
4.1.9.2 Availability management and
Overall, problem management seeks to:
capacity management
n Perform root cause investigation as to what is Availability management and capacity
leading identified trends management support the CSI presentation activity
n Recommend improvement opportunities by:
n Compare results with prior results
n Supporting preparation of the reports
n Compare results to agreed service levels.
n Providing input into prioritizing SIP or
improvements
4.1.8.5 Information security management
n Implementing incremental or fine-tuning
Information security management relies on the activities that do not require business approval.
activities of other processes to help determine
the cause of security related incidents and
problems. Information security management
will submit requests for changes to implement
CSI_Chapter_04.indd 24 09/07/2011 09:55

4.1.9.3 Incident management and service of the CSI register and in building appropriate
desk SIPs to identify and implement whatever actions
are necessary to overcome the difficulties and
Incident management and service desk support the
restore service quality. SIP initiatives may also
CSI presentation activity by:
focus on such issues as training, system testing and
n Supporting preparation of the reports documentation. In these cases, the relevant people
n Providing input into prioritizing SIPs or need to be involved and adequate feedback given
improvements to make improvements for the future. At any time,
n Implementing incremental or fine-tuning a number of separate initiatives that form part
activities that do not require business approval. of the SIP may be running in parallel to address
difficulties with a number of services.
4.1.9.4 Problem management Some organizations have established an annual
Problem management supports the CSI budget line held by SLM from which SIP initiatives
presentation activity by: can be funded.
n Providing input into service improvement If an organization is outsourcing delivery of service
initiatives and prioritizing improvement to a third party, the issue of service improvement
initiatives should be discussed at the outset and covered (and
n Supporting preparation of the reports budgeted for) in the contract, otherwise there is no
n Providing input into prioritizing SIP or incentive during the lifetime of the contract for the
improvements supplier to improve service targets.
n Implementing incremental or fine-tuning
activities that do not require business approval. 4.1.11 Information management
As indicated in the activities, the information
4.1.10 Role of other processes in required to understand what needs to be improved
implementing improvement and by how much and when comes from many
sources. It is important that to get a full and clear
(Step 7)
picture we gather and analyse all information.
4.1.10.1 Change management Some important examples are:
When CSI determines that an improvement to a n The service catalogue

service is warranted, a request for change (RFC) n SLRs
must be submitted. The RFC will be prioritized and n Monitored and reported SLA targets
categorized according to policies and procedures n Service knowledge management system (SKMS)
defined in the change management process. and configuration management system (CMS)
Release and deployment management, as a part n Process metrics
of service transition, is responsible for moving this
n Customer satisfactory surveys
change to the live environment. Once the change
n Complaints and compliments
is implemented, CSI is part of the PIR to assess the
success or failure of the change. All non-standard n All data, information, knowledge produced by
changes should be assessed by staff involved in CSI. the process itself.
Much of the data and information will be

4.1.10.2 Service level management initially gathered and held in technology-specific
The SLM process often generates a good starting repositories but will need to be summarized and
point for identifying improvement opportunities held as part of the SKMS for analysis and reporting
and the service review process may drive this. purposes.
Where an underlying difficulty that is adversely
impacting service quality is identified, SLM should, 4.1.12 Critical success factors and key
in conjunction with problem management and performance indicators
availability management, log an improvement The following list includes some sample CSFs
opportunity in the CSI register. SLM will then be for the seven-step improvement process. Each
involved in the later review and prioritization organization should identify appropriate CSFs
CSI_Chapter_04.indd 25 09/07/2011 09:55

based on its objectives for the process. Each sample 4.1.13 Challenges and risks
CSF is followed by a typical KPI that supports the Challenges facing organizations when
CSF. These KPIs should not be adopted without implementing CSI include getting the required
careful consideration. Each organization should resources to implement and run the process,
develop KPIs that are appropriate for its level of and gathering the right level of data and having
maturity, its CSFs and its particular circumstances. the tools to manipulate it. Another challenge is
Achievement against KPIs should be monitored and to get the willingness of the IT organization to
used to identify opportunities for improvement, approach CSI in a consistent and structured way.
which should be logged in the CSI register for The challenge is to make that IT manager realize
evaluation and possible implementation. that there is another way, and get commitment
Note that because of the nature of the seven- from management to approach it in that better
step improvement process, it has to be applied way. Another challenge is obtaining sufficient
to appropriate processes, activities, technology, information from the business regarding
organizational structure, people and partners for improvement requirements and cost reductions. A
the benefits to be realized. This means that the further challenge is persuading suppliers to include
KPIs used to judge the success of the seven-step improvement in their contractual agreements; this
improvement process are actually the KPIs from the is especially relevant for outsourced services.
other lifecycle stages and processes to which it has There are several risks that could prevent CSI from
been applied. As a result the examples given here achieving the overall desired effect:
come from other areas.
n No formalized approach to CSI and initiatives
n CSF All improvement opportunities identified being taken on randomly in an ad-hoc manner
KPI Percentage improvement in defects; n Insufficient monitoring and analysis to identify
for example, 3% reduction in failed changes; the areas of greatest need
10% reduction in security breaches
n Staff attitude such as We have always done it
n CSF The cost of providing services is reduced this way and it has always been good enough
KPI Percentage decrease in overall cost n Inability to make the business case for
of service provision; for example, 2.5% improvement and therefore no funding for
reduction in the average cost of handling improvement initiatives
an incident; 5% reduction in the cost of
n Lack of ownership or loss of ownership
processing a particular type of transaction
n Too much focus on IT improvements without
n CSF The required business outcomes from IT
clear understanding of business needs and
services are achieved
objectives.
KPI A 3% increase in customer satisfaction
with the service desk; 2% increase in
customer satisfaction with the warranty
offered by the payroll service.
CSI_Chapter_04.indd 26 09/07/2011 09:55

Continual service
improvement methods
and techniques 5
09/07/2011 10:11
CSI_Chapter_05.indd 2 09/07/2011 10:11
| 73
5 Continual service improvement methods

and techniques
5.1 METHODS AND TECHNIQUES including costs associated with managing it. If
(part of) IT is outsourced, the external provider
A wide variety of methods and techniques can
costs should be included here too.
be used in the continual service improvement
n Tooling cost Purchase, licences, installation and
(CSI) activities ranging from soft and vague to
configuration, maintenance costs of hardware,
factual and scientific, often providing either
software and other equipment specifically used
both or a mixture of qualitative and quantitative
for the measurement activities. Tools could be
measurement results. To ensure consistency of
a cost on the provider, which they will pass on
execution and effective measurement, especially
back to you.
for the activities of gathering and processing
data, the techniques and methods that are used n Training cost Cost of training and coaching
should be clearly documented in advance and staff in the use of measurement methods,
communicated to the staff who will be responsible techniques, tools and procedures.
for their execution. To increase the trustworthiness n Expertise cost Payments to hired experts and
of the factual data delivered to these processes it consulting firms, typically for the planning,
may be required for these processes to be audited implementation and maintenance activities
for compliance to the agreed and prescribed pertaining to the measurement framework.
methods and techniques. Also includes the out-of-pocket costs of
acquiring information used in the measurement
An effective choice of methods and techniques framework that is not in the possession of the
for the analysis, presentation and use of the organization itself such as benchmarking data.
measurement information is highly dependent
on the particular circumstances in which these When deciding whether the measurement
tasks are performed and can generally not be framework is worth the effort, consider the
documented in advance. A goal-oriented attitude amounts to spend on:
and professional expertise and education of the n Implementation Initial costs of the
individuals are required. measurement framework, and if it changes.
In practice these types of costs can be reliably
5.1.1 Effort and cost estimated and controlled by using a project-
CSI improvement activities can require a considerable oriented approach.
amount of effort and money for larger-scale n Operation The level of costs associated with
improvement projects to minimal time and effort the operation of the measurement framework is
for some incremental improvements. If the effort is largely fixed as a result of the way it is designed
going to be costly then the organization, both IT and and equipped.
the business, has to ask whether it is worth it. So n Maintenance The level of these types of cost
the business case including an analysis of the return depends mainly on the expected rate at which
on investment (ROI) will have to be made. the measurement framework will require
adaptation to changing circumstances and on
Lets first look at the costs of implementing and
the quality of its implementation.
operating a measurement framework for IT service
provision. Possible major cost topics are: 5.1.2 Implementation review and
n Labour cost Salaries of the organizations evaluation
staff who are involved in implementing the Implementation review and evaluation is
measurement framework or who spend effort key to determining the effectiveness of a CSI
on performing one of the activities in operating improvement programme. Some common
or maintaining the measurement framework, questions for review include:
CSI_Chapter_05.indd 3 09/07/2011 10:11

74 | Continual service improvement methods and techniques
n Were we correct in our assessment of the current n Project management such as planning,
situation and in defining the problem statement? performance, timeliness of achieving results and
n When defining the goals for improving IT milestones, amount of replanning
services did we commit to the right goals? n Adequacy of methods and techniques used
n When developing our strategy for improving the n Problems, bottlenecks, causes of progress
use and management of IT services, did we make performance problems, improvements and
the right choices and take the right decisions? changes
n When implementing our strategy, did we do it n Communication, information gathering,
right? reporting.
n In the new situation, have we improved the
provision of IT services? 5.2 ASSESSMENTS
n And finally, what are the lessons learned and Assessments are the formal mechanisms for
where are we now? comparing the operational process environment
Review and evaluation of a CSI initiative fall within to the performance standards for the purpose
two broad categories: of measuring improved process capability and/or
n Issues closely tied to the original problem to identify potential shortcomings that could be
situation for IT service provision to the business addressed. The advantage of assessments is they
and ensuing business aims and strategy for the provide an approach to sample particular elements
improvement thereof of a process or the process organization which impact
the efficiency and the effectiveness of the process.
n Issues in relation to the planning, implementation
and proceedings of the IT improvement Just by conducting a formal assessment an
programme itself and associated projects such as organization is demonstrating its significant level
measurements, problems, actions and changes. of commitment to improvement. Assessments
involve real costs, staff time and management
The issues in the first category are closely related
promotion. Organizations need to be more than
to the characteristics of the original problem
just involved in an assessment; they need to be
situation, following which staff instigated the
committed to improvement.
actions for understanding and improvements.
These actions will therefore include: Comparison of the operational environment to
n The ability of IT services to meet business needs industry norms is a relatively straightforward
n Business satisfaction with the service provision process. The metrics associated with industry norms
are typically designed into the process control
n Business benefits in the area of productivity,
structure. Sampling and comparison then can be
effectiveness, efficiency and economy
considered an operational exercise. Dealing with
n Financial issues such as understanding the costs
gaps apparent from such monitoring and reporting
of IT service provision, control of IT costs to the
are addressed as an element of the check stage of
business, and accountability of IT costs to the
the improvement lifecycle. An assessment based on
business
comparison to a maturity model has been common
n The quality of IT service provision and support over the last few years.
of IT use
n Communication between the business and A well-designed maturity assessment framework
IT service provider and the degree of mutual evaluates the viability of all aspects of the process
understanding environment including the people, process and
technology as well as factors affecting overall
n The degree of understanding and control of
process effectiveness within the business culture
the management of the IT infrastructure and IT
of acceptance, process strategy and vision, process
service provision on the part of the business.
organization, process governance, business/IT
For the second category the following issues should alignment, process reporting/metrics and decision-
be reviewed and evaluated: making. The balance of this section focuses on
n Costs of staff involved in the improvement this form of assessment. However the principles
programme and costs of implementing and of maturity assessment can easily be extended to
maintaining the measurement framework assessments based on industry norms.
CSI_Chapter_05.indd 4 09/07/2011 10:11

Continual service improvement methods and techniques | 75
The initial step in the assessment process is to guidelines of the process framework which
choose (or define) the maturity model and in turn defines the subject process.
the maturity attributes to be measured at each n People, process and technology Extend the
level. A suggested approach is to turn to the best- process assessment to include assessment of the
practice frameworks such as Capability Maturity organizational structure, skills, roles and talents
Model Integration (CMMI), Control OBjectives for of the managers and practitioners of the process
Information and related Technology (COBIT), ISO/ as well as the ability of the process-enabling
IEC 20000 or the process maturity framework. technology deployed to support the objectives
These frameworks define maturity models directly and transaction state of the process.
or a model can be inferred. The frameworks are n Full assessment Extend the people, process
also useful in the definition of process maturity and technology assessment to include an
attributes. assessment of the culture of acceptance within
the organization, the ability of the organization
5.2.1 When to assess to articulate a process strategy, the definition
Assessments can be conducted at any time. A way of a vision for the process environment as an
to think about assessment timing is in line with the end state, the structure and function of the
improvement lifecycle: process organization, the ability of process
governance to assure that process objectives
n Plan (project initiation) Assess the targeted
and goals are met, the business/IT alignment
processes to form the basis for a process
via a process framework, the effectiveness of
improvement project. Processes can be of many
process reporting/metrics, and the capability
configurations and design, which increases the
and capacity of decision-making practices to
complexity of assessment data collection.
improve processes over time.
n Plan (project midstream) A check during
process implementation or improvement All these factors are compared to the maturity
activities serves as validation that process project attributes of the selected maturity model.
objectives are being met and, most importantly,
Assessments can be conducted by the sponsoring
provides tangible evidence that benefits are
organization or with the aid of a third party. The
being achieved from the investment of time,
pros and cons of these differing approaches are
talent and resources to process initiatives.
listed in Table 5.1. The advantages of conducting
n Do/check (process in place) Upon the a self-assessment is the reduced cost and the
conclusion of a process project, it is important intellectual lift associated with learning how to
to validate the maturation of process and the objectively gauge the relative performance and
process organization through the efforts of progress of an organizations processes. Of course
the project team. In addition to serving as a the downside is the difficulty associated with
decisive conclusion for a project, scheduling remaining objective and impartial during the
periodic reassessments can support overall assessment.
organizational integration and quality efforts.
The pitfall of a lack of objectivity can be eliminated
by using a third party to conduct the assessment.
5.2.2 What to assess and how
There are a number of public mini-assessments
The assessments scope is one of the key decisions. that are available on various websites, which
Scope should be based on the assessments provide a general perspective of maturity. However
objective and the expected future use of service a more detailed assessment and resulting report
and process assessments and assessment reports. can be contracted through a firm specializing in an
Assessments can be targeted broadly at those assessment practice. Balancing against the obvious
processes currently implemented or focused increased cost of a third-party assessment is the
specifically where known problems exist within objectivity and experience of an organization that
the current process environment. There are three performs assessments regularly.
potential scope levels:
Whether conducted internally or externally, the
n Process only Assessment only of process assessment should be reported using the levels
attributes based on the general principles and of the maturity model. A best-practice reporting
CSI_Chapter_05.indd 5 09/07/2011 10:11

Table 5.1 Pros and cons of assessment approaches

Pro Con
Using external resources for assessments
Objectivity Cost
Expert ITIL knowledge Risk of acceptance
Broad exposure to multiple IT organizations Limited knowledge of existing environments
Analytical skills Improper preparation affects effectiveness
Credibility May not be there to see it through to the end witness
the results, good or not
Minimal impact to operations
Performing self-assessments
No expensive consultants Lack of objectivity (internal agendas)
Self-assessments available for free Little acceptance of findings
Promotes internal cooperation and communication Internal politics
Good place to get started Limited knowledge or skills
Internal knowledge of environment Resource intensive
Can repeat exercise in future at minimal cost, using newly Inability to see the wood for the trees; assessment often
acquired skills needs a fresh set of eyes
Detracts from the day job; unless back-filled could
inadvertently reduce service effectiveness and efficiency
during assessment
method is to communicate assessment results in a n Using a common or universally accepted

graphical fashion. Graphs are an excellent tool as maturity framework, applied to a standard
they can fulfil multiple communication objectives. process framework, can serve to support
For instance, graphs can reflect changes or trends comparing company process maturity to
of process maturity over time or reflect comparison industry benchmarks.
of the current assessment to standards or norms.
The risks include:
5.2.3 Advantages and risks of n An assessment provides only a snapshot in time
assessments of the process environment. Therefore it may not
The advantages include: reflect current business or cultural dynamics and
process operational issues.
n They can provide an objective perspective of
the current operational process state compared n If the decision is to outsource the assessment
with a standard maturity model and a process process, the assessment and maturity framework
framework. Through a thorough assessment, can be vendor or framework dependent. The
an accurate determination of any process gaps proprietary nature of vendor-generated models
can be quickly completed, recommendations put may make it difficult to compare to industry
forward and action steps planned. standards.
n A well-planned and well-conducted assessment n The assessment can become an end in
is a repeatable process. Thus the assessment itself rather than the means to an end. Rather
is a useful management process in measuring than focusing on improving the efficiency and
progress over time and in establishing effectiveness of processes through process
improvement targets or objectives. improvement, organizations can adopt a mindset
of improving process for the sake of achieving
maturity targets.
CSI_Chapter_05.indd 6 09/07/2011 10:11

Business process
IT processes
IT service IT service IT service
IT system IT system
Logical
Physical
IT IT IT IT
component component component component
IT IT IT
component component component
Figure 5.1 The relationship of services, processes and systems
n Assessments are labour-intensive efforts. In the CSI journey, the decisions on what to
Resources are needed to conduct the improve are critical to the overall results that can
assessments in addition to those responding be achieved. Any discussion on improvements
such as process or tool practitioners, has to begin with the services being provided to
management and others. When preparing the business. This could lead to improvements
for an assessment, an honest estimate of time on the service itself or to process improvements
required from all parties is in order. supporting the business service.
n Assessments attempt to be as objective as Improvement activities require the investment of
possible in terms of measurements and human, financial and technological resources in the
assessment factors, but ultimately assessment quest for continual improvement. These resources
results are still subject to the opinion of are allocated from other uses (e.g. customer
assessors. Thus assessments themselves are support initiatives, new product development) to
subjective and the results can have a bias based the improvement work. The business rationalizes
on the attitudes, experience and approach of decisions to allocate resources on the basis of
the assessors themselves. the greatest ROI or value on investment (VOI).
Assessments are an effective method of answering An important consideration then becomes
the question Where are we now? Understanding understanding and articulating improvement
how an existing service is performing, or how needs and the benefits of improvement.
effective and efficient service management
The goal of service improvement for an
processes are, is important for identifying the gap
organization is two-fold:
between where we are and where we want to
be. As we begin our discussion of assessments, we n First, the organization seeks to achieve service
need to look at the relationship between business objectives in a cost-efficient manner. The
processes, IT services, IT systems and components objectives can (and should) be linked to the
that make up an IT system. IT service management overall strategy of the business. The efficiency
processes support the IT services, IT systems and issue for an organization is determining that
components. CSI will need to review the results the process is achieving its objectives with the
of each one of these areas for effectiveness and most cost-efficient use of resources. There is
efficiency. This will help identify the areas for potential for cost savings through elimination
improvement. This relationship is shown in of unnecessary, redundant, overlapping or
Figure 5.1. manual process activities and procedures, which
CSI_Chapter_05.indd 7 09/07/2011 10:11

in turn can be a significant benefit driver for 5.2.4 Value of processes versus maturity
justifying a process improvement. of processes
n Second, the organization identifies those
Figure 5.2 illustrates the value of a process
elements of process that detract from meeting
in comparison to its maturity. For service
service objectives effectively. Effectiveness
management process improvement projects, one of
relates to the ability of the process to achieve
the questions asked should be on how mature we
or exceed its principles and goals. In other
need our processes to be. The answer to this is tied
words, a process would be considered effective
directly back to the business. In other words how
if, through the implementation of the process,
important is a process to the business.
the organization meets, sustains and potentially
exceeds the strategic goals and tactical Let us say that a particular organization has
objectives of the organization. Thus service gone through an assessment and found that
improvements focus on addressing perceived three key processes, service level management
or measurable process deficiencies, impacting (SLM), availability management and capacity
specific organizational objectives, and can be management, shown in Figure 5.2, are not very
quantified as delivered improvement benefits. mature. This particular organization is changing
its strategy for selling and delivering products
Service improvements are governed by the and services to a web-based strategy. Because
improvement lifecycle, which is modelled on the of the importance of capacity management and
PDCA cycle of Plan, Do, Check, Act (see Figures availability management to any organization
3.2 and 3.1 for the CSI approach and Chapter 4 that provides products and services over the web,
for interfaces with the seven-step improvement this company has to implement an improvement
process). The model establishes a clear pattern for programme for increasing the maturity of both
continual improvement efforts: processes. Without any improvement initiatives
n Plan Establishes goals for improvement this particular organization is putting itself at
including gap analysis, and defines action steps risk. We have all read about companies that have
to close the gap and establish and implement experienced larger than planned for usage and
measures to ensure that the gap has been how they often create catastrophic results for
closed and benefits achieved. organizations. The lack of proper capacity planning
n Do Development and implementation of a has in many cases created availability issues that
project to close the gap. Implementation or have shut down an organizations ability to sell its
improvement of processes and establishing the products.
smooth operation of the process. Having a low SLM process maturity also will create
n Check Comparison of the implemented some issues for CSI activities. How do we know
environment to the measures of success the new business requirements? What is currently
established in the Plan phase. The comparison being monitored and how well are we doing
determines if a gap still exists between the against targets? Do we have roles identified for
improvement objectives of the process and the reporting and analysing data?
operational process state. Gaps dont necessarily
The maturity of a process should ideally fall in
require closure. A gap may be considered
the safe areas. If a process is immature but the
tolerable if the actual performance is within
business heavily depends on it there is a significant
allowable limits of performance.
danger to the organization. If a process is very
n Act The decision process to determine if
mature yet provides very little to the business, then
further work is required to close remaining
an organization may be over-investing resources
gaps, and allocation of resources necessary to
and money. When CSI is looking at improving
support another round of improvement. Project
processes in support of IT services, understanding
decisions at this stage are the input for the next
the value of processes to a business is critical.
round of the lifecycle, closing the loop as input
in the Plan phase.
CSI_Chapter_05.indd 8 09/07/2011 10:11

Additional considerations
Added business value
Ability to implement
Quick gains
High value Costs
Resources
Area where the RISK! Competing projects
Culture
business runs
high risks CAP Etc.
Value of AM
IT processes
to the
business SLM
Largely overdoing IT
in relation to the
low value of IT to
the business
Low
value
1 2 3 4 5
Low Maturity of IT processes High
Figure 5.2 The value of a process versus the maturity of a process
5.2.5 Gap analysis required to achieve a particular goal (e.g. how to

Gap analysis is a business assessment tool enabling bring a service from a maturity level of 2 to 3).
an organization to compare where it is currently
and where it wants to go in the future. This 5.3 BENCHMARKING
provides the organization with insight to areas
Benchmarking is a specific type of assessment
that have room for improvement. This can be
and is a process used in management, particularly
used to determine the gap between What do we
strategic management, in which organizations
want? and What do we need?, for example.
evaluate various aspects of their processes in
The process involves determining, documenting relation to best practice, usually within their
and approving the variance between business own sector. This then allows organizations to
requirements and current capabilities. Gap analysis develop plans on how to adopt such best practice,
naturally flows from benchmarking or other usually with the aim of increasing some aspect of
assessments such as service or process maturity performance. Benchmarking may be a one-time
assessments. Once the general expectation of occurrence, but it is often treated as a continuous
performance is understood, then it is possible process in which organizations continually seek to
to compare that expectation with the level of challenge their practices.
performance at which the company currently
Organizations have a growing need to get a clear
functions. This comparison becomes the gap
view on their level of quality and performance
analysis, which can be performed at the strategic,
compared with that of their competitors and in the
tactical or operational level of an organization.
eye of their customers. It isnt sufficient any more
Gap analysis can be conducted from different to have internal self-assessment reports on the
perspectives such as: status of IT performance; it is equally important
n The organization, including organizational to test and compare it with the view the market
structure and capabilities of the people has on the performance of the organization. A
positive result of this test and comparison can
n Business direction
give a competitive edge to the organization in
n Business processes
the marketplace and generates trust with its
n Information technology. customers. The results of benchmarking and self-
Gap analysis provides a foundation for how much assessments lead to identification of gaps in terms
effort in time, money and human resources is of people, process and technology. A benchmark
CSI_Chapter_05.indd 9 09/07/2011 10:11

can be the catalyst to initiating prioritization of There is a general expectation that benchmarking
where to begin formal process improvement. The is a process of comparing an organizations
results of benchmarking must clearly display the performance to industry-standard figures. By
gaps, identify the risks of not closing the gaps, and extension, having such benchmark figures
facilitate prioritization of development activities available is often seen as the first hurdle in a
and communication of this information. benchmarking exercise. However, as this section
will show, benchmarks are only relevant when the
Benchmarking is actually a logical sequence
comparison is of the same performance measures
of stages that an organization goes through
or indicators, and is with organizations of similar
to achieve continual improvement in its key
size, industry and geography.
processes. It involves cooperation with others as
benchmarking partners learn from each other
where improvements can be made. It will be
5.3.1 Benchmarking procedure
necessary to: Identify your problem areas. Because
benchmarking can be applied to any business
n Ensure senior management support process or function, a range of research techniques
n Take an external view Bring together business may be required, including:
intelligence and internal performance to draw
conclusions about the way internal resources n Informal conversations with customers,
and processes must be improved to achieve and employees, or suppliers
surpass the performance of others. n Focus groups
n Compare processes, not outputsComparisons n In-depth marketing research
with organizations in the same sector are n Quantitative research
unlikely to identify the significant improvements n Surveys
that have been made elsewhere or overturn the n Questionnaires
conventions of the sector. n Re-engineering analysis
n Involve process owners Their involvement n Process mapping
encourages acceptance and buy-in by those who n Quality control variance reports
will be affected immediately by the changes
n Financial ratio analysis.
which will be required to improve performance.
n Set up benchmarking teams As a
5.3.2 Benchmarking costs
benchmarking culture develops, people will
apply the method as part of the normal way in Benchmarking is a moderately expensive process,
which they manage their work. but most organizations find that it more than pays
for itself. The three main types of costs are:
n Acquire the skills People who undertake
benchmarking require a small amount of n Visit costs This includes travel- and
training and guidance; an experienced in-house accommodation-related expenses for team
facilitator or external consultant will probably members who need to travel to the site.
be required to provide technical assurance n Time costs Members of the benchmarking
and encouragement in the application of the team will be investing time in researching
method. problems, finding exceptional companies to
study, visits and implementation. This will take
Organizations should plan their benchmarking
them away from their regular tasks for part of
process based on their improvement needs,
each day so additional staff might be required.
and should understand that this may require
measurement of other companies. Some cross- n Benchmarking database costsOrganizations
industry figures may be published by the that institutionalize benchmarking into their
international research organizations, but will daily procedures find it is useful to create and
not necessarily include the assumptions and maintain a database of best practices and the
measurements a given organization needs. A companies associated with each best practice.
research organization may, however, be a valuable
benchmarking partner, for example, if target
companies are competitors.
CSI_Chapter_05.indd 10 09/07/2011 10:11

5.3.3 Value of benchmarking 5.3.6 Benchmarking categories

Benchmarking is often used as a driver to make Benchmarking is a tool to identify improvement
changes when the organization is reluctant to opportunities as well as to verify the outcome of
change the way of working. This is discussed in improvement activities. Organizations can conduct
section 5.3.4. internal or external benchmark studies. Improving
service management can be as simple as asking:
To summarize, a benchmark is the basis for:
Are we better today than we were yesterday?,
n Profiling quality in the market and looking at incremental improvements.
n Boosting self-confidence and pride in employees
Here are some benchmarking categories:
as well as motivating and tying employees to
an organization; this is relevant with todays n Internal benchmarks where an organization
staff shortages in the IT industry IT personnel sets a baseline at a certain point in time for the
want to work in a highly efficient, cutting-edge same system or department and measures how
environment it is doing today compared with the baseline
n Trust from customers that the organization is a originally set; this type of benchmark is often
good IT service management provider. overlooked by organizations (service targets are
a form of benchmark)
Optimizing service quality is key to all IT n Comparison with industry norms provided by
organizations to maximize performance and external organizations
customer satisfaction and provide value for money.
n Direct comparisons with similar organizations
Organizations will be required to focus on end
n Comparison with other systems or departments
results and service quality, rather than simply on
within the same company.
their business activities and processes.
5.3.4 Benchmarking as a lever 5.3.7 Benefits

Consider the following paradigm blindness: The Benchmarking often reveals quick wins
way we do it is the best because this is the way opportunities for improvement that are relatively
weve always done it. easy and inexpensive to implement while providing
substantial benefits in process effectiveness, cost
Benchmarking is sometimes the only way to open
reduction or staff synergy. The costs are clearly
an organization to new methods, ideas and tools
repaid through the improvements realized when
to improve their effectiveness. It helps break
organizations use benchmarking successfully. Using
through resistance to change by demonstrating
benchmark results will help deliver major benefits
other methods of solving problems than the one
in achieving:
currently employed, and demonstrating that they
are irrefutably better, because they are being used n Economy in the form of lower prices and higher
successfully by others. productivity on the part of the service provider
n Efficiency by comparing the costs of providing
5.3.5 Benchmarking as a steering IT services and the contribution these services
instrument make to the business with what is achieved in
Benchmarking is a management technique to other organizations, helping the organization
improve performance. It is used to compare to identify areas for improvement
performance between different organizations n Effectiveness of business objectives realized
or different units within a single organization compared with what was planned.
undertaking similar processes. Benchmarking is Benchmarking helps the organization to focus
an ongoing method of measuring and improving on strategic planning by identifying the relative
products, services and practices against the best effectiveness of IT support for the business. The
that can be identified in any industry anywhere. It economy is the easiest area to investigate although
has been defined as the search for industry best efficiency and effectiveness may deliver the most
practices which lead to superior performance. benefit to the business. To obtain the maximum
benefit, it is necessary to look at all of these three
areas, rather than focusing on one to the exclusion
of the others.
CSI_Chapter_05.indd 11 09/07/2011 10:11

5.3.8 Who is involved? of the business area, including the geographical

Within an organization there will be three parties distribution and the extent to which the service is
involved in benchmarking: used for business or time-critical activities.
n The customer The business manager Comparison with other groups in the same
responsible for acquiring IT services to meet organization normally allows a detailed
business objectives. The customer might examination of the features being compared, in
demonstrate an interest in benchmarking by order to establish whether or not the comparison is
asking: How can I improve my performance of like with like.
in procuring services and managing service Hints and tips
providers, and in supporting the business
through IT services? When benchmarking one or more services
n The user or consumer Anyone who uses IT or service management processes, the IT
services to support his or her work. The user organization has to ascertain which of these the
might demonstrate an interest in benchmarking organization should focus on first, if all cannot be
by asking: How can I improve my performance implemented simultaneously. Determine which
by exploiting IT? services and supporting processes to compare.
Benchmarking of a service management process
n The internal service provider Providing IT
is used to find out if a process is cost-effective,
services to users under service level agreements
responsive to the customers needs and effective
(SLAs) negotiated with and managed by the
in comparison with other organizations. Some
customer. The provider might demonstrate an
organizations use benchmarking to decide
interest in benchmarking by asking: How can
whether they should change their service
we improve our performance in the delivery
provider.
of IT services which meet the requirements of
our customers and which are cost-effective and It is essential in planning for service management
timely? to start with an assessment or review of the
relevant service management processes. The
There will also be participation from external
results of this can provide a baseline for future
parties:
comparison.
n External service providers Providing IT services
to users under contracts and SLAs negotiated
with and managed by the customer Example of a poor management decision
n Members of the public Ordinary people are One large company started with the
increasingly becoming direct users of IT services implementation of all service management
n Benchmarking partners Other organizations processes. Senior management never explained
with whom comparisons are made in order to why all these processes should be implemented.
identify the best practices to be adopted for It sounded like a good thing to do: Everybody
improvements. else is doing service management so why dont
we? After two years the whole project had to
5.3.9 What to benchmark? be stopped because customers were complaining
about poor service. It was decided to restart the
Differences in benchmarks between organizations
service management project. This time senior
are normal. All organizations and service-
management decided to implement only a part
provider infrastructures are unique, and most are
of service management (the processes where the
continually changing. There are also intangible
pain was most felt) and conducted an assessment
but influential factors that cannot easily and
to provide a baseline of results for future
objectively be measured, such as goodwill, image
comparison.
and culture.
Direct comparison with similar organizations is
most effective if there is a sufficiently large group
of organizations with similar characteristics. It
is important to understand the size and nature
CSI_Chapter_05.indd 12 09/07/2011 10:11

Benchmarking techniques can be applied at various organization and to the benchmarking

levels from relatively straightforward in-house partner.
comparisons through to an industry-wide search Plan how to achieve the improvements.
for best practice. Benchmarking comprises four 7 Implement improvement.
basic stages: planning, analysis, action and review, Review performance when the changes have
or one can apply the seven-step improvement been embedded in the organization.
process to benchmarking:
Identify and rectify anything which may
1 Identify the strategy for improvement. have caused the organization to fall short of
2 Define what you will measure. its target.
Select the broad service or service Communicate the results of the changes
management process or function to implemented to the organization and the
benchmark (such as service desk) in relation benchmarking partner.
to stakeholder needs. Consider benchmarking again to continue
Draw up a preliminary list of potential the improvement process.
benchmarking partners (these may be within
Ideally, benchmark reviews should be built into
the organization or outside).
an ongoing service management lifecycle so that
Identify possible sources of information
regularly scheduled reviews or benchmarks are
and methods of collection to confirm the conducted. The formality and rigour with which
suitability of potential partners. they are conducted will vary depending on the
Within that process, define the activities to environment, rate of business change, complexity
be benchmarked (such as incident lifecycle). of the environment and elapsed time since the
Identify the resources required for the study. last review. Conducting these reviews regularly
Confirm the key performance measures or provides valuable metrics and trend analysis with
indicators to measure the performance in which to judge improvements (or lack thereof)
carrying out the activity. and take corrective action as early as possible to
Document the way the activities are maximize performance gains.
currently completed.
Agree the plan and its implementation. 5.3.10 Comparison with industry norms
3 Gather the data. ITIL is itself an industry-recognized best practice,
Collect information to identify the most increasingly providing a framework for service
likely potential benchmarking partner to management worldwide. The ITIL core publications
contact. provide documented guidance on detailed process
4 Process the data. assessment and service benchmarking that can be
used as checklists and templates for organizations
5 Analyse the information and data.
doing their own service reviews and benchmarks.
Confirm the best potential benchmarking
Additionally, many IT service organizations around
partner and make a preliminary assessment
the world provide consulting and professional
of the performance gap.
expertise in the process of conducting service
Establish contacts and visits, if appropriate,
management benchmarks and assessments to
to validate and substantiate the information. compare the current processes with published best
Compare the existing process with that practices and the ITIL recommendations. It may be
of the benchmarking partner to identify worthwhile to investigate using these services if
differences and innovations. the scope of an assessment is very large or complex.
Agree targets for improvement that are
In addition, organizations may wish to compare
expected as a result of adopting the
their own processes against international
benchmarking partners ways of doing
standards, especially ISO/IEC 20000, ISO/IEC 27001
things.
and ISO/IEC 19770.
6 Present and use the information.
Communicate the results of the study
throughout the relevant parts of the
CSI_Chapter_05.indd 13 09/07/2011 10:11

5.3.10.1 Process maturity comparison Table 5.2 Average results of over 100 process
Conducting a process maturity assessment is one assessments before improvement
way to identify service management improvement Financial management 2.67
opportunities. Often when organizations conduct Incident management/service desk 2.49
a maturity assessment they want to know how IT service continuity management (ITSCM) 2.42
they compare to the other organizations. Table
Change management 2.36
5.2 reflects average maturity scores for over
100 separate organizations that went through Release management 2.26
a maturity assessment using the scoring system Capacity management 2.02
detailed in Table 5.3. Availability management 1.97
As you can, see SLM, which is a key process in SLM 1.96

support of CSI, is at a fairly low maturity level in Problem management 1.83
the organizations used in the above example. Service asset and configuration management 1.66
The lack of a mature SLM process that provides
for identification of new business requirements,
monitoring and reporting of results can make Table 5.3 CMMI maturity model
it difficult to identify service improvement 0. Non-existent Nothing present
opportunities. A prime target for improvements 1. Initial Concrete evidence of development
in this example would be first to mature the SLM 2. Repeatable Some process documentation but
practice to help achieve measurable targets to some errors likely
improve services going forward. 3. Defined Standardized and documented
4. Managed Monitored for compliance
5.3.10.2 Total cost of ownership
5. Optimized Processes are considered best
The total cost of ownership (TCO), developed by practices through improvement
Gartner, has become a key measurement of the
effectiveness and the efficiency of services. TCO
is defined as all the costs involved in the design, organization to assess the maturity of the
introduction, operation and improvement of service management processes against a
services within an organization from its inception reference framework
until retirement. Often, TCO is measured relating n An external conducted benchmarkCompleted
to hardware components. The TCO of an IT service by an external third-party company; most have
is even more meaningful. CSI needs to take the their own proprietary models for the assessment
TCO into perspective when looking at service of service management process maturity.
improvement plans (SIPs).
The results and recommendations contained within
TCO is often used to benchmark specific services in the benchmarking review can then be used to
IT against other organizations managed service identify and rectify areas of weakness within the IT
providers. service management processes.
Viewed from a business perspective, benchmark
5.3.11 Benchmark approach
measurements can help the organization to assess
Benchmarking will establish the extent of an IT services, performance and spend against peer or
organizations existing maturity with best practice competitor organizations and best practice, both
and help in understanding how that organization across the whole of IT and by appropriate business
compares with industry norms. Deciding what the areas, answering questions such as:
key performance indicators (KPIs) are going to be
and then measuring against them will give solid n How does IT spend compare to other similar
management information for future improvement organizations overall, as a percentage of
and targets. revenue, or per employee?
n How does IT spend compare for similar
A benchmark could be either:
functions, e.g. payroll functions either within an
n An internal conducted benchmarkCompleted organization or with other organizations?
internally using resources from within the
CSI_Chapter_05.indd 14 09/07/2011 10:11

n How does IT spend compare across business The context for benchmarking requires information
units or business processes? about the organizations profile, complexity and
n How does IT spend compare across locations or relative comparators. An effective and meaningful
technologies? profile contains four key components:
n How effective is IT service delivery (and identify n Company information profile The company
opportunities and measures for improvement)? profile defines the landscape of an organization
n How efficient is IT service delivery (and identify basic information on the company size,
opportunities and measures for improvement)? industry type, geographic location and types of
n Which is the most appropriate sourcing option? user are typical of data gathered to establish
n Is the value of a long-term sourcing contract this profile.
being maintained year on year? n Current assets The IT assets mix within the
organization may include production IT, desktop
Benchmarking activities need to be business-
and mobile clients, peripherals, network and
aligned. They can be expensive exercises whether
server assets.
undertaken internally or externally, and therefore
n Current best practices These include policies,
they need to be focused on where they can
procedures and/or tools that improve returns,
deliver most value. For internal service providers,
and their maturity and degree of usage.
cost benchmarking can assess the efficiency and
effectiveness of the IT organization. For external n Complexity This includes information about
service providers, especially outsourced services, the end-user community, the types and
they can help to ensure the right IT services for quantities of varied technologies in use and
the right price. Results of benchmarking not only how IT is managed.
provide a statement of performance, but can
also be used to identify, recommend and plan 5.4 SERVICE MEASUREMENT
improvements. They can also demonstrate value For all sizes of businesses, private and public
to the business and set targets for improvement organizations, educational institutions, consumers
levels, with subsequent benchmarking to assess and the individuals working within these
achievement. organizations, IT services have become an integral
Comparisons of service performance and workload means for conducting business. Without IT services
characteristics between peer organizations, many organizations would not be able to deliver
the effectiveness of business process and the IT the products and services in todays market. As
contribution to IT are also of value as part of a TCO reliance on these IT services increases so do the
assessment. Third-party specialists are available to expectations for availability, reliability and stability.
conduct benchmarking and assessments, giving the This is why having the business and IT integrated
business an external perspective and helping to is so important. No longer can they be thought of
lend credibility to the results and recommendations separately. The same holds true when measuring
for improvements. IT services. It is no longer sufficient to measure and
report against the performance of an individual
There is a variety of IT benchmarking types component such as a server or application. IT must
available separately or in combination, including: now be able to measure and report against an end-
n Cost and performance for internal service to-end service.
providers The seven-step improvement process described in
n Price and performance for external service Chapter 4 discussed the need to define what you
providers will measure after looking at the requirements and
n Process performance against industry best the ability to measure.
practice
For services there are three basic measurements
n Financial performance of high-level IT costs
that most organizations utilize, which ITIL Service
against industry or peers
Design covers in more detail. They are:
n Effectiveness considering satisfaction ratings
and business alignment at all levels. n Availability of the service
n Reliability of the service
n Performance of the service.
CSI_Chapter_05.indd 15 09/07/2011 10:11

Availability can be
expressed at several
Service levels
Logical email
% service
level
System System
Logical (Exchange) (Lotus Notes)
% system
level
Platform (HW) Software Databases Documents

Logical (Exchange) (Exchange) (Exchange) (Exchange)
% sub-system
level
Exchange SQL Policy

Physical Server 1 DB size limit
SW
% component
level
Server 2
Server 3
Figure 5.3 Availability reporting
In many cases, when an organization is monitoring, measurements and combine them to provide a
measuring and reporting on component levels it is view of the true customer experience. Too often
doing so to protect itself and possibly to point the we provide a report against a component, system
blame elsewhere My server or my application or application but dont provide the true service
was up 100% of the time. Service measurement level as experienced by the customer. Figure 5.3
is not about placing blame or protecting oneself shows how it is possible to measure and report
but instead provides a meaningful view of the IT against different levels of systems and components
service as the customer experiences it. The server to provide a true service measurement. Even
may be up, but because the network is down, though the figure references availability measuring
the customer is not able to connect to the server. and reporting, the same can apply for performance
Therefore the IT service was not available even measuring and reporting.
though one or more of the components used to
provide the service was available the whole time. 5.4.1 Design and develop a service
Being able to measure against a service is directly measurement framework
linked to the components, systems and applications
A challenge many organizations face is the creation
that are being monitored and reported on.
of a service measurement framework that leads to
Measuring at the component level is necessary and value-added reporting.
valuable, but service measurement must go further
One of the activities documented in ITIL Service
than the component level. Service measurement
Design is the design of the measurement methods
will require someone to take the individual
CSI_Chapter_05.indd 16 09/07/2011 10:11

and metrics for the services, the architectures, n Building the framework and choosing measures:
their constituent components and the processes. Ask what we need to measure that will
These measurements are documented in the service provide us with useful information that
design package and handed over to the service allows us to make strategic, tactical and/or
transition stage for the testing and validation of operational decisions
the measurement framework and methods during Ask what measures will provide us with the
early life support. data and information we need
Setting up a framework is as much an art as a Set targets for all measures by SLAs or
science. It may prove difficult at first but the results service level targets/objectives that have
over time are worth the effort. An organization been agreed internally within IT
may go through some trial and error in the n Critical elements of a service measurement
beginning so it should not be afraid to admit framework. These should be:
mistakes on particular measures or targets and Integrated into business planning
make adjustments to the framework. Focused on business and IT goals and
Keep in mind that service measurement is not an objectives
end in itself. The end result should be to improve Cost-effective
services and improve accountability. Balanced in their approach on what is
One of the first steps in developing a service measured

measurement framework is to understand the Able to withstand change
business processes and identify those that are most n Performance measures. These should:
critical to the delivery of value to the business. The Be timely
IT goals and objectives must support the business Be accurate and reliable
goals and objectives. There also needs to be a Be well-defined, specific and clear
strong link between the operational, tactical and Be relevant to meeting the objectives
strategic level goals and objectives, otherwise Not create a negative behaviour
an organization will find itself measuring and
Lead to improvement opportunities
reporting on performance that may not add any
n Defined roles and responsibilities:
value.
Who defines the measures and targets?
Service measurement is looking at not only the Who monitors and measures?
past but also the future what do we need to be
Who gathers the data?
able to do and how can we do things better? The
Who processes and analyses the data?
output of any service measurement framework
should allow individuals to make operational, Who prepares the reports?
tactical or strategic decisions. Who presents the reports?
Selecting a combination of measures is important

5.4.2 Different levels of measurement
to provide an accurate and balanced perspective.
The measurement framework as a whole should and reporting
be balanced and unbiased, and able to withstand Creating a service measurement framework will
change the measures are still applicable (or require the ability to build upon different metrics
available) after a change has been made. and measurements. The end result is a view of the
way individual component measurements feed
Whether measuring one or multiple services, the
the end-to-end service measurement which should
following steps are key to a successful service
support KPIs defined for the service. This will then
measurement framework:
be the basis for creating a service scorecard and
n Origins: dashboard. The service scorecard will then be
used to populate an overall balanced scorecard or
Defining what success looks like. What are
IT scorecard. Figure 5.4 shows there are multiple
we trying to achieve and how will we know
levels that need to be considered when developing
when weve achieved it?
a service measurement framework.
CSI_Chapter_05.indd 17 09/07/2011 10:11

IT scorecard or
balanced scorecard
Point in
time Real time
information information
Service Service
scorecard dashboard
Key performance
indicators
Rolled up service
measurement
results
Component 1 Component 2 Component 3

measure measure measure
Figure 5.4 Service measurement model
What gets reported at each level is dependent on n Mainframe availability 99.96%

the measures that are selected. n WAN availability 98%
Starting at the bottom, the technology domain n LAN availability 97.5%
areas will be monitoring and reporting on a n Desktop availability 96%.
component basis. This is valuable as each domain
The availability numbers are examples provided
area is responsible for ensuring the servers are
only for illustrative purposes.
operating within defined guidelines and objectives.
At this level, measurements will be on component Note the end-to-end service availability in this
availability, reliability and performance. The example is not 96% because it is the lowest
output of these measurements will feed into availability number. Since all the failures that
the overall end-to-end service measurement as led to decreased availability did not occur at
well as the capacity and availability plans. These the same time within each technology domain
measurements will also feed into any incremental the availability numbers have to be multiplied
operations improvements and into a more formal together. So the calculation is 99.96% 98%
CSI initiative. 97.5% 96%. This provides a minimum availability
the customer can expect of the email service at
A part of service measurement is then taking the
91.69% assuming all components break at different
individual component measurements and using
times; 91.69% would therefore be the target that
them to determine the true service measurement
could be agreed although it may end up being
for an end-to-end service derived from availability,
higher.
reliability and performance measurements.
When developing a service management
As an example let us use messaging as a service
framework it is important to understand which are
that is provided. Figure 5.5 shows we have four
the most suitable types of report to create, who
technology domains that often are monitored and
they are being prepared for, and how they will be
reported on:
used.
CSI_Chapter_05.indd 18 09/07/2011 10:11

Mainframe
Technology domain
Availability 98%
Router WAN Gateway Technology domain

Availability 99.96%
Server
Availability = Mainframe * WAN * LAN * Desktop
Technology domain Total availability of email service = 91.69%
Availability 97.5%
Service availability 91.69%
Hub
Messaging service
PC PC PC
Technology domain Software layer

Availability 96% Procedure layer
People layer
Figure 5.5 Technology domain versus service management
5.4.3 Service management process a process and these are often volume type
measurement metrics such as number of requests for change
(RFCs) submitted, number of RFCs accepted into
The same principles apply when measuring
the process, number of RFCs by type, number
the efficiency and effectiveness of a service
approved, number successfully implemented etc.
management process. As Figure 5.6 shows, you
The next level contains the KPIs associated with
will need to define what to measure at the process
each process. The activity metrics should feed into
activity level. These activity measures should
and support the KPIs. The KPIs will support the next
support the process KPIs. The KPIs need to support
level, which is the high-level goal such as improving
higher-level goals. In Figure 5.6, the higher-level
service quality, reducing IT costs or improving
goal for change management is to improve the
customer satisfaction. Finally, this high-level goal
service quality. One of the major reasons for service
will feed into the organizations balanced scorecard
quality issues is the downtime caused by failed
or IT scorecard. When first starting out, be careful
changes. And one of the major reasons for failed
to not pick too many KPIs to support the high-level
changes is often the number of urgent changes an
goal(s). Additional KPIs can always be added at a
organization implements with no formal process.
later time.
Therefore it would be advisable to capture the
following key activity metrics: Table 5.4 identifies some KPIs that reflect the value
of service management. The KPIs are also linked to
n The number of urgent changes
the service management process or processes that
n The number of failed urgent changes
directly support the KPI. This table is not inclusive
n Unauthorized changes that failed. of all KPIs but simply an example of how KPIs may
There are four major levels to report on. The be mapped to processes.
bottom level contains the activity metrics for
CSI_Chapter_05.indd 19 09/07/2011 10:11

Overall service management 5.4.4 Creating a measurement

process scoreboard
framework grid
It is recommended to create a framework grid that
Process high-
Example = will set out the high-level goals and define which
improve service
level goal quality KPIs will support the goal and also which category
the KPI addresses (see Table 5.5).
Example for KPI categories can be classified as:
Process key change
management =
performance
reduce the number n Compliance Are we doing it?
indicators
of failed changes
n Quality How well are we doing it?
n Performance How fast or slow are we doing it?
Activity measure Activity measure
Activity measure
2 = number of 3 = number of
n Value Is what we are doing making a
1 = number of
urgent changes
failed urgent unauthorized failed difference?
changes changes
Figure 5.6 Service management model
Table 5.4 Key performance indicators of the value of service management processes
KPI Service management process Comment
Improved availability Availability management Improved monitoring and reporting on service
(by service/systems/ Capacity management availability
applications) Expanded incident lifecycle, removing errors
Incident management
from the infrastructure, and reduction of
Problem management
failed changes; improved understanding of
Change management business requirements and IT capability
Service level management proactive planning.
Reduction of service Availability management Improved monitoring of services
level breaches (by Capacity management Priority model, incident ownership,
service/systems/ monitoring and tracking; removal of errors
Incident management
applications) from the infrastructure
Problem management
Reduction of failed changes; explicit SLAs
Change management
Reduction of mean Incident management Improved escalations, improved knowledge,
time to repair (MTTR) Event management improved prioritization
(this should be Priority model and operational level
Problem management
measured by priority agreements (OLAs)
level, and not on a Availability management
cumulative basis) Change management
Reduce percentage of Change management Creating lead time policies
urgent and emergency Service level management Improved planning and scheduling reduces
changes (by business the need for urgent and emergency changes
unit) Communicating change lead times to the
business
Reduction of major Problem management Removing errors from the infrastructure,
incidents Incident management and reduction of failed changes; improved
understanding of business requirements and
Change management
IT capability proactive planning
Capacity management
Availability management
Access management
CSI_Chapter_05.indd 20 09/07/2011 10:11

Table 5.5 High-level goals and key performance indicators

High-level goal KPI KPI category Measurement Target How and who
Manage availability Percentage Value End-to-end 99.995% Technical
and reliability of a improvement in Quality service availability managers
service overall end-to- based on the Technical analyst
end availability component
Service level
of services availability that
manager
makes up the
service
AS 400
availability
Network
availability
Application
availability
5.5 METRICS hierarchy from measurement through to the

business vision.
It is important to remember that there are three
types of metrics that an organization will need Metrics are used in several business models
to collect to support CSI activities as well as other including CMMI, COBIT and Six Sigma. These
process activities: measurements or metrics can be used to track
trends, productivity, resources and much more.
n Technology metrics These metrics are often
Typically, the metrics tracked are KPIs.
associated with component and application-
based metrics such as performance, availability
5.5.1 How many CSFs and KPIs?
etc.
Section 4.1.12 details CSFs and KPIs of the seven-
n Process metrics These metrics are captured in
step improvement process. It is recommended that
the form of critical success factors (CSFs), KPIs
no more than two to five KPIs are defined per CSF
and activity metrics for the service management
at any given time and that a service or process has
processes. They can help determine the overall
no more that two to five CSFs associated with it at
health of a process. KPIs can help answer four
any given time.
key questions on quality, performance, value
and compliance of following the process. CSI It is recommended that in the early stages of a
would use these metrics as input in identifying CSI initiative only two to three KPIs for each CSF
improvement opportunities for each process. are defined, monitored and reported on. As the
n Service metrics These metrics are a measure of maturity of a service and service management
the end-to-end service performance. Individual processes increase, additional KPIs can be added.
technology and process metrics are used when Based on what is important to the business and IT
calculating the end-to-end service metrics. management, the KPIs may change over a period of
time. Also keep in mind that as service management
In general, a metric is a scale of measurement processes are implemented, this will often change
defined in terms of a standard, i.e. a well-defined the KPIs of other processes. As an example,
unit. Metrics are a system of parameters or ways of increasing first-contact resolution is a common
quantitative assessment of a process that is to be KPI for incident management. This is a good KPI
measured. Metrics define what is to be measured. to begin with, but when you implement problem
Metrics are usually specialized by the subject area, management this should change. One of problem
in which case they are valid only within a certain managements objectives is to reduce the number of
domain and cannot be directly benchmarked or recurring incidents. When these types of recurring
interpreted outside it. Generic metrics, however, incidents are reduced it will reduce the number of
can be aggregated across subject areas or business first-contact resolutions. In this case a reduction in
units of an enterprise. Figure 5.7 shows the full first-contact resolution is a positive trend.
CSI_Chapter_05.indd 21 09/07/2011 10:11

Vision
Mission
Goals
Objectives
CSF
KPI
Metrics
Measurements
Figure 5.7 From vision to measurement
The next step is to identify the metrics and 5.5.1.2 Quantitative KPIs
measurements required to compute the KPI. Here is a quantitative example:
There are two basic kinds of KPI, qualitative and
quantitative. n CSF: Reducing IT costs
n KPI: 10% reduction in the costs of handling
5.5.1.1 Qualitative KPIs printer incidents.
Here is a qualitative example: Metrics required:
n CSF: Improving IT service quality n Original cost of handling printer incidents
n KPI: 10% increase in customer satisfaction n Final cost of handling printer incidents
rating for handling incidents over the next six n Cost of the improvement effort.
months.
Measurements:
Metrics required:
n Time spent on the incident by first-level
n Original customer satisfaction score for operative and their average salary
handling incidents n Time spent on the incident by second-level
n Ending customer satisfaction score for handling operative and their average salary
incidents. n Time spent on problem management activities
Measurements: by second-level operative and their average
salary
n Incident-handling survey score
n Time spent on the training first-level operative
n Number of survey scores. on the workaround
n Cost of a service call to third-party vendor
n Time and material from third-party vendor.
CSI_Chapter_05.indd 22 09/07/2011 10:11

5.5.1.3 Is the KPI fit for use? other factors, the manager will achieve this aim by
An important aspect to consider is whether a KPI is flexing the resources and service features in order
fit for use. Key questions are: to meet the delivery schedule. This unbalanced
focus will therefore either lead to budget increases
n What does the performance indicator really tell or lower product quality. Tension metrics help
us about goal achievement? If we fail to meet create a delicate balance between shared goals
the target set for a performance indicator, does and delivering a product or service according to
that mean we fail to achieve some of our goals? business requirements within time and budget.
And if we succeed in meeting certain targets, Tension metrics do not, however, conflict with
does this mean we will achieve our goals? shared goals and values, but rather prevent
n How easy is it to interpret the performance teams from taking shortcuts and shirking on their
indicator? Does it help us to decide on a course assignment. Tension metrics can therefore be seen
of action? as a tool to create shared responsibilities between
n When do we need the information? How team members with different roles in the service
often? How rapidly should the information be lifecycle.
available?
Example of tension metrics
n To what extent is the performance indicator
stable and accurate? Is it sensitive to external, An organization may focus on increasing the
uncontrollable influences? What amount of number of incidents handled by each member
effort is needed for a change in result that is of the service desk but fail to examine the
not marginal? impact on the resolution rate. If the resolution
n How easy is it to change the performance rate reduces because staff are rushing to deal
indicator itself? How easy is it to adapt the with more incidents, the overall service quality
measurement system to changing circumstances has been damaged. In this case the number of
or changes in our goals for IT service provision? incidents handled per service desk analyst and
n To what extent can the performance indicator the incident resolution rate are the tension
be measured now? Under which conditions metrics that need to be examined together to see
can measurement continue? Which conditions the true impact.
impede measurement? Which conditions render
the result meaningless?
n Who owns this KPI? Who is responsible for 5.5.3 Goals and metrics
collecting and analysing the data? Who is Each stage of the service lifecycle requires very
accountable for improvements based on the specific contributions from the key roles identified
information? in service design, service transition and service
operation, each of which has very specific goals to
5.5.2 Tension metrics meet. Ultimately, the quality of the service will be
The effort from any support team is a balancing act determined by how well each role meets its goals,
of three elements: and by how well those sometimes conflicting goals
are managed along the way. That makes it crucial
n Resources people and money that organizations find some way of measuring
n Functionality the product or service and its performance by applying a set of metrics to each
quality goal.
n The schedule.
5.5.3.1 Breaking down goals and metrics
The delivered product or service therefore
represents a balanced trade-off between these It is outside the scope of this publication to dig too
three elements. Tension metrics can help create deeply into human resources management, and
that balance by preventing teams from focusing there is no shortage of literature already available
on just one element for example, on delivering on the subject. However, there are some resource
the product or service on time. If an initiative is specific items that can be said about best practices
being driven primarily towards satisfying a business for goals and metrics as they apply to managing
driver of on-time delivery to the exclusion of services in their lifecycle.
CSI_Chapter_05.indd 23 09/07/2011 10:11

Table 5.6 Examples of service quality metrics

Measure Metric Quality goal Lower limit Upper limit
Schedule Variation against Within 7.5% of Not to be less than Not to exceed 7.5%
revised plan (%) estimate 7.5% of estimate of estimate
Effort Variation against Within 10% of Not to be less than Not to exceed 10%
revised plan (%) estimate 10% of estimate of estimate
Cost Variation against Within 10% of Not to be less than Not to exceed 10%
revised plan (%) estimate 10% of estimate of estimate
Defects Variation against Within 10% of Not to be less than Not to exceed 10%
planned defect (%) estimate 10% of estimate of estimate
Productivity Variation against Within 10% of Not to be less than Not to exceed 10%
productivity goal estimate 10% of estimate of estimate
Customer satisfaction Customer satisfaction Greater than 8.9 on Not to be less than
survey result a range of 1 to 10 8.9 on a range of 1
to 10
Many IT service organizations measure their IT those characteristics that will reduce total costs
staff in an abstract and high-level manner. During of ownership throughout the lifecycle. On the
appraisal and counselling, most managers discuss other hand, if IT is an enabler (which it has to be),
such things as taking part in one or more projects/ services will be designed with the ability to adjust
performing activities of a certain kind, or fulfilling to changing business requirements and meet early
certain roles in projects/activities and following time-to-market objectives.
certain courses. Although accomplishing such goals
Either way, the important point is that those
might be important for the professional growth
requirements for IT services and IT components
of an individual, it does not facilitate the service
would determine how processes in the lifecycle
lifecycle or any specific process in it. In reality, most
are measured and managed, and thus how the
IT service organizations do not use more detailed
performance and growth of professionals should
performance measures that are in line with key
be measured.
business drivers, because it is difficult to do, and do
correctly. Metrics can be classified into three categories:
financial metrics, learning and growth metrics, and
But there is a way. In the design phase of a service,
organizational or process effectiveness metrics.
key business drivers were translated into service
An example of financial metrics is the expenses
level requirements (SLRs) and operations level
and total percentage of hours spent on projects or
requirements, the latter consisting of process, skills
maintenance, while an example of learning and
and technology requirements. This constitutes
growth is the percentage of education pursued in a
a translation from a business requirement into
target skill area, certification in a professional area,
requirements for IT services and IT components.
and contribution to knowledge management.
There is also the question of the strategic position
of IT. In essence, the question is whether IT is Some examples of service quality metrics are shown
viewed as an enabler or a cost centre, the answer in Table 5.6. Process quality metrics are the quality
to which determines the requirements for IT metrics related to efficient and effective process
services and IT components. If IT is viewed as a cost management.
centre, services might be developed to be used Note: The figures in Table 5.6 are for illustrative
centrally in order to reduce TCO. Services will have purposes only and are not intended as generic
CSI_Chapter_05.indd 24 09/07/2011 10:11

targets. Organizations should consider and set their n How was the data processed?
own targets. n What could have led to the incorrect
information?
5.5.3.2 Using organizational metrics
When beginning to interpret the results it is
To be effective, measurements and metrics should
important to know the data elements that make
be woven through the complete organization,
up the results, the purpose of producing the results
touching the strategic as well as the tactical level.
and the expected normal ranges of the results.
To successfully support the key business drivers, the
IT services manager needs to know what and how Simply looking at some results and declaring a
well each part of the organization contributes to trend is dangerous. Figure 5.8 shows a trend that
the final success. the service desk is opening fewer incidents over
the last few months. One could believe that this
It is also important, when defining measurements
is because there are fewer incidents or perhaps it
for goals that support the IT services strategy,
is because the customers are not happy with the
to remember that measurements must focus
service that is being provided, so they go elsewhere
on results and not on efforts. Focus on the
for their support needs. Perhaps the organization
organizational output and try to get clear what the
has implemented a self-help knowledge base and
contribution is. Each stage in the service lifecycle
some customers are now using this service instead
has its processes and contribution to the service.
of contacting the service desk. Some investigation
Each stage of the lifecycle also has its roles, which
is required to understand what is driving these
contribute to the development or management
metrics.
of the service. Based on the process goals and the
quality attributes of the service, goals and metrics One of the keys to proper interpretation is to
can be defined for each role in the processes of the understand whether there have been any changes
lifecycle. to the service or if there were any issues that could
have created the current results.
5.5.4 Interpreting and using metrics The chart can be interpreted in many ways so
Results must be examined in the context of the it would not be wise to share it without some
objectives, environment and any external factors. discussion of the meaning of the results.
Therefore after collecting the results, organizations
Figure 5.9 is another example of a service desk
will conduct measurement reviews to determine
measurement. Using the same number of incidents
how well the indicators worked and how the
we have now also provided the results of first
results contribute to objectives.
contact resolution. The figure shows that not only
Before starting to interpret the metrics and are fewer incidents being opened, but the ability
measures it is important to identify if the results to restore service on first contact is also going
that are being shown even make sense. If they do down. Before coming to hasty conclusions, some
not, then instead of interpreting the results, take questions need to be asked:
action to identify the reasons the results appear
n What has happened that could drive down the
the way they do. The example used earlier in the
number of incidents?
chapter was of an organization that provided data
for the service desk in which the data showed n What would impact our ability to restore service
there were more first-contact resolutions at the on the first contact?
service desk than there were incidents opened n Did we hire new service desk analysts?
by the service desk. This is impossible and yet this n Did we remove some services?
organization was ready to distribute this report. n Have we provided other means to access our
When this kind of thing happens some questions services?
need to be asked, such as: n Have other processes been implemented that
n How did we collect this data? could impact incident volume and first contact
resolution?
n Who collected the data?
n What tools were used to collect the data? In the case illustrated in Figure 5.9, the
n Who processed the data? organization had implemented problem
CSI_Chapter_05.indd 25 11/07/2011 16:01

16,000
15,500
Number of incidents
15,000
14,500
opened
14,000
13,500
Number of incidents
13,000
12,500
12,000
11,500
ry
ry
ua
ch
ua
ril
e
br
ay
ar
n
n
Ap
Fe
Ju
Ja
M
Figure 5.8 Number of incidents opened by service desk over time
16,000
14,000
Number of incidents
12,000
10,000
8,000
Number of incidents
6,000
4,000
First contact
2,000 resolutions
0
ry
y
ua
ar
ch
ril
nu
ne
br
ay
ar
Ap
Fe
Ju
Ja
Figure 5.9 Comparison of incidents opened and resolved on first contact by the service desk
management. As the process matured and through Table 5.7 provides a current view and year-to-date
the use of incident trend analysis, staff were (YTD) view for response times for three service
able to use problem management to identify a desks. It provides a transaction count for each
couple of recurring incidents that created a lot of service, the minimum response time measured in
incident activity each month. Through root cause seconds, the maximum response time measured in
analysis and submitting a RFC, a permanent fix seconds and the average for the month. The table
was implemented, thus stopping the recurring also provided the YTD average for each service. In
incidents. Through further analysis it was found order to understand if these numbers are good or
that these few recurring incidents were able to be not it is important to define the target for each
resolved on the first contact. By removing these service as well as the target for meeting the SLA.
incidents the opportunity to increase first contact
When looking at the results for the three services
resolution was also removed. During this time
it may appear that Service 2 is the best, and this
period the service desk also had some new hires.
might be because it handles fewer transactions
each month than the other two services.
CSI_Chapter_05.indd 26 09/07/2011 10:11

Table 5.7 Response times for three service desks

Service measurement response time
Service Response times (seconds)
Current month YTD Percentage within SLA
(99.5% is the target)
Count Min Max Avg Monthly YTD
Service 1 1,003,919 1.20 66.25 3.43 1.53 99.54% 98.76%
Target = 1.5
seconds
Service 2 815,339 0.85 21.23 1.03 1.07 98.44% 99.23%
Target = 1.25
seconds
Service 3 899,400 1.13 40.21 2.12 2.75 96.50% 94.67%
Target = 2.5
seconds
Interpreting that Service 2 is the best by only business strategy and goals, and which will support
looking at the numbers is dangerous, however. the IT goals and objectives? What are the ROI and
Investigations will find that Service 2 is a global VOI opportunities? ROI is also discussed in Chapters
service that is accessed 24 7 and the other two 2 and 4.
services have peak time utilization between 8 am
Another key use of measurement and metrics is
and 7 pm. This is no excuse because the services are
for comparison purposes. Measures by themselves
not hitting targets so further investigation needs
may tell the organization very little unless there is
to be conducted at the system and component
a standard or baseline against which to assess the
levels to identify any issues that are creating the
data. Measuring only one particular characteristic
current response time results. It could be that the
of performance in isolation is meaningless unless it
usage has picked up, which was not planned for,
is compared with something else that is relevant.
and some fine tuning on components can improve
The following comparisons are useful:
the response time.
n Comparison against the baseline
5.5.5 Using measurement and metrics n Comparison against a target or goal
Metrics can be used for multiple purposes such as n Comparison with other organizations be sure
to: to understand that the strategy, goals and
objectives of other organizations may not align
n Validate are we supporting the strategy and
with yours so there may be driving factors in
vision?
the other organization that you dont have or it
n Justify do we have the right targets and could be the other way around
metrics?
n Comparison over time such as day to day, week
n Direct based on factual data, people can be to week, month to month, quarter to quarter,
guided to change behaviour or year to year
n Intervene take corrective actions such as n Comparison between different business units
identifying improvement opportunities.
n Comparison between different services.
Service measurements and metrics should be used
Measures of quality allow for measuring trends and
to drive decisions. Depending on what is being
the rate of change over a period of time. Examples
measured the decision could be strategic, tactical
could be measuring trends against standards
or operational. This is the case for CSI. There are
that are set up either internally or externally
many improvement opportunities but often only
and could include benchmarks, or they could be
a limited budget to address the improvement
measuring trends with standards and targets to be
opportunities, so decisions must be made. Which
established. This is often done when first setting up
improvement opportunities will support the
baselines.
CSI_Chapter_05.indd 27 09/07/2011 10:11

A minor or short-term deviation from targets the real value. It is important for someone to
should not necessarily lead to an improvement own the responsibilities not only to look at these
initiative. It is important to set the criteria for the measurements as a whole but also to analyse
deviations before an improvement programme is trends and interpret the meaning of the metrics
initiated. and measures.
Comparing and analysing trends against service
level targets or an actual SLA is important as it
5.5.6 Creating scorecards and reports
allows for early identification of fluctuations in Service measurement information will be used for
service delivery or quality. This is important not three main purposes:
only for internal service providers but also when n To report on the service to interested parties
services have been outsourced. It is important n To compare against targets
to identify any deviations and discuss them with
n To identify improvement opportunities.
the external service provider in order to avoid
any supplier relationship problems. Speed and Reports must be appropriate and useful for all
efficiency of communication when there are missed those who use them.
targets is essential to the continuation of a strong
There are typically three distinct audiences for
relationship.
reporting purposes.
Using measurements and metrics can also help
n The business Is it really focused on delivery to
define any external factors that may exist outside
time and budget?
the control of the internal or external service
n IT management IT managers will be interested
provider. The real world needs to be taken into
in the tactical and strategic results that support
consideration. External factors could include
the business.
anything from language barriers to governmental
n IT operational/technical managersThese
decisions.
managers will be concerned with the tactical
Individual metrics and measures by themselves and operational metrics that support better
may tell an organization very little from a strategic planning, coordination and scheduling of
or tactical point of view. Some types of metrics resources. The operational managers will
and measures are often more activity based be interested in their technology domain
than volume based, but are valuable from an measurements such as component availability
operational perspective. Examples include: and performance.
n The services used Many organizations make the mistake of creating
n The mapping of customers to services and distributing the same report to everyone. This
n Frequency of use of each service does not provide value for everyone.
n Times of day each service is used
5.5.6.1 Creating scorecards that align to
n The way each service is used (internally or
externally through the web) strategies
n The performance of each component used to Reports and scorecards should be linked to overall
provide the service strategy and goals. Using a balanced scorecard
n The availability of each component used to approach is one way to manage this alignment.
provide the service. Figure 5.10 illustrates how the overall goals and
objectives can be used to derive the measurements
Each of these measures by themselves will
and metrics required to support the overall
provide some information that is important to
goals and objectives. The arrows point both
IT staff including the technical managers who
ways because the strategy, goals and objectives
are responsible for availability management and
will drive the identification of required KPIs
capacity management as well as those who may
and measurements, but it is also important to
be responsible for a technology domain such as
remember that the measures are input in KPIs
a server farm, an application or the network,
and the KPIs support the goals in the balanced
but it is the examination and use of all the
scorecard.
measurements and metrics together that delivers
CSI_Chapter_05.indd 28 09/07/2011 10:11

Strategy
What is our vision? goals and objectives
What will
success mean Financial Customer Internal Innovation and
from these perspective perspective perspective learning perspective
perspectives?
What are the 1. 1. 1. 1.

goals and 2. 2. 2. 2.
critical
3. 3. 3. 3.
success factors?
1. 1. 1. 1.
KPIs? 3. 3. 3. 3.

critical metrics 2. 2. 2. 2.
and measures? 3. 3. 3. 3.
Figure 5.10 Deriving measurements and metrics from goals and objectives
It is important to select the right measures and details if they are interested. Table 5.8 provides
targets to be able to answer the ultimate question an example that will fit the needs of most senior
of whether the goals are being achieved and the managers. This report should be no longer than
overall strategy supported. The balanced scorecard two pages but ideally a single page if that is
is discussed in more detail in section 5.5.8. achievable without sacrificing readability.
It is also important to know what report format the
5.5.6.2 Creating reports audience prefers. Some people like text reports,
When creating reports it is important to know some like charts and graphs with lots of colour,
their purpose and the details required. Reports and some like a combination. Be careful about
can be used to provide information for a single the type of charts and graphs that are used. They
month, or a comparison of the current month with must be understandable and not open to different
other months to provide a trend for a certain time interpretations.
period. Reports can show whether service levels are
being met or breached. Many reporting tools today produce canned
reports but these may not meet everyones business
Before starting the design of any report it is also requirements for reporting purposes. It is wise to
important to know the following: ensure that a selected reporting tool has flexibility
n Who is the target audience of the report? for creating different reports, that it will be
n What will the report be used for? linked or support the goals and objectives, that
its purpose is clearly defined, and that its target
n Who is responsible for creating the report?
audience is identified.
n How will the report be created?
n How frequently is the report to be created? Reports can be set up to show:
n What information will be produced, shared or n Results for a service With supporting reports
exchanged? giving individual measurements on components
One of the first items to consider is who is the n Health of a service management processWith
target audience. Most senior managers dont want certain process KPI results
a report that is 50 pages long. They like to have n Functional reports Such as telephony reports
a short summary report and access to supporting for the service desk.
CSI_Chapter_05.indd 29 09/07/2011 10:11

Table 5.8 An example of a summary report format

Report for the month of:
Monthly overview This is a summary of the service measurement for the month and discusses any trends over
the past few months. This section can also provide input into [details to be inserted].
Results This section outlines the key results for the month.
What led to the results Are there any issues or activities that contributed to the results for this month?
Actions to take What action have you taken or would like to take to correct any undesirable results? Major
deficiencies may require CSI involvement and the creation of a SIP.
Predicting the future Define what you think the future results will be.
5,000
Outage minutes
4,000
Total outages
3,000
2,000
Outages caused by
1,000 changes
0
ril
y
ry
ch
ay
ne
ar
Ap
ua
ar
Ju
nu
M
br
Ja
Fe
Figure 5.11 Reported outage minutes for a service
Figure 5.11 shows the duration of outages (in and the services it provides. Often organizations
minutes) for a service. However, through analysis use a combination of methods rather than just
of the results, a direct relationship was discovered one individual technique. CSI should assume
between failed changes and the duration of responsibility for ensuring that the quality of
outages. Seeing this information together service required by the business is provided
convinced an organization that it really needed to within the imposed cost constraints. CSI is also
improve its change management process. instrumental in determining if IT is still on course
with the achievement of planned implementation
Table 5.9 is another example of a service
targets and, if not, plotting course corrections to
measurement report. The report clearly states
bring it back into alignment.
an objective and also provides a YTD status. The
report compares this years outage to last years However, it must be remembered that although
outage. The report also addresses the actual the measurement of progress is vital it is not
customer impact. Depending on needs, this report the end product; rather, it is a means to an end.
format can be used for many reporting purposes Often people gather measurements and produce
such as performance, SLAs etc. reports as a full-time occupation. It is essential
that the production of statistics is not seen as the
Table 5.10 shows incident management data for
sole objective of the strategy implementation but
the number of incidents by priority and the success
rather an indicator of its progress and success.
of meeting the SLA for service restoration.
Table 5.11 provides some sample KPIs for different 5.5.7 Setting targets
processes. This is not an all-inclusive list but simply If you have nothing to aim for it is probable that is
an example. Each organization will need to define what you will hit. The CSFs and SLRs will give vital
what KPIs to report on. information as to what we are trying to achieve
There are many techniques used today to and it is important that we keep the targets in
measure the effectiveness and efficiency of IT mind when measuring and reporting. Targets
CSI_Chapter_05.indd 30 09/07/2011 10:11

Table 5.9 Service report of outage minutes compared to goal

Actual outage minutes compared to goal
Objective 20% decrease in outages
Status 18% decrease YTD
Monthly Month 1 Month 2 Month 3 Month 4 Month 5 Month 6
report
Previous years
outage minutes
This years
outage minutes
Running YTD
reduction
Monthly Positive Negative Positive Positive Negative Positive
indicator
Reduction in customer impact
Objective Decrease in number of customers impacted (%)
Status
Next steps
Table 5.10 Percentage of incidents meeting target time for service restoration
Target Month 1 Month 2
Number of % Number of %
Incidents Incidents
All incidents
Within target 7,540 97.15 6,647 95.34
Missed target 221 2.85 325 4.66
Grand total 7,761 6,972
Priority 1
Within target 95% within 1 24 77.42 17 77.27
hour
Missed target 7 22.58 5 22.73
Grand total 31 22
Priority 2
Within target 90% within 4 127 78.40 153 92.73
Missed target hours 35 21.60 12 7.27
Grand total 162 165
Priority 3
Within target 80% within 1 2,532 89.66 2,176 90.03
Missed target business day 292 10.34 241 9.97
Priority 4
Within target 70% within 2 4,683 98.71 4,301 98.47
Missed target business days 61 1.29 67 1.53
CSI_Chapter_05.indd 31 09/07/2011 10:11

Table 5.11 Sample key performance indicators

Process/function KPI/description Type Progress indicator
Incident Incidents resolved within Value Meets/exceeds target times
management target time
Incident % of incidents closed first Performance Service desk only target is 80%
management call
Service desk Abandon rate Service desk with automatic call distribution
(ACD). 5% or less goal (after 24 seconds)
Incident Count of incidents submitted Compliance Consistency in number of incidents
management by support group investigation is warranted for (1) rapid
increase, which may indicate infrastructure
investigation, and (2) rapid decrease, which
may indicate compliance issues
Problem % of repeated problems over Quality Problems that have been removed from
management time the infrastructure and have re-occurred.
Target: less than 1% over a 12-month rolling
timeframe
Problem % root cause with permanent Quality Calculated from problem start date to
management fix permanent fix found. This may not include
implementation of permanent fix. Internal
target: fix 90% of problems within 40 days.
External target: fix 80% of problems within
30 days. External target = third party/vendor
Problem % and number of Compliance Sorted by infrastructure (internal and external)
management incidents raised to problem and development (internal and external)
management
Change % of RFCs successfully Quality Grouped by infrastructure/development
management implemented without back
out or issues
Change % of RFCs that are Performance Sort by infrastructure or development and
management emergencies by emergency quick fix (service down) or
business requirement
Service asset and Number of configuration item Compliance CI additions or updates broken down by
configuration (CI) additions or updates group configuration management database
management (CMDB) or change modules
Service asset and Number of records related to Performance Number of associations grouped by process
configuration CI
management
Release and % of releases using exceptions Value Exceptions are criteria deemed mandatory
deployment identify by groups
management
Release and % of releases bypassing Compliance Identify groups bypassing release process
deployment process
management
Capacity Action required Value Number of services that require action vs.
management total number of systems
Capacity Capacity-related problems Quality Number of problems caused by capacity
management issues sorted by group
CSI_Chapter_05.indd 32 09/07/2011 10:11

set by management are quantified objectives to incidents are being handled or how well the
be attained. They express the aims of the service customer is being treated, it will result in negative
or process at any level and provide the basis for behaviour that is counter-productive to the goal of
the identification of problems and early progress providing good service. The focus is only on volume
towards solutions and improvement opportunities. and not quality.
Service targets are often defined in response to When setting targets it is important to determine
business requirements or they may result from new the baseline: this is the starting point from which
policy or regulatory requirements. SLM through you will measure improvement.
SLAs will often drive the target that is required.
Unfortunately, many organizations have had 5.5.8 Balanced scorecard
targets set with no clear understanding of the IT This is a technique developed by Kaplan and
organizations capability to meet the target. That Norton4 in the mid-1990s and involves the
is why it is important that SLM looks at not only definition and implementation of a measurement
the business requirements but also IT capability to framework covering four different perspectives:
meet business requirements. customer, internal business, learning and growth,
When first setting targets against a new service and financial. The four linked perspectives provide
it may be advisable to consider a phased target a balanced scorecard to support strategic activities
approach, as the target in the first quarter may be and objectives, and can be used to measure overall
lower than the second quarter. With a new service IT performance.
it would be unwise to enter into a SLA until overall The balanced scorecard is complementary to ITIL.
capabilities are clearly identified. Even with the Some of the links to IT include the following:
best service design and transition, no one ever
knows how a service will perform until it is actually n Client perspective IT as a service provider,
in production. primarily documented in SLAs
n Internal processes Operational excellence
Setting targets is just as important as selecting utilizing incident management, problem
the right measures. It is important that targets management, change management, service
are realistic but challenging. Good targets will asset and configuration management, and
be SMART (specific, measurable, achievable, release and deployment management, as well
relevant and time-bound). Targets should be clear, as other IT processes; successful delivery of IT
unambiguous and easy to understand by those projects
who will be working toward them.
n Learning and growth Business productivity,
Remember that the choice of measures and their flexibility of IT, investments in software,
targets can affect the behaviour of those who are professional learning and development
carrying out the work that is being measured. That n Financial Align IT with the business objectives,
is why it is always important to have a balanced manage costs, manage risks, deliver value;
approach. financial management for IT services is the
Lets look at an example of common measures that process used to allocate costs and calculate ROI.
are captured for the service desk. It is common Kaplan and Norton first introduced the idea of
for the service desk to measure the average a balanced scorecard in the early 1992 Harvard
speed of answer, number of calls answered and Business Review. The need for such a method
call duration. These measures are often collected emerged out of a growing recognition that
through telephony systems. If a service desk financial measures alone were insufficient to
manager emphasizes the above measures more manage the modern organization. Much of
than others such as quality incidents, first contact the emphasis in todays work environment is
resolution, customer satisfaction etc., it may be preparation to achieve financial goals, achieve
that the service desk analysts are focused on how process innovations, train workers, and create and
many calls they can answer in a day and how maintain new kinds of relationship with customers.
quickly they can complete one call and start the
next. When this happens, with no thought about 4 Kaplan, R. S. and Norton, D. P. (1992). The balanced scorecard: measures
the quality of service being provided, how well that drive performance. Harvard Business Review JanFeb, pp. 7180.
CSI_Chapter_05.indd 33 09/07/2011 10:11

The balanced scorecard is not simply a

Financial Customer
measurement system but a management system As customers how do we view the costs
of IT provision?
What do we as customers
expect of IT provision?
that enables organizations to clarify their vision, Availability of IT services
mission, goals, objectives and strategies and to Understanding IT costs to the business
Ability to control IT costs to the business
Quality of IT services
Performance of IT services
translate them into action. When fully deployed, Economy of IT provision
Return on IT infrastructure investments
Value for money IT services
Reliability of the IT infrastructure
IT contracts management Support of hands-on IT users
the balanced scorecard transforms strategic
planning from an academic exercise into the nerve Innovation Internal
centre of an enterprise. It provides feedback on Does our IT infrastructure enable us to
continue to improve the business?
What must our IT providers
(internally) excel at?
both the internal business processes and external Flexibility of the IT infrastructure
Service-oriented culture
Ability to control changes to IT services
outcomes in order to continually improve strategic and the IT infrastructure
Adaptability of the IT infrastructure to
Skilled staff and IT expertise
Efficiency of IT service provision
Service delivery times
performance and results. changing demand in the business
Communication and knowledge transfer
Processing capacity
Security
Business productivity in relation to IT costs
Accountability of IT provision
The balanced scorecard, as an aid to organizational Harnessing (new) technology
performance management, is a common method

of tracking metrics and performing trend analysis.
Figure 5.12 IT balanced scorecard
It helps to focus on not only financial targets but
also internal processes, customers, and learning
action plans and resource allocation decisions can
and growth issues. The balance should be found
be made with reference to how they contribute
between four perspectives, which are focused
to the strategic balanced scorecard. As with
around the following questions:
any measurement system it is important to link
n Customers What do customers expect of IT the reward systems to the balanced scorecard
provision? objectives. Table 5.12 is an example of a balanced
n Internal processes What must IT excel at? scorecard for a service desk.
n Learning and growth How does IT guarantee The balanced scorecard is not an exclusive IT
that the business will keep generating added feature. On the contrary, many organizations use
value in the future? scorecards in other departments even at the
n Financial What is the cost of IT? board level.
Start very conservatively when implementing
5.5.8.1 Cascading the balanced scorecard the balanced scorecard. Start with two to three,
Many organizations are structured around strategic maybe four, goals and metrics for each perspective.
business units (SBUs) with each business unit Organizations have to make choices; for many, this
focusing on a specific group of products or services will be extremely difficult and time consuming.
offered by the business. The structure of IT may
Implementation is not the most difficult part
match the SBU organization or may offer services
of using the balanced scorecard consolidation
to the SBU from a common, shared services IT
is. Usually, consultants are employed to assist in
organization or both. This last hybrid approach
the introduction of the balanced scorecard. The
tends to put the central infrastructure group in the
challenge is to keep measuring once they are gone.
shared services world and the business solutions
The danger is in the temptation to fall back on
or application development group in the SBU
prior measuring techniques or not measuring at all.
itself. This often results in non-productive finger-
pointing when things go wrong. The business itself
is not interested in this blame-storming exercise 5.5.8.2 The balanced scorecard and
but rather in the quality of IT service provision. measurement-based management
Therefore, the balanced scorecard is best deployed The balanced scorecard approach focuses on
at the SBU level (see Figure 5.12). including customer-defined quality, continual
improvement, employee empowerment, and
Once a balanced scorecard has been defined at
measurement-based management and feedback.
the SBU level, it can be cascaded down through
the organization. For each strategic business The balanced scorecard incorporates feedback
level measure and related target, business units around internal business process outputs, as in
can define additional measures and targets that total quality management (TQM), but also adds a
support the strategic goal and target. In addition, feedback loop around the outcomes of business
CSI_Chapter_05.indd 34 09/07/2011 10:11

Table 5.12 Service desk balanced scorecard example
Financial goal Performance indicator Customer goal Performance indicator

Ability to control service desk Accuracy of service desk Quality of service desk Availability of service desk
costs cost forecasts services (in IT users perception)
Economy of service desk Competitiveness of service Reliability of service desk Compliance to SLAs
Value of service desk Costs of service desk Performance of service desk Restoration of service
Support of hands-on users On-time service delivery
Number of registered user
complaints about IT
Innovation goal Performance indicator Internal goal Performance indicator
Business productivity Minimize mean time to Incident resolution Percentage of first-time-
restore service (MTRS) right incident resolution
Service culture Elapsed time for incidents
Improvements in business Time spent on resolution
Flexibility Meetings SLAs
turnover
Incidents resolved within
Professionalism
Reduction in business costs SLAs
ascribable to the service
Treating customers with
desk
respect
New ways to improve
service
strategies. This creates a double-loop feedback 5.5.9 SWOT analysis

process in the balanced scorecard. SWOT stands for strengths, weaknesses,
An old saying goes: You cant improve what you opportunities and threats. This section provides
cant measure. Metrics must be developed based guidance on properly conducting and using the
on the priorities of the strategic plan, which result of a SWOT analysis, how to select the scope
provides the key business drivers and criteria and range of this common assessment tool, as well
for metrics that managers most desire to watch. as the common mistakes people make when using
Services and processes are then designed to collect a SWOT analysis.
information relevant to these metrics. Strategic This technique involves the review and analysis of
management can then examine the outcomes of four specific areas of an organization: the internal
various measured services, processes and strategies strengths and weaknesses, and the external
and track the results to guide the company and opportunities and threats. Once analysed, actions
provide feedback. The value of metrics is in their should be taken to:
ability to provide a factual basis for defining:
n Develop, exploit and capitalize on the
n Strategic feedback to show the present status organizations strengths
of the organization from many perspectives for
n Reduce, minimize or remove weaknesses
decision makers
n Take maximum advantage of opportunities
n Diagnostic feedback into various services and
n Manage, mitigate and eliminate threats.
processes to guide improvements on a continual
basis SWOT analyses can be performed quickly and
n Trends in performance over time as the metrics can be used to target a specific area rather than
are tracked looking at the entire enterprise.
n Feedback around the measurement methods
themselves, and which metrics should be 5.5.9.1Purpose
tracked A SWOT analysis is a strategic planning tool used to
n Quantitative inputs to forecasting methods and evaluate the strengths, weaknesses, opportunities
models for decision-support systems. and threats involved in a project, business venture
CSI_Chapter_05.indd 35 09/07/2011 10:11

or any other situation requiring a decision. Sizing same and a departmental SWOT is conducted and
up a firms internal strengths and weaknesses and so on until a corporate SWOT is completed.
its external opportunities and threats provides a It is also possible to conduct a SWOT analysis for
quick overview of a firms strategic situation. a service or a process. Table 5.13 provides a list of
factors to consider in performing a SWOT analysis,
5.5.9.2 How to use while Table 5.14 gives an example of an analysis
The first step is to define the desired end state or performed for CSI.
objective. This objective definition must be explicit
and approved by all participants in the process. 5.5.9.4 Common pitfalls of a SWOT analysis
Once the objective is identified, SWOT are The failure to correctly identify the end state will
discovered and listed: result in wasted resources and possibly failure. It
is therefore important to align the SWOT analysis
n Strengths are internal attributes of
with the organizations vision, mission, goals
the organization that are helpful to the
and objectives. The following errors have been
achievement of the objective.
observed in published accounts of SWOT analysis.
n Weaknesses are internal attributes of Making these errors can result in serious losses:
the organization that are harmful to the
achievement of the objective. n Conducting a SWOT analysis before defining
n Opportunities are external conditions that are and agreeing on the desired end state
helpful to the achievement of the objective. n Confusing opportunities (external to the
n Threats are external conditions that are harmful company) with strengths (internal to the
to the achievement of the objective. company); keep them separate
n Confusing opportunities with possible
Correct identification of the SWOT is essential strategies; it may also be useful to keep in mind
because subsequent steps in the process are all that SWOT is a description of conditions, while
derived from the SWOT. To ensure a successful possible strategies define actions.
SWOT analysis, it is a good idea to ensure that the
objective follows the SMART principle which stands
for specific, measurable, achievable, relevant and 5.6 RETURN ON INVESTMENT
time-bound.
5.6.1 Creating a return on investment
SWOT analyses are used as inputs to the creative
The ROI challenge needs to take into consideration
generation of possible strategies, by asking and
many factors. On one side is the investment cost.
answering the following four questions many
This is the money an organization pays to improve
times:
services and service management processes. These
n How can we use each strength? costs will be internal resource costs, tool costs,
n How can we stop each weakness? consulting costs etc. It is often easy to come up
n How can we exploit each opportunity? with these costs.
n How can we defend against each threat? On the other side is what an organization can gain
in a return. These returns are often hard to define
5.5.9.3 Scope, reach and range or quantify. In order to be able to compute these
SWOT analyses can be performed at various levels, items it is important to know the following:
from an individual perspective to a departmental, n What is the cost of downtime? This includes
divisional or even corporate perspective. It is both lost productivity of the customers and the
important to consolidate the lower hierarchical loss of revenue.
management levels before proceeding to the next
n What is the cost of doing rework? How many
level.
failed changes have to be backed out and
For example, all the members of a functional reworked?
team perform an individual SWOT analysis. Then a n What is the cost of carrying out redundant
SWOT for the functional team is performed. Each work? Many organizations that dont have clear
functional team within the department does the
CSI_Chapter_05.indd 36 09/07/2011 10:11

Table 5.13 SWOT analysis

Strength: things to consider Weaknesses: things to consider
Core competencies No clear strategic direction
Financial resources Obsolete facilities
Reputable buyers Low profitability
Acknowledged as market-leader Lack of managerial depth and talent
Well-conceived functional-area strategies Missing some key competencies
Access to economies of scale Poor track record for performance
Little competitive pressure Falling behind in R&D
Proprietary technology Too narrow product line
Cost advantages Weak market image
Strong campaigns Weak distribution network
Product innovation Below-average marketing skills
Proven management Unable to finance needed changes
Ahead on experience curve Higher overall unit costs
Better development/production capability
Superior technology
Opportunities: things to consider Threats: things to consider
Ability to serve additional customer groups or expand into Entry of lower-cost foreign competitors
new market or segments Rising sales of substitute products
Ways to expand product line to meet broader range of Slower market growth
customer needs
Adverse shifts in foreign exchange rates and trade policies
Ability to transfer skills or technological know-how to new of foreign governments
products or businesses
Costly regulatory requirements
Integrating forward or backward
Potentially sudden deregulation
Falling trade barriers in attractive foreign markets
Vulnerability to recession and business cycle
Complacency among rival firms
Growing bargaining power of customers or suppliers
Ability to grow rapidly because of strong increases in
Adverse demographic changes
market demand
Emerging new technologies
Table 5.14 Sample SWOT analysis for CSI

Strengths Weaknesses
People with the right attitude, values and commitment Reactive organization
Management commitment to CSI Immature processes
CSI manager in place Lack of monitoring and reporting tools
Insufficient data
Opportunities Threats
Increased market share of current services Competition
Become a third-party service provider New regulatory requirements
Efficiencies through more integrated operations New technology
Be quicker to market with new products Lack of trained staff
Lack of knowledge management
CSI_Chapter_05.indd 37 09/07/2011 10:11

processes in place and good communication 5.6.2 Establishing the business case
often find that redundant work is being done. The business case should articulate the reason for
n What is the cost of non-value added projects? undertaking a service or process improvement
Many projects have been fully funded initiative. As far as possible, data and evidence
and resourced, but because of changing should be provided relating to the costs and
requirements they no longer add value. Despite expected benefits of undertaking process
this the project moves forward instead of being improvement, noting that:
stopped.
n Process redesign activities are more complex and
n What is the cost of late delivery of an
therefore more costly than initially expected.
application? Does this impact on the ability to
n Organizational change impact is often
deliver a new service or possibly an additional
underestimated.
way to deliver an existing service?
n Changed process usually requires changed
n What is the cost of escalating incidents to
competencies and tools, adding further to the
second and third level support groups instead
expense.
of resolving incidents at the first level? There is
often a difference in utilization staff in second In developing a business case, the focus should
level and third level support groups. The more not be limited to ROI but also on the business
we escalate incidents to these groups the less value that service improvement brings to the
time they have to work on projects that they organization and its customers (VOI), because ROI
may also be assigned to. alone does not capture the real value of service
n What is the fully allocated hourly cost for improvement. Should an organization choose to
different employee levels? focus solely on ROI, much of the potential benefit
achievable will not be disclosed nor reviewed after
These are only some of the things that have to be
the fact. This could in turn result in worthwhile
considered when creating a ROI statement. The
initiatives not being approved, or a review of the
cost of not implementing the improvement also
initiative revealing apparent failure, when it was
has to be taken into account.
actually successful.
There are different approaches to measuring and
Not surprisingly, most business and IT executives
reporting on availability. Availability is a good
expect a return on their investment. It is important
measure to understand the cost of lost productivity,
to recognize that an investment in CSI, and
the cost of not being able to complete a business
realizing its benefits, can vary depending on the
transaction, or the true cost of downtime.
customer base, size of IT and maturity of the ITIL
Approaches include measuring:
process implemented. Also benefits will cross
n Impact by minutes lost this is a calculation on existing organizational boundaries and true
the duration of downtime multiplied by the benefits can only be captured in collaboration with
number of customers impacted. This can be used the users/customers and ITIL process owners. The
to report on lost customer productivity. focus is therefore to work with the stakeholders to
n Impact by business transaction this calculation develop business and IT specific indicators that link
is based on the number of business transactions business value measures with contributions from IT.
that could not be processed during the In other words, how does ITIL process improvement
downtime. This measurement provides a better add value to the organization?
indication of business impact.
Examples of business value measures are:
n The true cost of downtime that has been agreed
on. n Time to market
n Customer retention
Other areas of warranty such as security,
n Market share.
recoverability and ensuring there is sufficient
capacity also have to be taken into account. ITs contribution can be captured through:
n Gaining agility
n Managing knowledge
n Enhancing knowledge
CSI_Chapter_05.indd 38 09/07/2011 10:11

n Reducing costs Another aspect to consider in business case

n Reducing risk. development is situations where value will be lost
by not undertaking process improvement activities.
IT should begin by defining the types of business There will be situations where failure to take
values that each improvement will contribute to. action will severely impact the business and IT the
As an example, the US Sarbanes-Oxley legislation value of process improvement may, in fact, not be
and other international laws require that the value added, but value retained.
business processes be certified to produce financial As a final note, care should be taken in developing
reports in addition to certifying the reports the business case to ensure that the success criteria
themselves. Sarbanes-Oxley is about improving are clearly defined, showing how they are to
transparency and accountability in business be measured, and when they are going to be
processes and corporate accounting to restore measured.
confidence in public markets. It regulates processes
and business practices. Therefore having a higher 5.6.3 Expectations whats in it for me?
level of ITIL maturity will facilitate regulatory
Considerations for business executives include:
compliance.
n The benefits of ITIL process improvements
Without a mature process framework it is natural
n What impact it has on my business
for organizations to take an ad hoc approach to
compliance. They address requirements as they n Revenue increase
emerge, through a series of one-offs, just-in-time n Cost reduction
projects. Since compliance affects a lot of ongoing n VOI.
business activity, this is disruptive, increases the
Considerations for the chief finance officer include:
required effort and becomes time-consuming and
very expensive. n The ROI
n Payback time.
If an investment is well conceived, solid and
delivers results, it can lead to cost savings in the Considerations for IT include:
long run. Therefore it is important to choose the
n How ITIL benefits translate to business benefits.
right investment and make sure they deliver. When
Find one or two compelling reasons why the
presenting a business case for an ITIL process
organization should spend the time and money.
improvement project, it is important to help
executives understand the business value of the Determine the current or anticipated concern of
ITIL process framework. The tendency for most the organization about IT. Estimate the cost if
IT executives is to over-emphasize technology the status quo were to remain and subsequently
and tools. Technology is a means to an end. The estimate the savings that could be realized if the
benefits are realized from the business changes. It IT service management (ITSM) processes were put
is important to address how people and processes in place or improved. Examples include new lines
will change, from as is to the to be state. of business overseas, poor response time or time
taken to handle incidents and problems, and the
The as is stage can be defined as a baseline.
number of incidents in the organization.
Capturing the baseline of the performance
measurements affected by the proposed
implementation is paramount to the business case. 5.6.4 Business cases in a data-poor
The careful preparation of the baseline will facilitate environment
meaningful business information and level setting Organizations intending to undertake service
about relevant business issues, allowing strategic improvement activities may find themselves
alignment to take place. The focus should be to in a situation where the lack of process means
develop cause-and-effect metrics to link the benefits that there is no viable body of data or evidence
against the measurements selected along with to quantify expected benefits, ROI or VOI.
the impact on other areas of the enterprise. The How, then, does such an organization justify
metrics should be monitored before, during and process improvement, or recognize how much
after the ITIL implementation to determine how the expenditure is appropriate to achieve cost-effective
projected values are being delivered. improvements?
CSI_Chapter_05.indd 39 09/07/2011 10:11

An approach that circumvents this situation is to gain identify which processes are most divergent from
approval to establish basic measurement capabilities, ITIL practices. It should, however, be noted that this
as a means of gathering consistent data. This may be activity will only identify the absence of process
as simple as ensuring that all IT staff record data in and/or data. A process maturity assessment will not
a consistent fashion, or start measuring activities or in itself provide the data to justify how much to
outcomes that are not currently captured. After an spend on improving process.
agreed period of data capture, some evidence will Where organizations establish a basic
exist to support (or perhaps not support) a process measurement and monitoring capability, some
improvement initiative. caution should be exercised regarding the quality
Another approach is to undertake a process of this data: be aware of limitations of new data.
maturity assessment of current processes, to Even if the data doesnt make any sense, this is
reason enough to explore the opportunity for
Example of good management improvements.
XYZ Limited has grown rapidly from a single-site It is important that once the decision to start
to a multi-site environment and now employs capturing and reporting on data is made, an
1,500 people, up from 250 people two years ago. initial baseline is created so improvements can be
The IT group has struggled to match the business measured against it.
growth with growth in process consistency and
service delivery. The business is demanding that 5.6.5 Measuring benefits achieved
the IT group performs better as the shortcomings
While the initial identification of benefits is an
in IT service are now impacting the business
estimate of those likely to be realized by the
bottom-line.
proposed process improvement initiative, there is
The IT manager identifies that lack of consistent also a need subsequently to measure the benefits
process and business focus are the roadblock actually achieved. These measurements attest to
to delivering better service to the business. She whether the improvement activity achieved the
realizes that the staff are working very hard, but intended outcomes and should consider whether:
are often doing re-work or repairing self-inflicted
errors. While good technicians, they are averse to n The envisaged improvements were realized
documenting activities or outcomes. n The benefits arising from the improvements
were achieved
Data and measurement are currently inconsistent.
n The target ROI was achieved
While she knows average business and IT staff
salary costs, the costs of service outage etc. are n The intended value-added was actually achieved
not known nor can they be calculated using (VOI)
current data. n The outcomes of the preceding points lead to
further process improvement actions being
Rather than requesting funding to undertake
re-evaluated
process improvements, the IT manager requests
n Enough time has passed before measuring the
funding for a pilot project to establish a
benefits. Some benefits will not be immediately
rudimentary measurement framework to start
apparent, and it is likely that benefits will
capturing data in a standard fashion, using more
continue to change over time, as ongoing costs
or less existing processes. This pilot initiative after
and ongoing benefits continue to move.
three months provides clear evidence that the
true failure rate of changes is much higher than A further consideration in the measurement of
previously expected, and a key contributor to benefits is that data quality and measurement
business and IT loss of productivity. precision pre- and post-improvement could be
Armed with this evidence, the IT manager different, thus giving rise to the direct comparison
prepares a business case detailing some of the not being valid. If this is the case, the data will
current deficiencies and expected benefits and need to be normalized before validating benefits.
returns to be delivered from properly quantifying In 2006, the US state of North Carolina
process gaps and undertaking appropriate implemented some improvements based on the
process improvement. ITIL framework. The improvements took place in a
CSI_Chapter_05.indd 40 09/07/2011 10:11

span of less than three months. ITS is the name of Cross-referenced data must still be presented
the states IT organization. These are the results of which align precisely to any contracted, chargeable
tactical quick-win efforts targeted in tandem with elements of the delivery, which may or may not
the training programme and the states awareness be technical depending on the business focus and
campaign. This information is reproduced with language used within contracts and SLAs.
permission:
It is not satisfactory simply to present reports that
n IT has improved its ability to resolve incidents depict adherence (or otherwise) to SLAs, which
within its target timeframe by 32%. in themselves are prone to statistical ambiguity.
n IT has improved its ability to resolve service IT needs to build an actionable approach to
requests within its target timeframe by 20%. reporting: this is what happened, this is what we
n Change management process compliance did, this is how we will ensure it doesnt impact you
increased more than twofold resulting in fewer again, and this is how we are working to improve
incidents and reduced downtime. the delivery of IT services generally.
The first two processes to be developed and A reporting ethos that focuses on the future as
implemented were incident and change strongly as it focuses on the past also provides the
management. As with most organizations, the means for IT to market its wares directly aligned
state of North Carolina already had an existing to the positive or negative experiences of the
change and incident process. This organization business.
started showing immediate improvement
before any formal improvement programme 5.7.1 Reporting policy and rules
was implemented simply by identifying and An ideal approach to building a business-focused
communicating the key metrics that were going to service-reporting framework is to take the time
be reviewed by senior management. Staff began to define and agree the policy and rules with the
following their existing process simply because business and service design about how reporting
they knew reporting against certain performance will be implemented and managed.
measures had started and that these performance This includes:
measures were discussed among senior managers.
Not only were these discussions held but there was n Targeted audience(s) and the related business
clear guidance that the performance measures views on what the service delivered is
had to improve. These improvements can easily be n Agreement on what to measure and report
translated into overall business improvements. n Agreed definitions of all terms and boundaries
n Basis of all calculations
5.7 SERVICE REPORTING n Reporting schedules
n Access to reports and medium to be used
This section will look into the various aspects of
n Meetings scheduled to review and discuss
reporting such as identifying the purpose, the target
reports.
audience and what the report will be used for.
As discussed in Chapter 4 a significant amount 5.7.2 Right content for the right audience
of data is collated and monitored by IT in the Numerous policies and rules can exist as long as
daily delivery of quality service to the business; it is clear for each report which policies and rules
however, only a small subset is of real interest have been applied, e.g. one policy may be applied
and importance to the business. Most data and to manufacturing whereas a variant may be more
its meaning are more suited to the internal suited to the sales team. However all policies and
management needs of IT. rules form part of the single reporting framework.
The business likes to see a historical representation Once the framework, policies and rules are in
of the past periods performance that portrays its place, targeting suitably styled reports becomes
experience; however, it is more concerned with simply a task of translating flat historical data
those historical events that continue to be a threat into meaningful business views (which can be
going forward, and how IT intends to militate automated). These need to be annotated around
against such threats. the key questions, threats, mitigations and
CSI_Chapter_05.indd 41 09/07/2011 10:11

improvements such data provoke. Reports can then can demonstrate this impact in real terms and
be presented via the medium of choice, e.g. paper- help quantify the benefits of improvement
based hard copies, online soft copies, web-enabled opportunities.
dynamic HTML, current snapshot whiteboards, or Availability management plays an important role
real-time portal/dashboards. in helping the IT support organization recognize
Simple and effective customizable and automated where it can add value by exploiting technical skills
reporting is crucial to a successful, ongoing and competencies in an availability context. The
reporting system that is seen as adding value to the continual improvement technique can be used by
business. Over time, many of the initial standard availability management to harness this technical
reports may become obsolete in favour of the capability. This can be used with either small
regular production of custom reports which have groups of technical staff or a wider group within a
been shaped to meet changing business needs and workshop environment. The information provided
become the standard. by availability management is made available
to CSI through the availability management
The end result is the targeted recipient having
information system (AMIS).
clear, unambiguous and relevant information in
a language and style that they understand and This section provides practical usage and details
like, accessible in the medium of their choice, and on how each availability management method
detailing the delivery of IT into their environment mentioned below can be used in various activities
within their boundaries. of CSI.
5.8.1.1 Component failure impact analysis

5.8 CSI AND OTHER SERVICE
Component failure impact analysis (CFIA) identifies
MANAGEMENT PROCESSES
single points of failure, IT services at risk from
CSI activities make extensive use of methods and failure of various CIs and the alternatives that are
practices found in many ITIL processes throughout available should a CI fail. It should also be used
the lifecycle of a service. Far from being redundant, to assess the existence and validity of recovery
the use of the outputs in the form of flows, procedures for the selected CIs. The same approach
matrices, statistics or analysis reports provides can be used for a single IT service by mapping the
valuable insight into the services design and component CIs against the vital business functions
operation. This information, combined with new and users supported by each component.
business requirements, technology specifications,
When a single point of failure is identified, the
IT capabilities, budgets, trends and possibly
information is provided to CSI. This information,
legislation, is vital to CSI to determine what
combined with business requirements, enables CSI
needs to be improved prioritize it and suggest
to make recommendations on how to address the
improvements if required.
failure.
5.8.1 Availability management
5.8.1.2 Fault tree analysis
Availability managements methods are part of the
Fault tree analysis (FTA) is a technique that can
measuring process explained in Chapter 4. They
be used to determine a chain of events that has
are part of the measuring process gathering,
caused an incident, or may cause an incident in the
processing and analysing activities. When the
future. It offers detailed models of availability, and
information is provided to CSI in the form of a
makes a representation of a chain of events using
report or presentation, it becomes part of CSIs
Boolean algebra and notation. Essentially FTA
gathering activity. For more details on each
distinguishes between four events: basic events,
method, please consult ITIL Service Design.
resulting events, conditional events and trigger
Availability management provides IT with events.
the business and user perspective about how
When provided to CSI, FTA information indicates
deficiencies in the infrastructure and underpinning
which part of the infrastructure, process or service
process and procedures impact the business
was responsible in the service disruptions. This
operation. The use of business-driven metrics
information, combined with business requirements,
CSI_Chapter_05.indd 42 09/07/2011 10:11

enables CSI to make recommendations about how room. Space agencies dont wait for the rocket
to address the fault. to be launched and experience a problem before
gathering specialists to monitor, observe and
5.8.1.3 Service failure analysis provide feedback. They set it up well before the
Service failure analysis (SFA) is a technique actual launch and practise monitoring, observing
designed to provide a structured approach to and providing feedback.
identify end-to-end availability improvement Certainly, launching a rocket is very costly, but so
opportunities that deliver benefits to the user. is launching a new service, system or process. Can
Many of the activities involved in SFA are closely the business afford a catastrophic failure of a new
aligned with those of problem management. In enterprise resource planning (ERP) application,
a number of organizations these activities are for example? Incidentally, rocket launches
performed jointly by problem and availability are often aborted seconds before the launch.
management. SFA should attempt to identify Shouldnt organizations (including yours) do the
improvement opportunities that benefit the end same when someone discovers a major potential
user. It is therefore important to take an end-to- flaw in a service or system? CSI starts from the
end view of the service requirements. beginning and includes preventing things from
CSI and SFA work hand in hand. SFA identifies failing in the first place. Lets fix the flaw before
the business impact of an outage on a service, it goes into production instead of fixing the fixes
system or process. This information, combined (what a concept!). This information, combined
with business requirements, enables CSI to with business requirements, enables CSI to make
make recommendations about how to address recommendations about how to address the TOs
improvement opportunities. findings.
5.8.1.4 Technical observation 5.8.1.5 Expanded incident lifecycle

A technical observation (TO) is a prearranged First, lets define a few items:
gathering of specialist technical support staff from n Availability management The process
within IT support. They are brought together responsible for defining, analysing, planning,
to focus on specific aspects of IT availability. measuring and improving all aspects of
The TOs purpose is to monitor events in real the availability of IT services. Availability
time as they occur, with the specific aim of management is responsible for ensuring that all
identifying improvement opportunities within IT infrastructure, processes, tools, roles etc. are
the current IT infrastructure. The TO is best suited appropriate for the agreed service level targets
to delivering proactive business and end-user for availability.
benefits from within the real-time IT environment. n Expanded incident lifecycle A technique to
Bringing together specialist technical staff to help with the technical analysis of incidents
observe specific activities and events within affecting the availability of components and IT
the IT infrastructure and operational processes services (see Figure 5.13). The expanded incident
creates an environment to identify improvement lifecycle is further made up of two parts: time
opportunities. to restore service (also known as downtime) and
The TO gathers, processes and analyses information time between failures (also known as uptime).
about the situation. Too often the TO is reactive There is a diagnosis part to the incident lifecycle
by nature and is assembled hastily to deal with an as well as repair, restoration and recovery of the
emergency. Why wait? If the TO is included as part service.
of the launch of a new service, system or process
Lets assume that CSI has decided to improve the
for example, a lot of the issues inherent to any new
incident lifecycle by reducing the mean time to
component would be identified and dealt with
restore service (MTRS) and expanding the mean
more quickly.
time between failures (MTBF).
One of the best examples of a TO is the mission
control room for a space agency. All the specialists
from all aspects of the mission are gathered in one
CSI_Chapter_05.indd 43 09/07/2011 10:11

Incident Incident Incident

start start start
Uptime Uptime Uptime (availability)
Service Service Service

available available available
Downtime (time to restore) (MTRS) Downtime

Service
Service unavailable unavailable
Availability Availability
Diagnose Recover
Detect Repair Restore
Time between service Time between failures (MTBF)

incidents (MTBSI)
Time
Figure 5.13 The expanded incident lifecycle
Here is an example of how availability n Using SFA, availability management can make
management can assist in reducing downtime in recommendations to increase the reliability of
the expanded incident lifecycle by using many components, thus reducing the likelihood of an
techniques: incident occurring in the first place.
n Monitoring (detection of incident)By n Scheduling and performing adequate and
adequately monitoring for availability of required internal maintenance of components
vital business functions through automated (maintainability), availability management can
monitoring tools (set at the right threshold) that help to increase the resilience of components,
record and escalate incidents, the time it takes thus reducing the likelihood of an incident
to detect and record incidents is reduced. causing an outage.
n Incident recording Since one of availability n Ensuring that external maintenance of
managements goals is to optimize the components (serviceability) is properly
support organization, educating and training scheduled and performed by external vendors,
first-line staff as well as simplifying and/or availability management can help to increase
automating incident recording helps reduce the the resilience of components, thus reducing the
time it takes to record incidents. likelihood of an incident causing an outage.
n Investigation Using the FTA method, n Conducting a CFIA to predict and evaluate the
availability management assists in reducing impact on IT service availability arising from
the time to investigate by creating proper component failures assists in identifying single
investigation procedures for incident points of failure. Availability management
management staff. The same logic applies to will either submit recommendations for
the diagnosis of the incident cause, resolution enhancements to the resilience and reliability
and recovery. of such components or provide better
troubleshooting procedures to the support
Here is an example of how availability groups.
management can assist in increasing up-time in n Implementing security recommendations
the expanded incident lifecycle by using many coming from information security management
techniques:
CSI_Chapter_05.indd 44 09/07/2011 10:11

regarding the confidentiality, integrity and They may be generated by the business or may
availability of associated data helps reduce originate from the capacity management process
malicious or unauthorized access to data, itself. Such examples could be a recommendation
ensuring data integrity, and thus reducing the to upgrade to take advantage of new technology,
likelihood of an incident occurring or decreasing or the implementation of a tuning activity to
the time it takes to respond to or resolve an resolve a performance problem.
incident.
Information gathered here enables CSI to answer
the question What do we need?
5.8.2 Capacity management
This section provides practical usage and details 5.8.4 Service capacity management
about how each capacity management method A prime objective of the service capacity
mentioned below can be used in various activities management sub-process is to identify and
of CSI. understand the IT services, their use of resource,
The capacity management process must be working patterns, peaks and troughs, as well as
responsive to changing requirements for processing to ensure that the services can and do meet their
capacity. New services are required to underpin SLA targets. In this sub-process, the focus is on
the changing business. Existing services will require managing service performance, as determined by
modification to provide extra functionality. Old the targets contained in the SLAs or SLRs.
services will become obsolete, freeing up capacity. The key to successful service capacity management
Capacity management must ensure sufficient is to pre-empt difficulties, wherever possible.
hardware, software and personnel resources are This is another sub-process that has to be
in place to support existing and future business proactive and anticipatory rather than reactive.
capacity and performance requirements. However, there are times when it has to react
Similarly to availability management, capacity to specific performance problems. Based on the
management can play an important role in helping knowledge and understanding of the performance
the IT support organization recognize where it requirements for each service, the effects of
can add value by exploiting its technical skills and changes in the use of services can be estimated,
competencies in a capacity context. The continual and actions taken to ensure that the required
improvement technique can be used by capacity service performance can be achieved. Information
management to harness this technical capability. gathered here enables CSI to answer the question
This can be used with either small groups of What do we need?
technical staff or a wider group within a workshop
environment. 5.8.5 Component capacity management
The information provided by capacity management A prime objective of the component capacity
is made available to CSI through the capacity management sub-process is to identify and
management information system (CMIS). understand the capacity and utilization of each
of the components of the IT infrastructure. This
5.8.3 Business capacity management ensures the optimum use of the current hardware
and software resources in order to achieve and
A prime objective of the business capacity
maintain the agreed service levels. All hardware
management sub-process is to ensure that future
components and many software components in the
business requirements for IT services are considered
IT infrastructure have a finite capacity, which, when
and understood, and that sufficient capacity to
exceeded, have the potential to cause performance
support the services is planned and implemented in
problems.
an appropriate timescale.
As in service capacity management, the key to
As a result, the ability to satisfy the customers
successful component capacity management
SLRs will be affected. It is the responsibility of
is to pre-empt difficulties wherever possible.
capacity management to predict and cater to these
Therefore this sub-process has to be proactive and
changes. These new requirements may come to
anticipatory rather than reactive. However, there
the attention of capacity management from many
are times when it has to react to specific problems
different sources and for many different reasons.
CSI_Chapter_05.indd 45 09/07/2011 10:11

Marketing Sales Finance

Business
capacity
Business Business Business
2 3 5 6 8 9
process 1 process 4 process 7
SLAs
SLAs
SLAs
SLAs
SLRs
Service
capacity
Service A Service B Service C
Figure 5.14 Connecting business and service capacity management
Table 5.15 Departmental requirements

Employees 15 40 5
Number of emails per day 100 200 50
Size of attachment 10 Mb 5 Mb 10 Mb
Frequency of large infrequent very (contracts) often
attachment
Requires remote access No Yes Yes
Requires hand-held No Yes No

computer
that are caused by a lack or inefficient use of can be reviewed. This, in turn, enables the
resources. optimization of the service based on the usage and
performance requirements from each customer.
It is important to understand how the three sub-
processes tie together. Lets look at the example in This, however, only focuses on the current
Figure 5.14. utilization. Future business requirements for this
service also need to be reviewed. Growth can
There are three services: A, B and C; and three
happen in one of three ways as shown in Figure
departments: Marketing, Sales and Finance. Service
5.15. In this figure, curve 1 indicates a steady
A is used by all three departments. Service B is used
growth or deployment of the service over time;
only by Marketing and Sales. Service C is used only
curve 2 indicates a big-bang approach where
by Finance.
everyone starts using the new service at the same
The requirements for each service from each time and usage stabilizes over time; and curve
department are shown in Table 5.15. 3 indicates a small number of people using the
From Table 5.15, the overall size of the email new service before it is eventually deployed to
service can be computed. If email was the only everyone.
service, it would be relatively simple. There are You can predict which growth curve is correct as
other services offered and each service makes use accurately as you can predict the weather a year
of four major components: hardware, software, from now. Looking at curve 2, it is important to
documentation and people. Using the CFIA report ensure sufficient initial capacity for all components
from availability management it is possible to hardware, software, documentation and people.
identify all the components of each service and Looking at curve 1 additional capacity is required
which component is used by which service. From but can wait if curve 3 is considered. Now what
there optimizing the capacity of each component would happen if the business scenario predicts
CSI_Chapter_05.indd 46 09/07/2011 10:11

curve 2 and curve 3 is what actually happens? The

2
1 result is over-capacity and IT is blamed for poor
planning and for overspending. Consider the
opposite scenario where the business predicts curve
3 3 and curve 2 is what actually happens. The result is
Growth
under-capacity and IT gets blamed for poor planning.

Remember that only one service was reviewed so
far. There are three services in the example. You
need to understand the service and business along
with the component capacity requirements to be
able to identify the true capacity requirements.
Time More importantly business capacity can be
computed since how much a business unit consumes
Figure 5.15 Business capacity growth model a service is known. This is when the infrastructure
required to deliver and support the services can be
properly put in place (see Figures 5.16 and 5.17).
Service
capacity
Component
capacity
H/W S/W DOC People
Figure 5.16 Connecting service and component capacity management

Business
capacity
Business Business Business
2 3 5 6 8 9
process 1 process 4 process 7
SLAs
SLAs
SLAs
SLAs
SLRs
Service
capacity
Component
capacity
H/W S/W DOC People
Figure 5.17 Connecting businesses, service and component capacity management
CSI_Chapter_05.indd 47 09/07/2011 10:11

From this point, IT is in a better position to improve new self-service system this could be a positive
the service provision. In order to do this IT must influencing experience.
start not only to measure but also to influence
CSI needs to review demand management policies
the business. Influencing the business is part of
to ensure that they are still effective. A policy
demand management.
that was good a couple of years ago may not be
workable or useful today. For example, a few years
5.8.6 Workload management and ago, large email attachments were uncommon. It
demand management made sense to limit attachments to 2 Mb. Todays
Workload management can be defined as reality is different.
understanding which customers use what service,
when they use the service, how they use the 5.8.7 Iterative activities of capacity
service, and finally how using the service impacts management
the performance of a single or multiple systems
and/or components that make up a service. 5.8.7.1 Trend analysis
Demand management is often associated Trend analysis can be performed on the resource
with influencing the end users behaviour. utilization and service performance information
By influencing the end users behaviour an that was collected by the service and component
organization can change the workload thus capacity management sub-processes. The data can
improving the performance of components that be held in a spreadsheet and the graphical, trend
support IT services. Using demand management analysis and forecasting facilities used to show the
can be an effective way of improving services utilization of a particular resource over a previous
without investing a lot of money. A full discussion period of time, and how it can be expected to
of demand management can be found in ITIL change in the future. Typically trend analysis only
Service Strategy and ITIL Service Design. provides estimates of future resource utilization. It
is less effective in producing an accurate estimate
There are different ways to influence customer
of response times, in which case either analytical or
behaviour. Charging for services is an obvious way,
simulation modelling should be used.
but it is not always effective. Sometimes people still
need to use the service and will use it regardless of This activity provides insight into resource
the price. Putting in place policies regarding proper utilization and is used by both CSI and problem
usage of the service is another way to influence management to identify opportunities for
customer behaviour; communicating expectations improvements. Trend analysis is rooted in the data
for IT and the business, educating people on how analysis activity of the measuring process.
to use the service and negotiating maintenance It is important to recognize that trend analysis is
windows are just as effective in influencing also an activity of proactive problem management
customers. Putting in place restrictions such as (see section 4.4 in ITIL Service Operation).
amount of space allocated for email storage is However, the focus is different. Whereas problem
another way to influence behaviour. management focuses on trends in errors and
Consider carefully how you try to influence faults (the past), capacity management is forward
a customers behaviour and it may become a looking. It might be looking for innovation in
negative influence rather than a positive influence. storage management, or at expected growth versus
As an example, if an organization chooses to real growth and recommend adjustments.
charge for every contact to the service desk, this
could create a negative behaviour in that end 5.8.7.2Modelling
users no longer call or email the service desk, but Modelling types range from making estimates
call second-level support directly, or turn to peer- based on experience and current resource
to-peer support, which ultimately makes the cost utilization information, to pilot studies, prototypes
of support go up, not down. However if the goal and full-scale benchmarks. The former are
is to move end users to using a new self-service cheaper and more reasonable for day-to-day small
web-based knowledge system, then with a proper decisions, while the latter are expensive but may be
communication and education plan on using the advisable when implementing a large new project.
CSI_Chapter_05.indd 48 09/07/2011 10:11

Since it is impossible to have an exact duplicate of the cost, and associated performance implications,
the infrastructure for testing purposes, CSI makes assume great importance.
use of the information provided by the capacity
management modelling activity to predict the 5.8.7.5 Baseline models
behaviour of service improvements before the Improvements are gradual and incremental by
improvement is actually carried out. This may nature. How can one claim to have improved if a
prevent costly implementations or problems baseline is not established before the improvement
later. Modelling results can be used by change takes place?
management to assess the impact of a change on
the infrastructure or may be used as part of release The first stage in modelling is to create a baseline
testing. Whether it is used by another process model that accurately reflects the performance
before the information makes its way to CSI, that is being achieved. When this baseline model is
modelling is a valuable tool. created, predictive modelling can be undertaken. If
the baseline model is accurate, then the accuracy of
Modelling can also be used in conjunction with the result of the predicted changes can be trusted.
demand management to predict the possible
effects of demand management efforts and Effective service and component capacity
initiatives. This allows IT to answer questions such management together with modelling techniques
as What happens if we fail? and What happens if enable capacity management to answer the What
we are successful? if? questions: What if the throughput of service A
doubles? or What if service B is moved from the
5.8.7.3 Analytical modelling current processor onto a new processor how will
the response times in the two services be altered?
Analytical models are representations of computer
systems behaviour using mathematical techniques Figure 5.18 illustrates how CSI can make use
such as multi-class network queuing theory. When of the intricate relationships between capacity
the model is run, the queuing theory is used to management and other processes and activities.
calculate computer system response times. If At first glance the diagram seems very busy.
the response times predicted by the model are However, it illustrates the inputs and outputs from
sufficiently close to the response times recorded in other processes and activities into and out of the
real life, the model can be regarded as an accurate various sub-activities of capacity management. CSI
representation of the computer system. The will then use this information to assist capacity
technique of analytical modelling requires less time management in planning for future capacity and
and effort than simulation modelling, but typically performance as well as identifying improvement
gives less accurate results. Also the model must be opportunities.
kept up to date.
5.8.8 IT service continuity management
5.8.7.4 Simulation modelling This section provides practical usage and details
Simulation involves the modelling of discrete about how each ITSCM method can be used in
events, such as transaction arrival rates, against various activities of CSI.
a given hardware configuration. This type of
modelling can be very accurate in sizing new 5.8.8.1 Business continuity management,
applications or predicting the effects of changes ITSCM and CSI
on existing applications. It can also be very time- Any CSI initiative to improve services needs to also
consuming and therefore costly. have integration with ITSCM as any changes to the
When simulating transaction arrival rates, have a service requirements, infrastructure etc. need to
number of staff enter a series of transactions from be taken into account for any changes that may
prepared scripts, or use software to input the same be required for the continuity plan. That is why
scripted transactions with a random arrival rate. it is important for all SIPs to go through change
Either of these approaches takes time and effort to management.
prepare and run. However it can be cost-justified Business continuity management (BCM) is
for organizations with very large systems where concerned with managing risks to ensure that
CSI_Chapter_05.indd 49 09/07/2011 10:11

SLM
Incident mgt Financial mgt
Customers
Problem mgt for IT services
Workload Demand
management management
CFIA, FTA, SFA, MoR, TO

Development
Capacity
Application Modelling
planning
sizing (test lab)
(the plan)
Resource Performance
management management
Change mgt Measuring

Release and performance
deployment Technical infrastructure CMIS
CMS
Figure 5.18 Capacity management activities
an organization can continue operating to a Problem management activities are generally

predetermined minimum level. The BCM process conducted within the scope of service operation
involves reducing the risk to an acceptable level and CSI must take an active role in the proactive
and planning for the recovery of business processes aspects of problem management to identify and
should a risk materialize and a disruption to the recommend changes that will result in service
business occur. improvements.
ITSCM allows an IT organization to identify, Further information on the problem management
assess and take responsibility for managing its process can be found in ITIL Service Operation.
risks, thus enabling it to better understand the
environment in which it operates, decide which 5.8.10 Change management, release and
risks it wishes to counteract, and act positively to deployment management
protect the interests of all stakeholders (including
It is likely that all CSI improvement activities will
staff, customers, shareholders, third parties and
fall under the scope of change management and
creditors). CSI can complement this activity and
release and deployment management. CSIs goal is
help to deliver business benefit.
to identify and implement improvement activities
on IT services that support the business processes as
5.8.9 Problem management well as to identify and implement improvements to
CSI and problem management are closely related ITSM processes. The improvement activities support
as one of the goals of problem management is the lifecycle approach through service strategy,
to identify and remove errors permanently that service design, service transition and service
impact services from the infrastructure. This operation.
directly supports CSI activities of identifying and
CSI is an ongoing activity constantly monitoring,
implementing service improvements.
analysing and researching improvement
Problem management also supports CSI activities opportunities, whereas release and deployment
through trend analysis and the targeting of management depends on the change management
preventive action. process for its work.
CSI_Chapter_05.indd 50 11/07/2011 16:07

There are many activities of the release and n Greater market competition forcing company
deployment management process that can be employees to share knowledge between
utilized by CSI. Once CSI has come up with a departments and subsidiaries.
recommendation for improvement, a change
request is submitted. The proposed change is then 5.8.11.1 Knowledge management concepts
scheduled as part of a release. The release and
Effective knowledge management enables
deployment management process will identify any
a company to optimize the benefits of these
areas requiring improvement for new or updated
changes, while at the same time:
services during the early life support phase.
n Enhancing the organizations effectiveness
5.8.10.1 Post-implementation review through better decision-making enabled by
having the right information at the right time,
As a part of change management a post-
and facilitating enterprise learning through
implementation review (PIR) is carried out on
the exchange and development of ideas and
certain changes. CSI, working with change
individuals
management, can require a PIR for all changes that
CSI was a part of for improving a service (see ITIL n Enhancing customersupplier relationships
Service Transition). CSI needs to participate in any through sharing information and services to
PIR on changes that are implemented to improve expand capabilities through collaborative
a service. As part of a PIR it is important for CSI efforts
to identify if the change actually improved the n Improving business processes through sharing
service or if there are still some issues. If a change, lessons learned, results and best practices across
once implemented, fails to improve the service the organization.
as desired, then CSI activities need to continue Knowledge management is key to the overall
working with service design, service transition and viability of the enterprise, from capturing the
service operation. competitive advantage in an industry to decreasing
cycle time and cost of an IT implementation.
5.8.11 Knowledge management The approach to cultivating knowledge depends
One of the key domains in support of CSI is heavily on the make-up of the existing knowledge
knowledge management. Capturing, organizing, base, and knowledge management norms for
assessing for quality and using knowledge is great cultural interaction.
input in CSI activities. An organization has to
There are two main components to successful
gather knowledge and analyse what the results
knowledge management:
are in order to look for trends in service level
achievements and/or results and output of service n An open culture where knowledge best
management processes. This knowledge is used to practices and lessons learned is shared across
identify improvement opportunities for inclusion the organization and individuals are rewarded
in the CSI register, for subsequent review and for it. Many cultures foster an environment
prioritization of the register, and for building SIPs. where knowledge is power (the more you
know that others do not, the more valuable you
Knowledge management in todays market is vastly
are to the company). This type of knowledge
different from what it was 10 years ago. Just in
hoarding is a dangerous behaviour for a
that short amount of time there has been:
company to reward since that knowledge
n An increase in the rate of change in industry may leave the company at any time. Another
and market landscapes, as barriers to entry have tenet of an open culture is a willingness to
decreased and new opportunities opened up learn. This is an environment where growing
n An increase in employee turnover, as it has an individuals knowledge base is rewarded
become more socially acceptable and often and facilitated through open support and
beneficial to change companies during a career opportunities.
to develop and share new experiences and n The infrastructure a culture may be open to
perspectives knowledge sharing, but without the means
n An increase in access to information via the or infrastructure to support it, even the best
internet and a more open global economy intentions can be impaired, and over time this
CSI_Chapter_05.indd 51 09/07/2011 10:11

serves as a demotivator, quelling the behaviour. All this knowledge comes from the service
This infrastructure can be defined in various knowledge management system (SKMS) (see Figure
ways; it may be a technical application or system 5.19). ITIL Service Transition explains the principles
which allows individuals to conduct online, self- and structure of the SKMS.
paced training, or it may be processes such as
post-mortems or knowledge sharing activities 5.8.12 Risk management
designed to bring people together to discuss Although not an ITIL-defined ITSM process, risk
best practices or lessons learned. management is part of many processes such
The identification of knowledge gaps and resulting as change management, ITSCM, availability
sharing and development of that knowledge management, information security management
must be built into CSI throughout the IT lifecycle. and strategic risk management. Risks to all
This also raises the issues of dependencies and elements of warranty and utility need to be
priorities. The IT lifecycle itself drives a natural assessed and mitigated where possible. While
priority of knowledge development and sharing. risk management is primarily conducted during
But regardless of the IT projects lifecycle stage, it design and transition stages of the service lifecycle,
is important to identify and develop the necessary a good CSI initiative will assess the results of
knowledge base prior to the moment where risk management activities to identify service
the knowledge may be applied. This may seem improvements through risk mitigation, elimination
obvious and yet the majority of organizations and management.
fail to recognize the need to train individuals Every organization manages its risk, but not always
until the process is halted due to a skills shortage. in a way that is visible, repeatable and consistently
Knowledge sharing is an activity that should be applied to support decision-making. The task of
fostered prior to, during and after the application risk management is to ensure that the organization
of knowledge to the task. makes cost-effective use of a risk process that
Knowledge management could be seen at the has a series of well-defined steps. The aim is to
opposite end of a spectrum from fully automated support better decision-making through a good
processes that have all the required knowledge understanding of risks and their likely impact.
built into the process itself. Service management There are two distinct phases: risk assessment and
processes fall somewhere between these two risk management. Risk assessment is concerned
extremes, with the operational processes nearer with gathering information about exposure to risk
to the automation of processes than the tactical so that the organization can make appropriate
or strategic processes. This should be taken into decisions and manage risk appropriately. Risk
account when designing the ITSM processes. assessment involves the identification and
Knowledge management may very well enable assessment of the level (measure) of the risks
quick wins on the more knowledge management calculated from the assessed values of assets and
intensive processes. This is not to imply that there the assessed levels of threats to, and vulnerabilities
would be a difference of levels of knowledge of, those assets.
required for the people participating to the
Risk management involves having processes in
processes rather that, in order to further develop
place to monitor risks, access to reliable and
SLM and vendor-management processes, the
up-to-date information about risks, the right
tactical knowledge needs to be harvested. It is
balance of control in place to deal with those
easier to automate the operational level processes
risks, and decision-making processes supported by
than the tactical or strategic processes, which
a framework of risk assessment and evaluation.
require a greater breadth and depth of knowledge.
Risk management also involves the identification,
Throughout a CSI initiative, a lot of experience and selection and adoption of countermeasures
information is acquired. It is important that this justified by the identified risks to assets when
knowledge be gathered, organized and accessible. considering their potential impact on services if
To ensure the ongoing success of the programme, failure occurs, and the reduction of those risks to
knowledge management techniques must be an acceptable level.
applied.
CSI_Chapter_05.indd 52 09/07/2011 10:11

Business SLAs Problem

UCs Incidents CFIA FTA TO
reqs OLAs reviews
Service
strategy Mgt of
plans Inputs into CSI what do we need? risk
AM plan AMIS
Demand
CAP plan Service
mgt
knowledge
management
ITSCM system Workload
plans mgt
External App
drivers sizing
Config
People: knowledge, skills, experience SIP: scope, scale Modelling
plan
Change Change Security Cost

PSA schedules CMS Budget CMIS
model policy model
Figure 5.19 Sources of knowledge
Risk management covers a wide range of 5.8.12.1 Relating management of risk to

topics, including BCM, security, programme/ safety, security and business continuity
project risk management and operational service
Management of risk should be carried out in the
management. These topics need to be placed in
wider context of safety concerns, security and
the context of an organizational framework for the
business continuity:
management of risk. Some risk-related topics, such
as security, are highly specialized and this guidance n Health and safety policy and practice is
provides only an overview of such aspects. concerned with ensuring that the workplace is a
safe environment.
A certain amount of risk taking is inevitable if an
n Security is concerned with protecting the
organization is to achieve its objectives. Effective
organizations assets, including information,
management of risk helps to improve performance
buildings and so on.
by contributing to:
n Business continuity is concerned with ensuring
n Increased certainty and fewer surprises that the organization could continue to operate
n Better service delivery in the event of a disaster, such as loss of a
n More effective management of change service, flood or fire damage.
n More efficient use of resources
Figure 5.20 illustrates the reasons for having a risk
n Better management at all levels through management process.
improved decision-making
n Reduced waste and fraud, and better value for 5.8.12.2 Business perspective on risk
money
management
n Innovation
Risk management from the business perspective, in
n Management of contingent and maintenance
the context of working with suppliers, centres on
activities.
assessing vulnerabilities in supplier arrangements
that pose threats to any aspect of the business
including:
CSI_Chapter_05.indd 53 09/07/2011 10:11

To achieve To achieve and To avoid the impact

benefits and exploit demonstrate true of failure (perceived or
opportunities, corporate governance actual) through public
including enabling and address other or commercial
innovation through policy initiatives embarrassment,
new technologies financial loss
To adapt to
To demonstrate
changes in the
conformance to best
market and/or
practice and standards,
customer needs
e.g. ISO/IEC 20000,
Delivering
COBIT, ISO/IEC 27001,
services
ISO/IEC 27002,
To maintain quality requirements
business continuity
and service provision
To comply with
through adversity, e.g.
legal and regulatory
where there is failure
requirements, e.g. Data
by suppliers, security
Protection Act,
breach or natural To control
Sarbanes-Oxley, HIPAA,
disaster acquisition (or
EU directives, health
development) of new
and safety, audit
products or services
To manage through appropriate
procurement and To manage
external changes in
contractual suppliers and
culture, political
arrangements ongoing services
environments etc.
Figure 5.20 Reasons for a risk management process
n Customer satisfaction 5.8.12.3 Risk profiles and responsibilities

n Brand image The organization and the supplier must consider
n Market share the threats posed by the relationship to their own
n Share price assets, and have their own risk profile. Each must
n Profitability identify their respective risk owners. In a well-
n Regulatory impacts or penalties (in some functioning relationship it is possible for much or
industries). all of the assessment to be openly shared with the
other party. By involving supplier experts in risk
The nature of the relationship affects the degree assessments, the organization may gain valuable
of risk to the business. insights into how best to mitigate risks, as well as
Risks associated with an outsourced supplier are improving the coverage of the assessment.
likely to be greater in number, and more complex Risk assessments typically consider threats
to manage, than those associated with an internal which may exploit vulnerabilities to impact the
supplier. It is rarely possible to outsource risk. confidentiality, integrity or availability of one or
Blaming a supplier does not impress customers or more assets.
internal users affected by a security incident or a
The scope of risk assessments includes:
lengthy system failure. New risks arising from the
relationship need to be identified and managed, n Identification of risks (threats and
with communication and escalation as appropriate. vulnerabilities)
A substantial risk assessment should have been n Target the assets under threat
undertaken pre-contract, but this needs to be n Impact of risks, qualitative and quantitative
maintained in the light of changing business n Probability of occurrence
needs, changes to the contract scope or changes in n Possible mitigating actions or controls
the operational environment.
CSI_Chapter_05.indd 54 09/07/2011 10:11

Table 5.16 Risk register

Reference Description Weighted priority Proposed Owner
actions or
controls and
costs
Prob. HML Impact HML Prob.
impact =
Exposure
R1 H H 9
R2 H M 6
R3 M L 3
R4 L L 1
n Identification of stakeholders who are 5.9 SUMMARY

accountable for the risk, and responsible for
Many methods and techniques are used to support
selecting an appropriate action (including
CSI activities. Each organization can choose what
possibly accepting the risk with no control)
works best for them. However, you should never
n Responsibility for implementing selected actions
adopt only one as it takes a blend of different
or controls
methods to have an effective CSI initiative.
n Choice of actions or controls, based on an
evaluation of impact versus the cost of action or CSI relies on the activities of all other service
control. management processes. Dont overlook the value
incident management, problem management,
For outsourced operations, particular care needs to availability management and capacity
be taken when considering the ownership of the management can provide to CSI. Of course SLM
assets at risk. These will be different for each party. plays a key role and most organizations will be
Risk management processes need to be considered hard pressed to have an effective CSI initiative
as cyclical, reviewing the suitability of previous without some form of SLM in place.
actions, and reassessing risks in the light of
changing circumstances. Risks are likely to be
managed through a risk register such as the
example provided in Table 5.16.
For further information on risk management,
consult Appendix C.
CSI_Chapter_05.indd 55 09/07/2011 10:11

CSI_Chapter_05.indd 56 09/07/2011 10:11
Organizing for
continual service
improvement 6
09/07/2011 10:12
CSI_Chapter_06.indd 2 09/07/2011 10:12
| 129
6 Organizing for continual service

improvement
This chapter describes organizing for service For CSI to be successful, an organization will need
management in relation to continual service to define clearly the roles and responsibilities
improvement (CSI) and the related practices. required to undertake the processes and activities
It includes generic roles, responsibilities and identified in Chapters 4 and 5. These roles will need
competencies that apply across the service lifecycle to be assigned to individuals, and an appropriate
and specific aspects for the processes described in organization structure of teams, groups or
this publication. functions established and managed.
Section 2.2.3 describes the basic concepts of ITIL Continual Service Improvement does not define
organization, function, group, team, department, any functions of its own, but it does rely on the
division and role that are used in this chapter. technical and application management functions
described in ITIL Service Operation. Technical and
All stages of the lifecycle will be looking for
application management provide the technical
opportunities to improve and most roles could be
resources and expertise to manage the whole
involved in CSI. It is a responsibility of all elements
service lifecycle, and practitioner roles within CSI
and processes within the lifecycle to look for
may be performed by members of these functions.
opportunities to improve quality, to be more cost-
effective and to enable the business overall to be
more successful by better alignment. Therefore 6.3 ROLES
organizing for improvement is not restricted to one
A number of roles need to be performed in support
lifecycle stage or process but is the responsibility of
of CSI. Please note that this section provides
everyone and to some extent all roles.
guidelines and examples of role descriptions. These
are not exhaustive or prescriptive, and in many
6.1 ORGANIZATIONAL DEVELOPMENT cases roles will need to be combined or separated.
Organizations should take care to apply this
There is no single best way to organize, and best
guidance in a way that suits their own structures
practices described in ITIL need to be tailored to
and objectives.
suit individual organizations and situations. Any
changes made will need to take into account A role is a set of responsibilities, activities and
resource constraints and the size, nature and needs authorities granted to a person or team. A role
of the business and customers. The starting point is defined in a process or function. One person
for organizational design is strategy. Organization or team may have multiple roles; for example,
development for service management is described the roles of configuration manager and change
in more detail in Chapter 6 of ITIL Service Strategy. manager may be carried out by a single person.
Roles are often confused with job titles, but it is
6.2 FUNCTIONS important to realize that they are not the same.
Each organization will define appropriate job
A function is a team or group of people and the
titles and job descriptions that suit its needs, and
tools or other resources they use to carry out one or
individuals holding these job titles can perform one
more processes or activities. In larger organizations,
or more of the required roles.
a function may be broken out and performed by
several departments, teams and groups, or it may It should also be recognized that a person may,
be embodied within a single organizational unit as part of their job assignment, perform a single
(e.g. service desk). In smaller organizations, one task that represents participation in more than
person or group can perform multiple functions one process. For example, a technical analyst
e.g. a technical management department could also who submits a request for change (RFC) to add
incorporate the service desk function. memory to a server to resolve a performance
CSI_Chapter_06.indd 3 09/07/2011 10:12

130 | Organizing for continual service improvement
problem is participating in activities of the change The service owner is accountable for the delivery
management process at the same time as taking of a specific IT service. The service owner is
part in activities of the capacity management and responsible to the customer for the initiation,
problem management processes. transition and ongoing maintenance and support
of a particular service and accountable to the
Roles fall into two main categories generic
IT director or service management director for
roles such as process manager and process
the delivery of the service. The service owners
owner, and specific roles that are involved within
accountability for a specific service within an
a particular lifecycle stage or process such as
organization is independent of where the
a change administrator or service desk staff.
underpinning technology components, processes or
Roles can be combined in a number of different
professional capabilities reside.
ways, depending on the organizational context.
For example, in many organizations there Service ownership is as critical to service
will be someone with the job title of change management as establishing ownership for
manager who combines the roles of the change processes which cross multiple vertical silos or
management process owner, change management departments. It is possible that a single person may
process manager, change administrator and fulfil the service owner role for more than one
chair of a change advisory board (CAB). In a service.
small organization the change manager role
The service owner has the following
may be combined with roles from service asset
responsibilities:
and configuration management or release and
deployment management. In larger organizations n Ensuring that the ongoing service delivery and
there may be many different people carrying out support meet agreed customer requirements
each of these roles, split by geography, technology n Working with business relationship
or other criteria. The exceptions to this are that management to understand and translate
there must be only one process owner for each customer requirements into activities, measures
process and one service owner for each service. or service components that will ensure that the
service provider can meet those requirements
Roles are accountable or responsible for an activity.
They may also be consulted or informed about n Ensuring consistent and appropriate
something: for example a service owner may communication with customer(s) for service-
be consulted about a change during an impact related enquiries and issues
assessment activity. The RACI model, described in n Assisting in defining service models and in
section 6.5, provides a useful way of defining and assessing the impact of new services or changes
communicating roles and responsibilities. to existing services through the service portfolio
management process
What is a service manager? n Identifying opportunities for service
Service manager is a generic term for any improvements, discussing these with the
manager within the service provider. The term is customer and raising RFCs as appropriate
commonly used to refer to a business relationship n Liaising with the appropriate process owners
manager, a process manager or a senior manager throughout the service lifecycle
with responsibility for IT services overall. A service n Soliciting required data, statistics and reports
manager is often assigned several roles such as for analysis and to facilitate effective service
business relationship management, service level monitoring and performance
management (SLM) and CSI. n Providing input in service attributes such as
performance, availability etc.
n Representing the service across the organization
6.3.1 Generic service owner role
n Understanding the service (components etc.)
To ensure that a service is managed with a
n Serving as the point of escalation (notification)
business focus, the definition of a single point of
for major incidents relating to the service
accountability is absolutely essential to provide
n Representing the service in change advisory
the level of attention and focus required for its
board (CAB) meetings
delivery.
CSI_Chapter_06.indd 4 09/07/2011 10:12

Organizing for continual service improvement | 131
n Participating in internal service review meetings all elements required to restore their service are
(within IT) known and in place in the event of a crisis
n Participating in external service review meetings n Information security managementEnsures
(with the business) that the service conforms to information
n Ensuring that the service entry in the service security management policies
catalogue is accurate and is maintained n Financial management for IT servicesAssists
n Participating in negotiating service level in defining and tracking the cost models in
agreements (SLAs) and operational level relation to how their service is costed and
agreements (OLAs) relating to the service recovered.
n Identifying improvement opportunities for
inclusion in the CSI register 6.3.2 Generic process owner role
n Working with the CSI manager to review and The process owner role is accountable for ensuring
prioritize improvements in the CSI register that a process is fit for purpose. This role is often
n Making improvements to the service. assigned to the same person who carries out the
process manager role, but the two roles may be
The service owner is responsible for continual separate in larger organizations. The process
improvement and the management of change owner role is accountable for ensuring that their
affecting the service under their care. The service process is performed according to the agreed and
owner is a primary stakeholder in all of the documented standard and meets the aims of the
underlying IT processes which enable or support process definition.
the service they own. For example:
n Incident management Is involved in (or The process owners accountabilities include:
perhaps chairs) the crisis management team for n Sponsoring, designing and change managing
high-priority incidents impacting the service the process and its metrics
owned n Defining the process strategy
n Problem management Plays a major role n Assisting with process design
in establishing the root cause and proposed n Ensuring that appropriate process
permanent fix for the service being evaluated documentation is available and current
n Release and deployment management Is a n Defining appropriate policies and standards to
key stakeholder in determining whether a new be employed throughout the process
release affecting a service in production is ready
n Periodically auditing the process to ensure
for promotion
compliance to policy and standards
n Change management Participates in CAB
n Periodically reviewing the process strategy to
decisions, authorizing changes to the services
ensure that it is still appropriate and change as
they own
required
n Service asset and configuration management
n Communicating process information or changes
Ensures that all groups which maintain the data
as appropriate to ensure awareness
and relationships for the service architecture
n Providing process resources to support activities
they are responsible for have done so with the
required throughout the service lifecycle
level of integrity required
n Ensuring that process technicians have the
n Service level management Acts as the single
required knowledge and the required technical
point of contact for a specific service and
and business understanding to deliver the
ensures that the service portfolio and service
process, and understand their role in the process
catalogue are accurate in relation to their
service n Reviewing opportunities for process
enhancements and for improving the efficiency
n Availability management and capacity
and effectiveness of the process
management Reviews technical monitoring
data from a domain perspective to ensure that n Addressing issues with the running of the
the needs of the overall service are being met process
n IT service continuity management (ITSCM) n Identifying improvement opportunities for
Understands and is responsible for ensuring that inclusion in the CSI register
CSI_Chapter_06.indd 5 09/07/2011 10:12

n Working with the CSI manager and process n Understanding how their role contributes to the
manager to review and prioritize improvements overall delivery of service and creation of value
in the CSI register for the business
n Making improvements to the process. n Working with other stakeholders, such as their
manager, co-workers, users and customers, to
Further detail on the role and responsibilities of
ensure that their contributions are effective
the process owner can be found in ITIL Service
n Ensuring that inputs, outputs and interfaces for
Strategy and ITIL Service Design.
their activities are correct
6.3.3 Generic process manager role n Creating or updating records to show that
activities have been carried out correctly.
The process manager role is accountable for
operational management of a process. There may
be several process managers for one process, for
6.3.5 CSI manager
example regional change managers or IT service The role of CSI manager is essential for a
continuity managers for each data centre. The successful improvement programme. The CSI
process manager role is often assigned to the person manager is ultimately responsible for the success
who carries out the process owner role, but the two of all improvement activities. This single point
roles may be separate in larger organizations. of accountability coupled with competence and
authority improves the chances of a successful
The process managers accountabilities include: improvement programme. The role of CSI
n Working with the process owner to plan and manager can also fulfil the role of the seven-step
coordinate all process activities improvement process owner/manager.
n Ensuring all activities are carried out as required The CSI managers responsibilities typically include:
throughout the service lifecycle
n Developing the CSI domain
n Appointing people to the required roles
n Communicating the vision of CSI across the IT
n Managing resources assigned to the process
organization
n Working with service owners and other process
n Ensuring that CSI roles have been filled
managers to ensure the smooth running of
services n Designing the CSI register and associated
activities
n Monitoring and reporting on process
performance n Working with service owners, service level
managers, the seven-step improvement
n Identifying improvement opportunities for
manager, other process managers and
inclusion in the CSI register
functions to identify and manage improvement
n Working with the CSI manager and process
opportunities:
owner to review and prioritize improvements in
Identifying improvement opportunities for
the CSI register
inclusion in the CSI register
n Making improvements to the process
Reviewing and prioritizing improvements in
implementation.
the CSI register
6.3.4 Generic process practitioner role Building improvement plans and making
A process practitioner is responsible for carrying improvements

out one or more process activities. n Working with service level managers to ensure
that monitoring requirements are defined
In some organizations, and for some processes, the
n Ensuring that monitoring tools are in place to
process practitioner role may be combined with the
gather data
process manager role, in others there may be large
numbers of practitioners carrying out different n Ensuring that baseline data is captured to
parts of the process. measure improvement against it
n Defining and creating reports on CSI critical
The process practitioners responsibilities typically success factors (CSFs), key performance
include: indicators (KPIs) and CSI activity metrics
n Carrying out one or more activities of a process
CSI_Chapter_06.indd 6 09/07/2011 10:12

n Identifying other frameworks, models and 6.3.6.2 Seven-step improvement process

standards that will support CSI activities manager
n Ensuring that knowledge management is an The seven-step improvement process managers
integral part of routine operations responsibilities typically include:
n Ensuring that CSI activities are coordinated
n Carrying out the generic process manager role
throughout the service lifecycle
for the seven-step improvement process (see
n Reviewing analysed data
section 6.3.3 for more detail)
n Presenting recommendations to senior
n Planning and managing support for
management for improvement
improvement tools and processes
n Helping prioritize improvement opportunities
n Working with the CSI manager, service owners,
n Leading, managing and delivering cross- process owners and functions to maintain the
functional and cross-divisional improvement CSI register
projects
n Coordinating interfaces between the seven-step
n Building effective relationships with the improvement process, other processes, service
business and IT senior managers managers and functions.
n Identifying and delivering process improvements
in critical business areas across manufacturing 6.3.6.3 Reporting analyst
and relevant divisions The reporting analyst is a key role for CSI and will
n Setting direction and providing a framework often work in concert with SLM. The reporting
through which improvement objectives can be analyst reviews and analyses data from components,
delivered systems and sub-systems in order to obtain a true
n Coaching, mentoring and supporting fellow end-to-end service achievement. The reporting
service improvement professionals. analyst will also identify trends and establish if they
are positive or negative. This information is then
The CSI manager should possess the ability to
used to present the data. The reporting analysts
influence positively all levels of management to
responsibilities typically include:
ensure that service improvement activities are
receiving the necessary support and are resourced n Participating in CSI meetings and SLM meetings
sufficiently to implement solutions. to ensure the validity of the reporting metrics,
notification thresholds and overall solution
6.3.6 Seven-step improvement roles n Responsibility for consolidating data from
This section describes a number of roles that need multiple sources
to be performed in support of the seven-step n Responsibility for producing trends and
improvement process. These roles are not job providing feedback on the trends such as
titles, and each organization will have to define whether the trends are positive or negative,
appropriate job titles and job descriptions for their what their impact is likely to be, and if they are
needs. predictable for the future
n Responsibility for producing reports on service
6.3.6.1 Seven-step improvement process or system performance based on the negotiated
owner OLAs and SLAs and improvement initiatives.
The seven-step improvement process owners The reporting analysts key skills and competencies
responsibilities typically include: typically include:
n Carrying out the generic process owner role for n Good understanding of statistical and analytical
the seven-step improvement process (see section principles and processes
6.3.2 for more detail) n Strong technical foundation in the reporting
n Working with the CSI manager, service owners, tool(s)
process owners and functions to include n Good communication skills
appropriate elements of the seven-step n Good technical understanding and an ability to
improvement process throughout the service translate technical requirements and specifications
lifecycle. into easily understood reporting requirements.
CSI_Chapter_06.indd 7 09/07/2011 10:12

Nature of activities Skills

Higher management level Managerial skills
High variation Communication skills
Action oriented Ability to create and use (high-level) concepts
Communicative Presenting Ability to handle complex and uncertain situations
Focus on future and using Representative
the information Education and experience
Intellectual effort Analytical skills

Investigative Modelling skills
Medium to high variation Analysing data Inventive attitude
Goal oriented Education
Specialized staff and business mgt Programming expertise
Automated Numerical skills

Procedural Methodical
Structured Accuracy
Mechanistic Processing data Applied training
Medium variation Programming expertise
Specialized staff Tool expertise
Procedural Accuracy
Routine tasks Precision
Repetitive Applied training
Automated Gathering data
Technical expertise
Clerical level
Low variation
Standardized
Figure 6.1 Activities and skill levels needed for continual service improvement
6.3.6.4 Other roles involved in the seven- Step 2 Define what you will measure
step improvement process Roles: individuals involved with decision-making
In addition to the specific roles and activities from IT and the business who understand the
described above, many activities of the seven-step internal and external factors that influence the
improvement process take place in other processes necessary elements that should be measured to
and functions throughout the service lifecycle. CSI support the business, governance and, possibly,
will only be successful if the required activities are regulatory legislation; individuals involved with
clearly identified and assigned to appropriate roles. providing the service (internal and external
providers) who understand the capabilities of the
Figure 6.1 lists the nature of many of these
measuring processes, procedures, tools and staff.
activities and the skills required to perform them.
Examples: service owner, service level manager,
Note: Figure 6.1 covers steps 3 to 6 of the seven-
CSI manager, process owner, process managers,
step improvement process covered in full in
customers, business/IT analysts, senior IT managers,
Chapter 4. The following section expands on this by
and internal and external providers (see Table 6.2)
detailing each step in the seven-step improvement
process and highlighting related activities. Step 3 Gather the data
Step 1 Identify the strategy for improvement Roles: individuals involved in day-to-day process
activities within the lifecycle stages, in particular in
Roles: individuals involved with strategic decision-
the operational aspects of the processes where the
making on the vision for the business and how IT
results of many of the processes can be collected.
enables that vision to succeed; individuals who will be
looking at strategic, technical and operational goals. Examples: service desk staff, technical management
staff, application management staff, IT security
Examples: strategy manager, service owner, service
staff and many more (see Table 6.3).
level manager, CSI manager, customers, senior
business managers, business/IT analysts and senior
IT managers (see Table 6.1).
CSI_Chapter_06.indd 8 09/07/2011 10:12

Table 6.1 Skills involved in Step 1 Identify the strategy for improvement
Senior management Ability to create a high level vision and strategy
High variation Communication
Action-oriented Ability to create, use high-level concepts
Communicative Ability to handle complex/uncertain situations
Focused on future Ability to set longer-term goals
Table 6.2 Skills involved in Step 2 Define what you will measure
Senior management Managerial
Action-oriented Ability to create, use (high-level) concepts
Intellectual effort Analytical
Investigative Modelling
Medium to high variation Inventive attitude
Table 6.3 Skills involved in Step 3 Gather the data

Procedural Accuracy
Routine Precision
Repetitive Meticulous nature
Automated Technical ability
Clerical Ability to document
Table 6.4 Skills involved in Step 4 Process the data

Automated Numerical
Procedural Methodical
Structural Accuracy
Mechanistic Meticulous nature
Medium variation Programming skills
Specialized Tool and technical skills and experience
Step 4 Process the data Step 5 Analyse the information and data
Roles: individuals involved in day-to-day process Roles: individuals involved with providing the
activities within the lifecycle stages. service (internal and external providers) who
understand the capabilities of the measuring
Examples: service desk staff, technical management
services, processes, procedures, tools and staff.
staff, application management staff and IT security
staff (see Table 6.4). Examples: service owner, process owner, process
managers, business/IT analysts, senior IT analysts,
supervisors and team leaders (see Table 6.5).
CSI_Chapter_06.indd 9 09/07/2011 10:12

Table 6.5 Skills involved in Step 5 Analyse the information and data
Intellectual Analytical
Goal-oriented Ambitious
Specialized and business management Programming skills
Table 6.6 Skills involved in Step 6 Present and use the information
Higher management Managerial
Action-oriented Ability to create, use (high-level) concepts
Focused on future Ambitious
Table 6.7 Skills involved in Step 7 Implement improvement

Intellectual effort Analytical
Goal-oriented Ambitious
Specialized staff and business management Programming skills
Step 6 Present and use the information 6.3.7 Business relationship manager
Roles: individuals involved with providing the The objective of business relationship management
service (internal and external providers) who is to establish and maintain a good relationship
understand the capabilities of the service and between the service provider and the customer
the underpinning processes, and possess good based on understanding the customer and their
communication skills; key personnel involved with business drivers. The customers business drivers
decision-making from IT and the business. could require changes in SLAs and thus become
Examples: CSI manager, service owner, service input into service improvement opportunities.
level manager, process owner, process managers, Service strategy provides more detail on business
customers, business/IT analysts, senior IT managers, relationship management and the role of business
internal and external providers (see Table 6.6). relationship managers.
Business relationship managers work closely with
Step 7 Implement improvement
service level managers, service owners and the CSI
Roles: individuals involved with providing the manager to deliver high quality services. Their roles
service (internal and external providers). are compared in Table 6.8.
Examples: CSI manager, service owner, service
level manager, process owner, process managers,
customers, business/IT analysts, senior IT managers,
and internal and external providers (see Table 6.7).
CSI_Chapter_06.indd 10 09/07/2011 10:12

Table 6.8 Comparison of CSI manager, service level manager, service owner and business relationship
manager roles
CSI manager Service level Service owner Business
manager relationship
manager
Focus
IT services S P P P
IT systems S P
Processes P S S S
Customers S P S P
Technology P S P
Responsibilities
Developing and maintaining the catalogue of P S P
existing services
Developing and maintaining OLAs P S
Gathering service level requirements (SLRs) from S P S P
the customer
Negotiating and maintaining SLAs with the S P S S
customer
Understanding underpinning contracts (UCs) as S P S S
they relate to OLAs and SLAs
Ensuring appropriate service level monitoring is in P P S
place
Producing, reviewing and evaluating reports on P P P P
service performance and achievements regularly
Conducting regular meetings with the customer to S P S S
discuss service level performance and improvement
Conducting yearly SLA review meetings with the S P S S
customer
Ensuring customer satisfaction with the use of a S P S P
customer satisfaction survey
Initiating appropriate actions to improve service P P P P
levels through service improvement plans (SIPs)
Negotiating and agreeing OLAs and SLAs S P S S
Ensuring the management of UCs as they relate to S S S
OLAs and SLAs
Working with the service level manager to provide P P P
services to meet the customers requirements
Appropriate monitoring of services or systems P P S
Producing, reviewing and evaluating reports on P P P S
service or system performance and achievement
to the service level manager and the service level
process manager
Assisting in appropriate actions to improve service P P P P
levels (SIP)
Table continues
CSI_Chapter_06.indd 11 09/07/2011 10:12

Table 6.8 continued

CSI manager Service level Service owner Business
manager relationship
manager
Skills, knowledge and competencies
Relationship management skills P P P P
A good understanding of IT services and qualifying P P P P
factors in order to understand how customer
requirements will affect delivery
An understanding of the customers business and P P P P
how IT contributes to the delivery of that product
or service
Good communication skills P P P P
Good negotiation skills P P P P
Knowledge and experience of contract and/or S P S S
supplier management roles
Good people management and meeting facilitating P P P P
skills
Good understanding of statistical and analytical P S S S
principles and processes
Good presentation skills P P P P
Good technical understanding and an ability to S P S S
translate technical requirements and specifications
into easily understood business concepts and vice
versa
Innovative in respect of service quality and ways in P P P P
which it can be improved within the bounds of the
organizations limits (resource, budgetary, legal etc.)
Good organizational and planning skills P P P P
Good vendor management skills S S S S
P = primary responsibility; S = secondary responsibility; Blank = no specific responsibility
6.4 CUSTOMER ENGAGEMENT management. To help with this task the RACI
model or authority matrix is often used within
A number of roles have been discussed in this
organizations to define the roles and responsibilities
chapter and they embody the concepts of a service-
in relation to processes and activities. The RACI matrix
oriented organization. When running a more
provides a compact, concise, easy method of tracking
traditional IT organization focusing on technical
who does what in each process and it enables
excellence, these roles may seem extraneous, but
decisions to be made with pace and confidence.
to run a forward-thinking, service-oriented IT
partner to the business, these roles are crucial. RACI is an acronym for the four main roles of
Improvement will not happen by itself. It requires being:
a structured programme and mature processes. n Responsible The person or people responsible
Those in the key roles shown in Figure 6.2 are for correct execution for getting the job done
responsible for that programme.
n Accountable The person who has ownership of
quality and the end result. Only one person can
6.5 RESPONSIBILITY MODEL RACI be accountable for each task
Clear definitions of accountability and n Consulted The people who are consulted
responsibility are essential for effective service and whose opinions are sought. They have
CSI_Chapter_06.indd 12 09/07/2011 10:12

Service
manager
CSI
manager
Monthly
service Monthly service report
report (to customer)
to business
unit
manager Customer-
facing
services
Service level manager
Business relationship manager
Identify Supporting
improvement services
opportunities
Customer
Professional/
consulting
services
Service owner
Figure 6.2 Service management roles and customer engagement
involvement through input of knowledge and the service design lifecycle stage, and tested and
information deployed in service transition. In service operation,
n Informed The people who are kept up to date people assigned to specific roles will perform the
on progress. They receive information about activities in the RACI matrix.
process execution and quality. Further details on the RACI matrix are described in
When using RACI, there is only one person Chapter 3 of ITIL Service Design.
accountable for an activity for a defined scope of
applicability. Several people may be responsible 6.6 COMPETENCE AND TRAINING
for executing parts of the activity. In this model,
accountable means end-to-end accountability for 6.6.1 Competence and skills for service
the process. Accountability should remain with the
management
same person for all activities of a process.
Delivering service successfully depends on
The RACI chart in Table 6.9 shows the structure personnel involved in service management having
and power of RACI modelling. The rows represent the appropriate education, training, skills and
a number of required activities and the columns experience. People need to understand their
identify the people who make the decisions, carry role and how they contribute to the overall
out the activities or provide input. organization, services and processes to be
Whether RACI or some other tool or model is effective and motivated. As changes are made,
used, the important thing is to not just leave the job requirements, roles, responsibilities and
assignment of responsibilities to chance or leave it competencies should be updated if necessary.
to the last minute to decide. For example, if there Each service lifecycle stage depends on
is a transfer of a service from one service provider appropriate skills and experience of people
to another, RACI models should be designed in and their knowledge to make key decisions. In
CSI_Chapter_06.indd 13 09/07/2011 10:12

Table 6.9 An example of a simple RACI matrix

Director service Service level Problem Security manager Procurement
management manager manager manager
Activity 1 AR C I I C
Activity 2 A R C C C
Activity 3 I A R I C
Activity 4 I A R I
Activity 5 I R A C I
many organizations, personnel will deliver tasks in place to ensure buy-in and conformance. An
appropriate to more than one lifecycle stage. ability to communicate at all levels within the
They may well find themselves allocated (fully organization will be imperative
or partially) from operational tasks to support n Articulateness both written (e.g. for reports)
a design exercise and then follow that service and verbal
through service transition. They may then, via n Negotiation skills required for several aspects,
early life support activities, move into support of such as procurement and contracts
the new or changed services that they have been n An analytical mind to analyse metrics
involved in designing and implementing into the produced from the activity.
live environment.
Many people working in service management
The specific roles within ITIL service management
are involved with continual service improvement.
all require specific skills, attributes and
ITIL Continual Service Improvement provides
competences from the people involved to enable
specific guidance on the skill levels needed for CSI
them to work effectively and efficiently. However,
activities.
whatever the role, it is imperative that the person
carrying out that role has the following attributes:
6.6.2 Competence and skills framework
n Awareness of the business priorities, objectives Standardizing job titles, functions, roles and
and business drivers responsibilities can simplify service management
n Awareness of the role IT plays in enabling the and human resource management. Many service
business objectives to be met providers use a common framework of reference
n Customer service skills for competence and skills to support activities such
n Awareness of what IT can deliver to the as skill audits, planning future skill requirements,
business, including latest capabilities organizational development programmes and
n The competence, knowledge and information resource allocation. For example, resource and cost
necessary to complete their role models are simpler and easier to use if jobs and
n The ability to use, understand and interpret the roles are standard.
best practice, policies and procedures to ensure The Skills Framework for the Information Age
adherence. (SFIA) is an example of a common reference
model for the identification of the skills needed to
The following are examples of attributes
develop effective IT services, information systems
required in many of the roles, dependent on the
and technology. SFIA defines seven generic levels at
organization and the specific roles assigned:
which tasks can be performed with the associated
n Management skills both from a person professional skills required for each level. A second
management perspective and from the overall dimension defines core competencies that can be
control of process combined with the professional skills. SFIA is used
n Ability to handle meetings organizing, by many IT service providers to identify career
chairing and documenting meetings and development opportunities.
ensuring that actions are followed up
More information on SFIA can be found at
n Communication skills an important element www.sfia.org.uk
of all roles is raising awareness of the processes
CSI_Chapter_06.indd 14 09/07/2011 10:12

6.6.3 Training
Training in service management helps service
providers to build and maintain their service
management capability. Training needs must be
matched to the requirements for competence and
professional development.
The official ITIL qualification scheme enables
organizations to develop the competence of their
personnel through approved training courses. The
courses help students to gain knowledge of ITIL
best practices, develop their competencies and gain
a recognized qualification. The scheme has four
levels:
n Foundation level
n Intermediate level
n ITIL Expert
n ITIL Master.
More information on ITIL qualifications can be

found at www.itil-officialsite.com
CSI_Chapter_06.indd 15 09/07/2011 10:12

CSI_Chapter_06.indd 16 09/07/2011 10:12
Technology
considerations 7
09/07/2011 10:17
CSI_Chapter_07.indd 2 09/07/2011 10:17
| 145
7 Technology considerations
Continual service improvement (CSI) activities requirements vary depending on the process
require software tools to support the monitoring and technology maturity. Technology specifically
and reporting on IT services and to underpin the means systems and service management toolsets
IT service management (ITSM) processes. These used for monitoring and controlling the systems
tools are used for data gathering, monitoring and infrastructure components, and for managing
and analysis reporting for services, and also assist process-based workflows, such as incident
in determining the efficiency and effectiveness management.
of IT service management processes. The longer-
Without question, service management tools are
term benefits to be gained are cost savings and
indispensable. However, good people, good process
increased productivity, which in turn can lead to an
descriptions, and good procedures and working
increase in the quality of the IT service provision.
instructions are the basis for successful service
From a service perspective the use of tools enables management. The need for and the sophistication
an organization to gain the ability to understand of the tools required depend on the business need
the health of its services from an end-to-end for IT services and, to some extent, the size of the
perspective. Even if an organization is not able to organization.
monitor end-to-end services it should be able to
In a very small organization a simple in-house
monitor, identify trends and perform analyses on
developed database system may be sufficient
the key components that make up an IT service.
for logging and controlling incidents. However,
From a process perspective the use of tools enables in large organizations, very sophisticated
centralization of key processes and automation and distributed and integrated service management
integration of core service management processes. tools may be required, linking all the processes
The raw data collected in the databases can be with systems management toolsets. While tools
analysed resulting in the identification of trends. can be important assets, in todays IT-dependent
Preventive measures can then be implemented organizations, they are a means, not an end
thereby increasing the stability, reliability and in themselves. When implementing service
availability of the IT infrastructure. management processes, look at the way current
processes work. Each organizations unique need
The ITSM software tools of today have expanded
for management information should always
their scope from mere point solutions focusing
be its starting point. This will help define the
on the service desk or change management to
specifications for the tools best suited to that
complete, fully integrated solution suites. Current
organization.
tools represent a paradigm shift into the new era
of enterprise resource planning (ERP) systems for There are many tools that support the core ITSM
IT. For decades, IT has provided systems to run the processes and others that support IT governance
business; now there are systems to run IT. as a whole, which will require integration with the
ITSM tools. Information from both of these toolsets
Many of these service management product suites
typically needs to be combined, collated and
are now offered in a Software as a Service (SaaS)
analysed collectively to provide the overall business
format via cloud computing (see ITIL Service
intelligence required to improve effectively on the
Strategy, section C.2), giving the advantage of full
overall IT service provision.
functionality without the management overheads.
These tools can be defined into broad categories
that support and annotate different aspects of the
7.1 TOOLS TO SUPPORT CSI ACTIVITIES
systems and service management domains.
As part of the assessment of Where do we want
to be? the requirements for enhancing tools
need to be addressed and documented. These
CSI_Chapter_07.indd 3 09/07/2011 10:17

146 | Technology considerations
7.1.1 IT service management suites Note: The integration of incidents, problems and
The success of ITIL within the industry has changes within a single solution also provides a
encouraged software vendors to provide tools platform for these toolsets to introduce web-style
and suites of tools that are very compatible with enterprise search functionality, which will search
the ITIL process framework, providing significant across this semi-structured data looking for specific
levels of integration between the processes and error codes, phrases and issues.
their associated record types. As mentioned
earlier, many of these tools and suites of tools are 7.1.1.1 Configuration data
offered via cloud computing. There are tools for Tool functionality in support of service asset and
just about every process documented in ITIL and configuration management and the CMS has never
many are beneficial to achieving the objectives been more advanced, with extensive discovery
of CSI. Examples include capacity and availability and service dependency mapping capabilities.
monitoring and automated event identification. Figure 7.1 shows the layers in a CMS, starting
The functionality of all these types of tool creates a with multiple data sources (including one or
rich source of data and provides many of the inputs more configuration management databases) to
to CSI. Additional examples include: the information integration layer to knowledge
processing and finally the presentation layer.
n Incidents Incidents that capture the service or
The CMS is the foundation for the integration
the configuration item (CI) affected are a prime
of all ITSM tool functionality and is a critical
input to CSI enabling an understanding of the
data source for the CSI mission. While the service
issues affecting the overall service provision and
provider must still define the overall service
related support activities. Incident matching
asset and configuration management process
functionality allows the service desk to quickly
and create the data model associated with their
relate like issues and create master records that
specific environment, the tools to establish and
highlight common situations affecting the users
manage the CMS and the overall service delivery
with associated resolution data to enhance
architecture have become very powerful. Key
problem identification and reduce the mean
functionality includes: discovery and reconciliation
time to restore service (MTRS).
capabilities to capture CIs within the environment;
n Problems These are defined with integrated visualization of the hierarchy and CI relationships
links to the associated incidents that confirmed for ease of understanding and support; audit tools
their existence. Using the configuration data to streamline the verification activities; and the
from the configuration management system ability to federate data sources where appropriate.
(CMS) to understand the relationships, problem
management now has a source of related 7.1.1.2Releases
data to enable the root cause analysis process
The ability to coordinate releases and manage
including change and release history of the
the contents of these releases is also more mature,
affected CI or service.
with native support for the definitive libraries
n Changes These are often the first area of
and key integration points to the CMS and to
investigation following a service failure,
specialized version control software packages.
again using the integration capabilities of
Functionality typically includes support for release
the ITSM tool suite; it can be easier to trace
records that consolidate and contain release
the changes that have been made to a service
contents, enabling the attachment of related
or a CI. The change schedule and projected
objects and documents pertaining to the release.
service outage (PSO) can be automated using
Integration is normally provided to enable
calendaring capabilities to ensure visibility of
hyperlinking to the associated change records
changes and calculated impacts to the service
that are part of a release and the related incident,
level agreements (SLAs). Recent improvements
problem or service request records that were
in the ITSM tools now allow for automated
the catalyst for the original request for change
risk assessment and prioritization of changes,
(RFC). Release versions are also supported with
highlighting potential conflicts and reducing
predefined naming and numbering standards that
the administrative overhead for the change
enhance the understanding of the overall process.
advisory board.
Overall reporting of release status and associated
CSI_Chapter_07.indd 4 09/07/2011 10:17

Technology considerations | 147
Service knowledge management system (SKMS)
Configuration management system (CMS)
Presentation layer
Knowledge processing layer
Information
integration
layer
Integrated CMDB
Schema mapping, metadata management,

reconciliation, extract, transform, mining
Data layer
Incident records HR database
Service request records Customer database
Problem records Financial database
Known error records External databases

CMDB with
(examples)
configuration records Change records
Release records
CMDB with
configuration records Records in CMS or other
parts of the SKMS
CMDB with
configuration records
Discovery, collection, audit

Other items in the SKMS
Figure 7.1 The application of the architectural layers of the CMS
performance metrics are required as inputs to CSI CMS functionality can also support the concept of
ensuring that the deployment of new services are prioritized CIs that underpin specific service levels,
of the highest possible quality. highlighting a greater impact if a failed component
supports a critical service or business process.
7.1.1.3 Service level management Some suites also provide the ability to trigger
availability impacts to SLAs by capturing incident
Service level management (SLM) functionality is
data related to service outages. Many of the suites
also well supported within the ITSM tool suites
also facilitate the definition of the service portfolio
of today, enabling the linkage of incidents,
and the service catalogue while managing the
problems, changes and releases to associated SLM
workflow associated with the fulfilment of service
records such as SLAs, operational level agreements
requests. Some standalone point solutions support
(OLAs) and underpinning contracts (UCs). Most
specialized functionality in this area (see below).
tool suites support automated SLA monitoring
(SLAM) charts highlighting which agreements Reporting is one of the key benefits of an
are within tolerance, are threatened or have integrated ITSM suite with the ability to provide
been broken. This automation is driven by the management information in a common format
ability to define key SLA criteria and use related utilizing the combined data from all operational
operational support records to trigger thresholds areas of the service lifecycle. This is of significant
(e.g. a priority one incident is about to break the benefit, enabling analysis of the relationships
one-hour resolution target time or a change has between service management events (e.g. incidents
caused a longer downtime than was agreed). that result in problems, changes that cause
CSI_Chapter_07.indd 5 09/07/2011 10:17

incidents, and releases that encapsulate certain cause analysis to separate out these false-positive
changes) and all of the associated performance messages. Events are captured and assessed
metric data that will feed the overall CSI initiatives. by rules-based, model-based and policy-based
correlation technologies that can interpret a series
7.1.2 Systems and network management of events and derive, isolate and report on the true
These tools are typically specific to the technology cause and impact. These technologies support the
platforms that are under management and are used CSI mission by providing information on availability
to administer the various domains but can provide impacts and performance thresholds that have
a wide variety of data in support of the service been exceeded related to capacity or utilization.
management mission. These tools generate error Well-correlated event management data provides
messages for event management and correlation a cost-effective method to improve the reliability,
that ultimately feed the incident management efficiency and effectiveness of the cross-domain
and availability management processes. Utilization IT infrastructure that supports the provision of
data from these platforms is the prime source business services.
for capacity and performance management and A by-product of the extensive and often complex
the most accurate method for establishing true checks performed by these event management
availability of components that will support products is the collection of raw performance data
improvements in the area of MTRS and mean time to be used by many processes for example, within
between failures (MTBF). As the dynamic, real-time capacity management analysis activities. This would
view of the current state of the service delivery allow simulated log-ons at any time during the
chain, this information can be integrated with the day or night to check database availability and
known service dependencies within the CMS to performance.
give enhanced visibility into the service provision
to the end user. Many of these tools also support 7.1.4 Automated incident/problem
technology proprietary methods for software resolution
deployment within their domains (e.g. release of
There are many products in the marketplace
patches, pushing of firmware upgrades to remote
that support the automation of the traditional
components on the network) and can provide metric
manual, labour-intensive and error-prone process
data in support of CSI for the change management
of incident and problem discovery and resolution.
and release and deployment management
Utilizing data from proactive detection monitors,
processes, along with dynamic updates to the CMS.
any component or service outage generates
an alert that automatically triggers diagnosis
7.1.3 Event management
and repair procedures. These procedures then
An event can be defined as any detectable or identify the root cause and resolve the issue
discernible occurrence that has significance for using preprogrammed and scripted self-healing
the management of the IT infrastructure or techniques, reducing the MTRS of many common
the delivery of IT services. There should be an causes of incidents, and in some cases preventing
evaluation of the impact any deviation might service outages completely. These tools also
cause to the services. Events are typically created document audit-related information within the
by an IT service, CI or monitoring tool. Events can incident or problem record for future analysis
be programmed to communicate operational and identification of other potential proactive CSI
information as well as warnings and exceptions. opportunities.
Warning and exception events are created when
a tool senses a threshold has been met or an error 7.1.5 Knowledge management
condition is discovered. The major issue with this
There are specialist tools available that support
capability can be the significant volume of messages
and streamline the discipline of knowledge
that are created from both the actual event and the
management. Providing efficient and accurate
up- and down-stream impact, which can make it
access to previous cases with proven resolution
difficult to determine the real issue.
data, these tools address the symptoms associated
Specialized event management software can with the current incident or problem. Capturing
perform event correlation, impact analysis and root data throughout the incident and problem
CSI_Chapter_07.indd 6 09/07/2011 10:17

management lifecycles enables a knowledge usage for offline analysis and modelling activities.
management engine to assign related keywords Capabilities of these tools generally include:
and service relationships that will enhance the
n Analysis of responsiveness, transaction and
search process providing a high percentage of
traffic throughput and utilization levels,
hits, thus speeding up the overall resolution
supporting the balancing of resources to
process. Knowledge management tools also
optimize performance of the IT services
generate significant metrics aimed at measuring
n Workload assessment with predictive trend
the improvement process itself. Key CSI data adds
analysis of future growth and required capacity
transparency to incident recurrence and frequency,
for each of the IT services being provided
utilization rates, the effectiveness of the stored
n The construction of performance, resource and
resolutions and the impact knowledge management
data usage profiles, enabling the comparison of
has on the efficacy of the overall support function.
actual utilization with planned models
7.1.6 Requesting services (service n Predictive performance technology enabling the
evaluation of tuning alternatives for systems,
catalogue and workflow)
networks, databases and applications that
As mentioned in section 7.1.1, there are specialized support modelling of the expected outcomes
tools that deal with service catalogue definition,
n Generation of the data required to report on
requests for services and the workflow associated
SLAs, identify opportunities for improvement
with their fulfilment. Some of these tools provide
to include in the CSI register, and for building
the workflow engines and some rely heavily on the
service improvement plans (SIPs).
capabilities of the companion ITSM suite. These
tools provide the technology required to define the There are many tools in the marketplace
services within a catalogue structure in conjunction that support the overall CSI initiative across
with business customers and create a service portal many aspects of performance management
(normally web-based) that allows users to request including business, service and resource capacity
services. The request is then managed through the planning, feasibility analysis, modelling, solution
workflow engine assigning resources according development, implementation, management and
to a defined process of tasks and related activities ongoing monitoring of the IT service provision.
for each request type. These tools typically also
capture related cost information to be fed to the 7.1.8 Application and service
financial systems for later charging activities. This performance monitoring
functionality does much to support ITs integration There has always been a challenge related to
with the business, defining services that underpin understanding the true user experience related
their mission and streamlining the delivery of to service provision. Recognizing this need, many
commodity services that so often become a source of vendors provide tools that monitor the end-to-end
customer frustration. As in other tools, the true CSI delivery of services, using either active or passive
benefit is that the data that is collected and reported technologies, to fully instrument and probe the
relates to the quality of the services delivered, any many components of the service delivery chain. The
bottlenecks encountered, and the ability to track software provides key metrics such as availability,
the achievement of related service levels. transaction throughput, transaction response time,
network latency, server efficiency, database input
7.1.7 Performance management and output, and Structured Query Language (SQL)
Performance management tools allow for the effectiveness. This data provides system managers,
collection of availability, capacity and performance application managers, availability management
data from a multitude of domains and platforms managers, capacity managers and service owners
within the IT infrastructure environment. with the ability to analyse the delivery of services
This data is used to populate the availability at all key points in the chain and look for
management information system (AMIS) and potential improvements to streamline the overall
capacity management information system (CMIS), delivery mechanisms. Usage trend data is vital
giving IT organizations a historical, current and for the availability management and capacity
future view of performance, resource and service management processes, providing the information
CSI_Chapter_07.indd 7 09/07/2011 10:17

required to assess current performance and plan 7.1.12 Information security management
for future growth. This capability also enhances These tools support and protect the integrity of
SLMs ability to track conformance to SLAs the network, systems and applications, guarding
accurately and identify candidates for the service against intrusion and inappropriate access and
improvement process. usage. As in the systems and network management
area, all security-related hardware and software
7.1.9 Statistical analysis tools solutions should generate alerts that trigger the
Most of the tools that are available to support the auto-generation of incidents for management
service management and systems management through the normal processes.
environments provide reporting capabilities but
this is typically not enough to support robust 7.1.13 Project and portfolio management
availability management and capacity management These tools support the registration, decision
capabilities. Raw data from many of the above support, costing, resource management, portfolio
tools needs to be captured into a single repository visibility and project management of new business
for collective analysis. This data provides input functionality and the services and systems that
to the availability management and capacity underpin them. These tools are typically used
management processes and supports the analysis of to manage the business-related aspects of
MTRS, MTBF, service failure, demand management, IT. Integration points generally include: task
workload analysis, service modelling, application assignments for development activities, change
sizing and their related opportunities for and release build information based on the
improvement. This type of software provides the agreed portfolio, capture of resource data from
functionality to group data logically, model current ITSM, total cost of ownership (TCO) of the service
services and enable predictive models to support portfolio, and resource utilization data to financial
future service growth, utilizing a wide array of management for IT services etc. These tools are
analysis techniques. typically utilized to underpin the management
board approval process related to strategic or
7.1.10 Software version control/software major change projects.
configuration management
These tools support the control of all mainframe, 7.1.14 Financial management for IT
open systems, network and applications software, services
providing a definitive media library type Financial management is a critical component of
repository for the development environment. the IT services mission to ensure there are enough
Version information must seamlessly integrate financial resources to maintain and develop the
with the CMS and with release and deployment IT infrastructure and professional capabilities in
management. support of the current and future needs of the
business. A balanced budget in IT through the
7.1.11 Software test management recovery of IT costs, with a solid understanding
These tools support the testing and deployment of the fiscal aspects of their operations, enables
activities of release and deployment management, IT executives to justify their expenses on business
providing development, regression testing, services being supported.
user acceptance testing and pre-production QA
In an increasing number of IT organizations this
testing environments. Typically, there is additional
requires keeping track of resource and service
functionality to support testing of specific
utilization for the purpose of billing and chargeback
functional requirements that were captured early
of the shared IT resources. The costing and resource
in the development lifecycle. These tools should
consumption measurement becomes critical to
integrate with incident management to capture
charge business customers effectively and accurately
testing-related incidents that may affect the
in an equitable, visible and auditable way.
production version of the same software.
CSI_Chapter_07.indd 8 09/07/2011 10:17

Financial management for IT services tools applications and ERP system to acquire and share
collect raw metering data from a variety of aggregate costs. Interfaces are also normally
sources including operating systems, databases, supported with project and portfolio management
middleware and applications, associating this usage tools to facilitate the overall portfolio of
with users of services from specific departments. investments.
Data collectors gather critical usage metrics for
Effective cost management is a basic requirement
each of the technologies being measured, link in
for the IT organizations of today; financial
the costing information from accounting software,
management for IT services tools is required to
and then report, analyse and allocate costs,
ensure that customers can not only understand
enabling customers to evaluate the information in
the IT costs of their business operations, but also
many dimensions.
more accurately budget and enable IT to evaluate
Most tools interface with the CMS to manage the overall effectiveness of the services provision.
costs for each CI and resource to generate data Successful implementation and usage of these
related to billing, reporting, charging and cost tools supports the continual improvement of cost
analysis. These tools typically federate with the management and drive ever-increasing IT value to
organizations enterprise financial management the business.
Service portal Service

catalogue
Service
desk
Service Workflow
requests management

Service Application
Business customers and users
A requests
Service performance
monitoring
Project and
Service portfolio
B management
Service Incidents
C

Business relationship management
Change Availability Financial IT service

management, management, management continuity Reporting
release and capacity SLAs OLAs
deployment management for IT services management
UCs
Figure 7.2 Service-centric view of the IT enterprise
CSI_Chapter_07.indd 9 09/07/2011 10:17

7.1.15 Business intelligence/reporting 7.2 SUMMARY

In addition to the statistical analysis environment For effective CSI it is important for organizations
that requires a toolset to support technical data, to view their tool requirements from an enterprise
there is also a need for a common repository of perspective. Figure 7.2 shows how an integrated
all service information and business-related data. toolset is required to underpin all the ITIL processes
Often these tools are provided by the same vendors and provide a diverse range of data required for
who support the statistical analysis software but effective and efficient CSI. Tools for CSI should
the focus in this instance is on providing business- support the key operational activities of the seven-
related data from all of the above toolsets, step improvement process: data gathering, data
representing a guide to direct the activities of IT as processing, data analysis and data presentation.
a whole in support of the business customer. Tools must provide for monitoring of each level
As the technology used to deliver IT services of the service hierarchy: services, systems and
becomes increasingly complex, the distribution of components, as well as support the reporting
services expands and the amount of centralized activities for SLAs, OLAs and UCs.
control we can apply is diminished, there will
be a growing reliance on tools and software
functionality to administer, manage, improve and
ensure overall governance of IT service provision.
As stated earlier, best-practice processes should
determine what support functionality is required
but we can be assured that the software industry
will continue to develop a wide and varied set of
tools that can reduce the administrative overhead
of managing processes and improve the overall
quality of IT service provision.
CSI_Chapter_07.indd 10 09/07/2011 10:17

Implementing continual
service improvement
8
09/07/2011 10:18
CSI_Chapter_08.indd 2 09/07/2011 10:18
| 155
8 Implementing continual service

improvement
This publication has discussed implementing 8.2 WHERE DO I START?

continual service improvement (CSI) from two
perspectives: the implementation of CSI activities 8.2.1 Where do I start the service
around services, and the implementation of CSI approach
around service management processes. However,
An organization can choose to implement CSI
if your organization does not have very mature
activities in many different ways. One way is
service management processes then it is usually
to identify a certain service pain point such as
difficult to execute the seven-step improvement
a service that is not consistently achieving the
process for services.
desired results. Work with the service owner to
Immature processes usually have poor data validate the desired results and the trend results
quality if any at all. This is often because there over the past few months. Review any monitoring
are no processes or very ad hoc processes. Other that has been done. If there hasnt been any end-
organizations have multiple processes working to-end monitoring in place but some component
with multiple tools being used to support the monitoring, then review what has been monitored
processes. If any monitoring is going on it may and see if there are any consistent issues that are
be at a component or application level but not leading to the lower than expected service results.
from an end-to-end service perspective. There is Even if there hasnt been any component monitoring
no central gathering point for data, no resources conducted, review your incidents and see if you can
allocated to process and analyse the data, and find some trends and CIs that are consistently failing
reporting consists of too much data broken into more than others and which impact the service. Also
too many segments for anyone to analyse. Some review the change records for the different CIs that
organizations dont have any evidence of reporting together underpin the service.
at all.
The bottom line is that you have to start
somewhere. If you dont feel you have adequate
8.1 CRITICAL CONSIDERATIONS FOR data from monitoring or from another process then
IMPLEMENTING CSI the first step is to identify what to monitor, define
the monitoring requirements, and put in place or
Before implementing CSI it is important to have
begin using the technology required for monitoring.
identified and filled the critical roles that have
been identified in Chapter 6. These include a CSI Be sure to analyse the data to see if the trends
manager, service owner and reporting analyst. make sense and whether there are any consistent
A service level manager facilitates the liaison failures or deviation from expected results. Report
between the customers and IT. findings and identify improvement opportunities.
Monitoring and reporting on technology metrics,

8.2.2 Where do I start the lifecycle
process metrics and service metrics need to be in
place. approach
Another approach is to start looking at the output
Internal service review meetings need to be
from the different lifecycle stages. For example,
scheduled in order to review from an internal IT
service design personnel need to monitor and
perspective the results achieved each month. These
report on their activities and, through trend
internal review meetings should take place before
evaluation and analysis, identify improvement
any external review meeting with the business.
opportunities to implement. This needs to be done
by every part of the lifecycle and CSI is engaged in
this activity. Until the service is implemented we
may not know if the right strategy was identified,
CSI_Chapter_08.indd 3 09/07/2011 10:18

156 | Implementing continual service improvement
so we may not have input until later for service Implementing an IT service management (ITSM)
strategy improvement. process governance organization will support the
development of, and transformation to, a process-
As service transition personnel begin working
and service-based organization and provide the
with the designed service they may identify
organizational infrastructure to manage process
improvement opportunities for service design.
improvement initiatives.
CSI can be effective well before a service is
implemented into the live environment. A comprehensive and integrated approach to the
design, implementation and ongoing compliance
8.2.3 Where do I start the functional to accepted ITSM standards includes:
group approach n Organizational structures, roles and
Perhaps your organization is experiencing a lot of responsibilities
failures or issues with servers. If this is the case, it n IT processes, policies and controls.
may be a good opportunity to focus CSI activities
within the functional group responsible for the 8.3.1 Business drivers
servers, as server failures have a direct impact on
The implementation of a standard ITSM process
service availability.
and governance is deemed as imperative to
This should be a short-term solution only, as CSI support current and future business plans:
activities should be reviewing services from an
n Support the organizations vision
end-to-end perspective; however, it is often easier
n Provide standard IT processes and a stable and
to have a small group focused on CSI activities.
reliable IT environment to enable timely and
Perhaps this could be a pilot of CSI activities before
efficient integration of new services and systems
a full deployment across the organization.
n Provide process policies, standards and controls
to comply with internal audit and external
8.3 GOVERNANCE regulatory and legislation requirements
No matter if you are implementing CSI around n Foster a climate of commitment to best practices
service management or services, it is critical that n Provide a standard ITSM process across the IT
governance is addressed from a strategic view. organization to support the organizational
Organizations are facing the need to expand transformation to an enterprise IT services
their IT service management strategies from an model while maintaining operational stability
operational level to tactical and strategic levels and reliability to the business.
to address business process automation, market
globalization and the increasing dependency on 8.3.2 Process changes
IT for the efficient and reliable management and Implementing CSI will have an impact on many
delivery of core business services. To address this parts of the IT organization. Processes, people,
requirement, formalized service management technology and management will undergo change.
processes and specialized service and work CSI needs to become a way of life within the
management tools are being introduced to organization. This may require new management
manage todays complex and distributed IT structure, new technology and changes to
environments. Introducing service management processes to support CSI, and people will need to
processes into internal IT organizations requires a be trained and understand the importance of CSI
transformation to the IT culture. within the organization.
Some internal IT organizations are still system/ If you only focus on changing a single process or
technology-management-based organizations, technology CSI may not be effective. Figure 8.1
which are reactive in nature. Transforming to a identifies how CSI should instead take a holistic
service-management-based organization, which is view to improvements.
more proactive in nature, is a step to aligning IT
with business. It is also fundamental to achieving
the goal of providing efficient and reliable
management and delivery of core business
services.
CSI_Chapter_08.indd 4 09/07/2011 10:18

Implementing continual service improvement | 157
Single point of Mgt commitment

accountability Mgt participation
Logical group of activities Compensation/rewards
Process
Cross departmental Values/beliefs
Defined procedures Coaching/enabler
Repeatable, consistent Career opportunities
Global standards Organizational design
People Management
Enhanced skills
Multi-functional teams Teamwork enabled
Values/beliefs Service management tools
Cultural biases Integrated data sharing
Training Knowledge management
Career development Management information
Technology
Figure 8.1 Process re-engineering changes everything
8.4 CSI AND ORGANIZATIONAL CHANGE are shown in Table 8.1, apply equally to ITSM
implementation programmes.
Project management structures and frameworks
fail to take into account the softer aspects
8.4.1 Create a sense of urgency
involved in organizational change such as
overcoming resistance to change, gaining Half of all transformations fail to realize their
commitment, empowering, motivating, involving goals because they lack adequate attention to
and communicating. Experience reveals that it this step. Not enough people accept that change
is precisely these aspects that prevent many CSI is essential. To create a sense of urgency, ask the
initiatives from realizing their intended aims. question What if we do nothing? Answering
The success of a CSI initiative depends on the this question at all organizational levels will help
buy-in of all stakeholders. Gaining their support gain commitment and provide input to a business
from the outset, and keeping it, will ensure their justification for investing in CSI.
participation in the development process and Examples of the consequences of doing nothing
acceptance of the solution. The first five steps are:
in Table 8.1 identify the basic leadership actions
n The business will lose money because of outages
required.
of crucial IT services, systems and applications.
Those responsible for managing and steering n The business will find IT costs unacceptable
the CSI initiative should consciously address and may insist on staffing reductions as an easy
these softer issues. Using an approach such as option for reducing costs.
John P. Kotters eight steps to transform your
organization, coupled with formalized project The question What if we do nothing? should
management skills and practices, will significantly be answered from the perspective of different
increase the chance of success. stakeholders. This step could be taken in the
form of one-on-one dialogues with stakeholders,
Kotter, Professor of Leadership at Harvard Business workshops and team meetings. The aim is to create
School, investigated more than 100 companies a real awareness and commitment that the status
involved in, or having attempted, a complex quo is no longer acceptable.
change programme and identified eight main
steps that need to be implemented in order
to successfully change. The eight steps, which
CSI_Chapter_08.indd 5 09/07/2011 10:18

Table 8.1 Eight steps that need to be implemented, and the main reasons why transformation efforts
fail (from Kotter, 1996)
Step Reasons for failure (quotes)
1 Create a sense of urgency 50% of transformations fail in this phase
Without motivation, people wont help and the effort goes nowhere
76% of a companys management should be convinced of the need
2 Form a guiding coalition Underestimating the difficulties in producing change
Lack of effective, strong leadership
Not a powerful enough guiding coalition opposition eventually
stops the change initiative
3 Create a vision Without a sensible vision, a transformation effort can easily dissolve
into a list of confusing, incompatible projects that can take the
organization in the wrong direction, or nowhere at all
An explanation of 5 minutes should obtain a reaction of
understanding and interest
4 Communicate the vision Without credible communication, and a lot of it, the hearts and minds
of the troops are never captured
Make use of all communications channels
Let the managers lead by example walk the talk
5 Empower others to act on Structures to underpin the vision and removal of barriers to
the vision change
The more people involved, the better the outcome
Reward initiatives
6 Plan for and create quick Real transformation takes time without quick wins, too many
wins people give up or join the ranks of those opposing change
Actively look for performance improvements and establish clear goals
Communicate successes
7 Consolidate improvements Until changes sink deeply into the culture, new approaches are fragile
and produce more change and subject to regression
In many cases, workers revert to old practice
Use credibility of quick wins to tackle even bigger problems
8 Institutionalize the change Show how new approaches, behaviour and attitude have helped
improve performance
Ensure selection and promotion criteria underpin the new approach
CSI_Chapter_08.indd 6 09/07/2011 10:18

8.4.2 Form a guiding coalition cannot explain the vision in five minutes, the vision
Experience shows a need for assembling a group itself is not clear and focused enough.
with sufficient power to lead the change effort A sound vision statement is important when
and work together as a team. Power means more forming a business justification for CSI; if one is
than simply formal authority but also experience, already under way then having clear aims will help
respect, trust and credibility. This team is the set more specific goals. The goals of CSI should be
guiding coalition for the CSI. SMART (specific, measurable, achievable, relevant
It is important that the team leading the CSI and time-bound) and addressed in terms relating
has a shared understanding of the urgency and to the business itself.
what it wants to achieve. A guiding coalition
team does not have to comprise solely of senior 8.4.4 Communicate the vision
managers. A guiding coalition should ensure Although the vision is a powerful tool in helping
that the organization is motivated and inspired guide and coordinate change, the real power
to participate. A single champion cannot achieve is unleashed when the vision is effectively
success alone. Those initiating a CSI should try to communicated to the stakeholders. Every
gain full support from the stakeholders, including stakeholder should understand the vision.
the business managers, IT staff and the user The sense of urgency (What if we do nothing?)
community. The team must be prepared to spend and the vision (Whats in it for me?) should form
time and effort convincing and motivating others the basis of all communication to the stakeholders
to participate. involved in or impacted by the CSI initiative.
In the beginning this team will be small and should These messages should be aimed at motivating,
include an influential business or IT sponsor. As inspiring and creating the necessary energy and
the programme buy-in grows, and throughout the commitment to buy in to the change programme.
programme itself when more and more successes An important aspect of the communication is
are achieved and benefits realized, this team demonstrating by example.
should be increased to involve a wider range of It is important to make use of all communications
people and functions. Conscious attention should channels to get the messages across. Use the
be given to managing a formal and informal organizations newsletters, intranet site, posters,
network that forms the basis of a guiding coalition, theme and team meetings, and seminars. Aim the
asking the questions Do we have the right people communication at the specific needs and wants of
on board? and, if not, Who should we have on each target group. For example, a presentation
board? to computer operators, stressing the benefits of
lower management costs and increased business
8.4.3 Create a vision availability, may be less likely to inspire them than
The guiding coalition should be responsible for the idea that they will have the chance to gain
ensuring that a vision is produced describing the new skills and opportunities, or that they will be
aim and purpose of CSI. A good vision statement supported by the latest advanced management
can serve four important purposes. It can: technology so they spend less time fire-fighting.
n Clarify the direction of the programme
n Motivate people to take action in the right
8.4.5 Empower others to act
direction on the vision
n Coordinate the actions of many different people Establishing the urgency, creating a guiding
n Outline the aims of senior management. coalition, and creating and communicating a vision
are all aimed at creating energy, enthusiasm, buy-
Without a sensible and easily understood vision, in and commitment to enable successful change.
a CSI implementation can easily dissolve into a list In the empowering phase, two important aspects
of confusing, incompatible projects that can take need to be stressed: enabling and removing
the organization in the wrong direction, or even barriers.
nowhere at all. A vision that is easy to understand
is also easy to explain. As a rule of thumb, if one It is crucial to understand what is meant by
empowerment. It is a combination of enabling
CSI_Chapter_08.indd 7 09/07/2011 10:18

people and removing barriers. Empowerment n Medium-term wins have the characteristics of
means giving people the tools, training, direction confidence and capability, and having a set of
and assurance that they will be given clear and working processes in place.
unambiguous fixed goals. Once people are n Long-term wins have the characteristics
empowered, they are accountable. That is why of self-learning and expertise, and fully
confirming their confidence before going ahead is integrated processes that have self-learning
important. and improvement built into them; reaching this
stage requires a baseline of confident, capable
8.4.6 Plan for and create short-term wins delivery and real understanding. Trying to reach
Implementing service management improvements this level before having gone through the other
can be a lengthy programme of change. It is levels is like trying to win an Olympic medal
important that, during the programme, short-term before commencing training.
wins are realized and communicated. Short-term
wins help to keep a change effort on track and to 8.4.8 Institutionalize the change
keep the energy and commitment levels high. Real Change needs to be institutionalized within the
transformation takes time. Without short-term organization. Many changes fail because they are
wins, too many people give up or join the ranks of not consolidated into everyday practice. This is
those opposing the change. Short-term wins can akin to buying a membership to a gym but not
also be used to help: going to the gym. To institutionalize a change
n Convince sceptics of the benefits means showing how new working practices have
n Retain support of influential stakeholders produced real gain and benefits, and ensuring
n Expand the guiding coalition and get more that the improvements are embedded in all
people on board and committed to the organizational practices.
programme Often the CSI team is disbanded before the
n Build confidence to tackle even more complex working practices are institutionalized; there is
implementation issues and process integration. a danger that people may revert to old working
practices. This has to stop. CSI must be a way of life
Try to identify some short-term wins for each
not a knee-jerk reaction to a failure of some sort.
service and/or process and plan these into the CSI.
It is also important that short-term wins are made These are some ways of institutionalizing changes:
visible and are communicated to all stakeholders. n Hire people with ITIL experience or proven
When planning to communicate the short-term customer- or service-focused experience.
wins, obtain answers to the questions For whom
n When inducting new employees (in business and
is it a short-term win? and To what degree does
IT), include service management familiarization:
it support the overall aims and goals? and work
This is the way we do things.
these answers into the communication.
n Include ITIL or service-management-focused
training in employee training plans and offerings.
8.4.7 Consolidate improvements and
n Match service goals and management reporting
produce more change to changing requirements, showing that they
The success of short-term wins keeps the are used and requests are made for new sets of
momentum going and creates more change. In CSI steering information.
it is important to recognize short-, medium- and n Identify clear action items in meeting minutes
long-term wins. Changes should sink deeply into and act on them in a timely manner.
the new culture or the new approaches will be
n Integrate new IT solutions and development
fragile and subject to regression:
projects into existing processes.
n Short-term wins have the characteristics of
Signs that the changes have been institutionalized
convincing, motivating and showing immediate
include:
benefits and gains.
n People defend the procedures and declare This
is the way we work, rather than This is the way
Ive been told to do it.
CSI_Chapter_08.indd 8 09/07/2011 10:18

n People make suggestions for improving want them to follow the new CSI activities and
procedures and work instructions to make them procedures, and use the tools appropriately.
more effective or efficient. As you change employees behaviour then
n Service and process owners are proud of their over time this changed behaviour becomes the
achievements and offer to give presentations organizations new culture. Senior management
and write articles. plays an important part in changing behaviour.
Senior managers have to be the proper role
8.4.9 Organization culture models: if they dont follow a process they are
Organizational culture is the whole of the giving permission to others to follow their lead.
ideas, corporate values, beliefs, practices Senior managers have to ensure that people
and expectations about behaviour and daily are rewarded for following the new process,
customs that are shared by the employees in an and for CSI it means ongoing monitoring,
organization the normal way of doing things. analysing, reviewing, trend evaluation, reporting,
Component parts of the culture include: identification of improvement opportunities and,
of course, implementing those opportunities.
n The way authority is exercised and people
rewarded This will also require the help of your
n Methods of communication organizations human resource department,
n The degrees of formality required in working as changing employees behaviour is directly
hours and dress, and the extent to which tied to ensuring the job descriptions are up to
procedures and regulations are enforced. date, employees goals and objectives take into
consideration service management responsibilities,
One could say culture is the heart of the matter and expectations include CSI activities. Also
or a key issue in implementing CSI. Culture could employee performance plans should be directly
support an implementation or it could be the related to fulfilling these responsibilities
bearer of resistance. and expectations. Whether an employee is
Culture is continually named as one of the barriers performing an activity for service improvement
in realizing any type of organizational change. or a change management activity, this should be
When an organization has embraced CSI, the new recognized and employees rewarded based on the
organizational structure and technology receives performance.
overwhelming attention and almost no attention is The following two statements are important when
paid to the effect on the culture. Culture isnt good thinking about changing an employees behaviour.
or bad its just there.
n What gets rewarded gets done This is
An organizations culture can be immediately why it is important to set up performance
recognized by an outsider from the staffs attitudes plans, performance appraisal systems and
and morale, their vocabulary the phrases and compensation plans to tie into CSI activities as
buzzwords they use, and the stories and legends well as other service management activities.
they tell of the organizations heroes. Continual If you are rewarding an employee for simply
improvement is about moving away from the hero doing the daily activities of their job, and
mentality and focusing more on proactive planning not for understanding the full end-to-end
and improving, instead of always reacting to fix service management processes, there will
something when it breaks. be no incentive for them to gain a broader
understanding. It will be hard to change an
8.4.9.1 Key concept employees behaviour when they get rewarded
One of the keys to changing the culture of an for doing what they do today.
organization is to understand that you do not n You get what you inspect not what you expect
start out to change the culture. You start out to Organizations always expect employees to
change the employees behaviour. In other words, do certain things, but unless they are actually
when implementing CSI around services and monitoring and checking to see if the tasks and
service management processes you are asking the activities are being done, there is little reason
staff members to change how they do things. You for an employee to do them. Remember the
CSI_Chapter_08.indd 9 09/07/2011 10:18

state of North Carolina example in section understanding, e.g. surveys, website hits, event
5.6.5. The state achieved results through participation etc.
training, creating an awareness campaign and
In order to change behaviours and ultimately an
letting people know they were tracking results
organizations culture will require a well-thought-
and would be discussing the results with the
out communication strategy and plan. An effective
managers each month.
communication strategy and plan will focus on
creating awareness of why the organization is
8.5 COMMUNICATION STRATEGY implementing service management, why we
AND PLAN want to formalize a CSI process, and why ITIL was
Timely and effective communication forms an chosen as the best-practice framework. The plan
important part of any service improvement project. will also need to address how to provide service
In an effort to transform an organization from management education through formal training
performing CSI activities ad hoc to undertaking programmes or internal meetings, how to provide
more formal and ongoing CSI activities, it is critical formal training on the new processes and tools
that participants and stakeholders are informed that sets new expectations, and how to provide
of all changes to the processes, activities, roles and updates on progress and achievements.
responsibilities. When developing your communication strategy
The goal of the communications plan is to and plan it is important to take into consideration
build and maintain awareness, understanding, how corporate communication works today.
enthusiasm and support among key influential In some organizations, if you want the chief
stakeholders for the CSI initiative. information officer (CIO) to communicate
something on behalf of CSI or any service
When developing a communication plan, it is management project, it may take a long time. This
important to realize that effective communication needs to be planned for.
is not based solely on a one-way flow of
information, and it is more than just meetings. A Also keep in mind the culture around
communications plan must incorporate the ability communicating with the business. In some
to deal with responses and feedback from the organizations there are strict guidelines on who
targeted audiences. can communicate with the business. Often this
is through the service level management (SLM)
The plan should include a role to: and business relationship management processes.
n Design and deliver communications to the No matter what the method is, always have
different CSI roles, stakeholders such as other communicating with the business as one of your
ITSM process roles and identified target key communication activities.
audiences
n Identify forums for customer and user feedback 8.5.1 Defining a communication plan
n Receive and deliver responses and feedback Defining your plan needs to take into
to the project manager and/or process team consideration the following topics:
members.
n Who is the messenger? This is often
Key activities for the communications plan include: overlooked when assessing the importance of
n Identifying stakeholders and target audiences aligning the messenger with the message. There
n Developing communications strategies and tactics are times when it is appropriate for the CIO to
deliver a communication. Another time it may
n Identifying communication methods and
be a service owner or process owner who should
techniques
be doing the communicating.
n Developing the communications plan (a matrix
n What is the message? Define the purpose
of who, what, why, when, where and how)
and objective of the message. This needs to be
n Identifying the project milestones and related
tailored to the target audience. Keep in mind the
communications requirements
importance of communicating the benefits of the
n The tools and techniques to use to gain CSI initiative. The whats-in-it-for-me approach is
a perspective on the level of audience still valid and needs to be addressed.
CSI_Chapter_08.indd 10 09/07/2011 10:18

Table 8.2 Table for sample communication plan

Messenger Target audience Message Method of Date and Status
communication frequency
CIO All of IT CSI initiative is Town hall Month/day Planned

kicking off meeting
n Who is the target audience? The target

Vision
audience for CSI could be senior management,
Communication lines
mid-level managers or the staff who will be
tasked with performing CSI activities. The target
audience will often dictate who will deliver the
message based on what the message is. Strategic Transformation
n Timing and frequency of communication
Be sure to plan and execute your Tactical Transformation
communication in a timely manner. The one

Transformation
constant about managing change is that for Operational
communication to be effective, it will take more

than a one-time communication. If reporting is Figure 8.2 Vision becomes blurred
what is being communicated you will want to
define your reporting timelines and frequency. 8.5.2 Communication transformation
n Method of communication The old standby The strategic management level usually initiates
of sending emails and putting something the communication about new initiatives and this
on the web can work for some forms of should be true for implementing CSI within your
communication, but in order to manage change organization. The CSI initiative is handed down
effectively it is important to have a number from the strategic level to the tactical level and
of face-to-face meetings where there is an then to the operational level. It is more the rule
opportunity for two-way communications to than the exception that each level goes through
take place. Attending staff meetings, holding its own transformation process. It is important that
information meetings open to all IT personnel the same message is being sent and received as the
and conducting town hall meetings are all vision is communicated down the organization.
effective methods that need to be considered. The outcome of this process is the cause and often
n Provide a feedback mechanism Be sure to the demand for the next level in an organization
provide some method for employees to ask to transform. Information about this process and
questions and provide feedback on the change how people are dealing with it are seldom handed
initiative. Someone should have ownership down. Unfortunately the higher level gives little
of checking and ensuring that responses are feedback about this process to the next level.
provided to questions or comments.
What also happens is that the content of the
Be sure to keep a record of all your vision and reasons for the organizational change
communications as they illustrate how the becomes less understood as it moves down through
communication plan has been executed. the organization. Only parts of the rationale
behind the organizational change come through
You can develop a simple table for your
to the operational level. Figure 8.2 shows how only
communication plan as shown in Table 8.2.
part of the original content of the vision is handed
Keep in mind that you will be communicating
down (the shadow of the upper level) to the
to various groups within IT. Be sure to include
operational level. As the message is passed through
senior management, mid-level managers and
the organizational levels, the clarity and content of
line contributors, as well as those working or
the vision is blurred even further.
supporting CSI activities.
Because each management level has its own
separate transformation processes they fail to
CSI_Chapter_08.indd 11 09/07/2011 10:18

Executive strategy
2. Where do we
(targets, new directions)
want to be?
Service objectives (optimization of
process integration at value added
Baseline data
Executive sponsors level) External benchmarks
Sponsors
Senior management
Internal or external assessment CSI manager
Continual
improvement report
Internal (corporate)
audit findings IT strategy
planning 3. How do we
Security Finance get there? Process owner meeting
1. Where are CSI register and service
we now? Services
improvement plans
Service Sponsor status meeting
CSI manager management
Sponsor CSI manager
Process owner processes
Sponsors
Data centre ops Process owners/process managers
Infrastructure managers
Service metrics
Technology metrics 4. Did we get there?
Process metrics
Process KPIs and management reports

Activity Service improvement plans
Roles Updated CSI register
Input (assign and re-prioritize)
CSI manager
Process owners/process managers
Figure 8.3 CSI roles and inputs
appreciate the feelings of the other levels. This the proper output for process metrics to be used
is most evident for operational level staff, who for identifying process improvement initiatives.
feel particularly vulnerable if they have not been Technology will need to be in place for monitoring
involved in the discussions. Yet the commitment and reporting. Communication is critical to help
and energy of operational level staff are essential change employees behaviour. Communication
to the success of any organizational change. will be necessary to identify the target audience,
who the messenger is, what message is being
communicated and what is the best way to
8.6 SUMMARY communicate the message.
Developing a governance structure is important
Figure 8.3 shows the roles and key inputs that
for formalizing CSI in your organization. CSI
are involved in the different phases of continual
will require that key roles are filled for trend
improvement.
evaluation, analysis reporting and decision-
making. Process compliance is critical for ensuring
CSI_Chapter_08.indd 12 09/07/2011 10:18

Challenges, risks and
critical success factors 9
09/07/2011 10:18
CSI_Chapter_09.indd 2 09/07/2011 10:18
| 167
9 Challenges, risks and critical

success factors
9.1 CHALLENGES 9.2 CRITICAL SUCCESS FACTORS

Every organization has its unique set of challenges. These are some critical success factors (CSFs):
As with implementing any type of change within
n Appointing a CSI manager
an organization, one of the major challenges is
n Adopting CSI within the organization
managing the behavioural changes required.
n Management commitment ongoing, visible
Another issue is that continual service participation in CSI activities such as creating
improvement (CSI) often requires adequate tools vision for CSI, communicating vision, direction
for monitoring and gathering the data, analysing setting and decision-making, when appropriate
the data for trends and reporting on the data. CSI n Defining clear criteria for prioritizing
does not happen only through automation but also improvement projects
requires resources to be allocated to CSI activities.
n Adopting the service lifecycle approach
Those allocating resources need to understand
n Having sufficient and ongoing funding for CSI
their roles and responsibilities and have the correct
activities
skill sets to execute the CSI activities.
n Resource allocation people dedicated to the
These are some of the common challenges you may improvement effort not as just another add-on
encounter when implementing CSI: to their already long list of tasks to perform
n Lack of management commitment n Technology supporting the CSI activities
n Inadequate resources, budget and time n Adopting processes embracing service
n Lack of mature service management processes management processes instead of adapting it to
n Lack of information, monitoring and suit their own personal needs and agenda.
measurements
n Lack of knowledge management 9.3 RISKS
n A resistance to planning and a reluctance to be
These are some risks:
proved wrong
n Lack of corporate objectives, strategies, policies n Being over-ambitious dont try to improve
and business direction everything at once; be realistic with timelines
n Lack of IT objectives, strategies and policies and expectations
n Lack of knowledge and appreciation of business n Not discussing improvement opportunities with
impacts and priorities the business the business has to be involved in
improvement decisions that will impact it
n Diverse and disparate technologies and
applications n Not focusing on improving both services and
service management processes
n Resistance to change and cultural change
n Not prioritizing improvement projects
n Poor relationships and communication, and lack
of cooperation between IT and the business n Implementing CSI with little or no technology
n Lack of tools, standards and skills n Implementing a CSI initiative with no resources
this means that people must be allocated and
n Tools too complex and costly to implement and
dedicated to this
maintain
n Implementing CSI without knowledge transfer
n Over-commitment of resources with an
and training this means educating first
associated inability to deliver (e.g. projects
(acquire knowledge), then training (practise
always late or over budget)
using the newly acquired knowledge); training
n Poor supplier management and/or poor supplier
should be undertaken as close to the launch of
performance.
improvement as possible
CSI_Chapter_09.indd 3 09/07/2011 10:18

168 | Challenges, risks and critical success factors
n Not performing all steps of the seven-step 9.4 SUMMARY

improvement process it is important that all
Implementing CSI is not an easy task: it requires
steps of the improvement process are followed;
a change in management and staff attitudes and
missing any one step can lead to a poor decision
values that continual improvement is something
on what and how to improve
that needs to be carried out proactively and not
n Lack of making strategic, tactical or operational reactively.
decisions based on knowledge gained reports
are actually used; people see that the reports Identifying the risks and challenges before
are being used implementing CSI is a critical first step. A SWOT
n Lack of management taking action on analysis (examining strengths, weaknesses,
recommended service improvement opportunities and threats) can help identify
opportunities these items. It is important to define mitigation
strategies for the risks and identify how to best
n Lack of meeting personnel in the business to
overcome challenges that an organization may
understand new business requirements
encounter.
n Lack of communication/awareness campaign
for any improvement, or it is late or missing Knowing the CSFs before undertaking CSI
altogether implementation will help manage the risks and
n Not involving the right people at all levels challenges. Dont try to change everything at once.
to plan, build, test and implement the
improvement
n Removing testing before implementation
or only partially testing so all aspects of the
improvement (people, process and technology)
must be tested, including the documentation.
CSI_Chapter_09.indd 4 09/07/2011 10:18

Afterword
CSI_Chapter_Afterword.indd 1 09/07/2011 10:19

| 171
Afterword
For centuries people have been sailing across

the oceans in ships. While a very few have been
intrepid explorers intent on charting new territory
and new routes to far-off lands, most have simply
set off on a journey from their home port to a
distant destination. They plotted a course which
would get them there safely in a reasonable time
and then set sail. The risks were high, but the
rewards were even higher. If the final destination
was too far they plotted a series of smaller journeys
with stops at points along the way allowing them
to get to their destination in steps. The course
would often take them far from the sight of land,
so each day they would need to check if they were
still on course. In the beginning they used the stars,
then the compass, the sextant, radio beacons and
now global positioning satellites. The technology
has changed radically but the goal is still the same:
determine where you are right now and if the
winds or the currents have moved you off course
you must make adjustments in order to reach
your destination. Continual service improvement
is your journey. Your destination is your vision
of a near-perfect future state. The vision may be
far off, requiring you to set smaller goals along
the way. You set the course for near perfection
and continually check to see whether you are
still on course. Continually making the necessary
adjustments on your journey will enable you to
reach your destination. Good sailing!

CSI_Append_A.indd 1
Appendix A:
Related guidance A
09/07/2011 10:20
CSI_Append_A.indd 2 09/07/2011 10:20
| 175
Appendix A: Related guidance
This is a common appendix across the ITIL core The full ITIL glossary, in English and other
publications. It includes frameworks, best practices, languages, can be accessed through the ITIL official
standards, models and quality systems that site at:
complement and have synergy with the ITIL service
www.itil-officialsite.com/InternationalActivities/
lifecycle.
ITILGlossaries.aspx
Section 2.1.7 describes the role of best practices
The range of translated glossaries is always
in the public domain and references some of the
growing, so check this website for the most up-to-
publications in this appendix. Each core publication
date list.
references this appendix where relevant.
Details of derived and complementary publications
Related guidance may also be referenced within
can be found in the publications library of the Best
a single ITIL core publication where the topic is
Management Practice website at:
specific to that publication.
www.best-management-practice.com/Publications-
Library/IT-Service-Management-ITIL/
A.1 ITIL GUIDANCE AND WEB SERVICES
ITIL is part of the Best Management Practice (BMP)
A.2 QUALITY MANAGEMENT SYSTEM
portfolio of best-practice guidance (see section
1.3). BMP products present flexible, practical Quality management focuses on product/service
and effective guidance, drawn from a range of quality as well as the quality assurance and control
the most successful global business experiences. of processes to achieve consistent quality. Total
Distilled to its essential elements, the guidance Quality Management (TQM) is a methodology
can then be applied to every type of business and for managing continual improvement by using a
organization. quality management system. TQM establishes a
culture involving all people in the organization in a
The BMP website (www.best-management-practice.
process of continual monitoring and improvement.
com) includes news, reviews, case studies and white
papers on ITIL and all other BMP best-practice ISO 9000:2005 describes the fundamentals of
guidance. quality management systems that are applicable to
all organizations which need to demonstrate their
The ITIL official website (www.itil-officialsite.com)
ability to consistently provide products that meet
contains reliable, up-to-date information on ITIL
customer and applicable statutory and regulatory
including information on accreditation and the ITIL
requirements. ISO 9001:2008 specifies generic
software scheme for the endorsement of ITIL-based
requirements for a quality management system.
tools.
Many process-based quality management systems
Details of the core publications are as follows:
use the methodology known as Plan-Do-Check-
n Cabinet Office (2011). ITIL Service Strategy. TSO, Act (PDCA), often referred to as the Deming
London. Cycle, or Shewhart Cycle, that can be applied to all
n Cabinet Office (2011). ITIL Service Design. TSO, processes. PDCA can be summarized as:
London. n Plan Establish the objectives and processes
n Cabinet Office (2011). ITIL Service Transition. necessary to deliver results in accordance with
TSO, London. customer requirements and the organization's
n Cabinet Office (2011). ITIL Service Operation. policies.
TSO, London. n Do Implement the processes.
n Cabinet Office (2011). ITIL Continual Service n Check Monitor and measure processes
Improvement. TSO, London. and product against policies, objectives and
CSI_Append_A.indd 3 09/07/2011 10:20

176 | Appendix A: Related guidance
requirements for the product and report the A.4 GOVERNANCE OF IT

results.
Corporate governance refers to the rules,
n Act Take actions to continually improve
policies, processes (and in some cases, laws)
process performance.
by which businesses are operated, regulated
There are distinct advantages of tying an and controlled. These are often defined by the
organizations ITSM processes, and service board or shareholders, or the constitution of the
operation processes in particular, to its quality organization; but they can also be defined by
management system. If an organization has a legislation, regulation or consumer groups.
formal quality management system that complies ISO 9004 (Managing for the sustained success of an
with ISO 9001, then this can be used to assess organization a quality management approach)
progress regularly and drive forward agreed service provides guidance on governance for the board
improvement initiatives through regular reviews and executive of an organization.
and reporting.
The standard for corporate governance of IT is
Visit www.iso.org for information on ISO standards. ISO/IEC 38500. The purpose of this standard is to
See www.deming.org for more information on the promote effective, efficient and acceptable use of
W. Edwards Deming Institute and the Deming Cycle IT in all organizations by:
for process improvement. n Assuring stakeholders (including consumers,
shareholders and employees) that, if the
A.3 RISK MANAGEMENT standard is followed, they can have confidence
in the organizations corporate governance of IT
A number of different methodologies, standards
n Informing and guiding directors in governing
and frameworks have been developed for the
the use of IT in their organization
assessment and management of risk. Some focus
more on generic techniques widely applicable n Providing a basis for objective evaluation of the
to different levels and needs, while others are corporate governance of IT.
specifically concerned with risk management Typical examples of regulations that impact IT
relating to important assets used by the include: financial, safety, data protection, privacy,
organization in the pursuit of its objectives. Each software asset management, environment
organization should determine the approach to management and carbon emission targets.
risk management that is best suited to its needs
Further details are available at www.iso.org
and circumstances. It is possible that the approach
adopted will leverage the ideas reflected in more ITIL Service Strategy references the concepts of ISO/
than one of the recognized standards and/or IEC 38500 and how the concepts can be applied.
frameworks.
Appendix C gives more information on risk A.5 COBIT
management. See also: The Control OBjectives for Information and related
n Office of Government Commerce (2010). Technology (COBIT) is a governance and control
Management of Risk: Guidance for Practitioners. framework for IT management created by ISACA
TSO, London. and the IT Governance Institute (ITGI).
n ISO 31000:2009 Risk management principles COBIT is based on the analysis and harmonization
and guidelines. of existing IT standards and good practices and
n ISO/IEC 27001: 2005 Information technology conforms to generally accepted governance
security techniques information security principles. It covers five key governance focus
management systems requirements. areas: strategic alignment, value delivery, resource
n ISACA (2009). The Risk IT Framework (based on management, risk management and performance
COBIT, see section A.5). management. COBIT is primarily aimed at internal
and external stakeholders within an enterprise
who wish to generate value from IT investments;
those who provide IT services; and those who have
a control/risk responsibility.
CSI_Append_A.indd 4 09/07/2011 10:20

Appendix A: Related guidance | 177
COBIT and ITIL are not competitive, nor are they n ISO/IEC 20000-2:2005 Information technology
mutually exclusive on the contrary, they can be Service management Part 2: Code of practice
used in conjunction as part of an organizations (being updated to include guidance on the
overall governance and management framework. application of service management systems and
COBIT is positioned at a high level, is driven by to support ISO/IEC 20000-1:2011)
business requirements, covers the full range of n ISO/IEC 20000-3:2005 Information technology
IT activities, and concentrates on what should be Service management Part 3: Scope and
achieved rather than how to achieve effective applicability
governance, management and control. ITIL n ISO/IEC TR 20000-4 Information technology
provides an organization with best-practice Service management Part 4: Process reference
guidance on how to manage and improve its model
processes to deliver high-quality, cost-effective IT n ISO/IEC TR 20000-5:2010 Information
services. The following COBIT guidance supports technology Service management Part 5:
strategy management and continual service Exemplar implementation plan for ISO/IEC
improvement (CSI): 20000-1.
n COBIT maturity models can be used to
A closely related publication that is under
benchmark and drive improvement.
development is ISO/IEC TR 15504-8 Process
n Goals and metrics can be aligned to the assessment model for IT service management.
business goals for IT and used to create an IT
management dashboard. Further details can be found at www.iso.org or
n The COBIT monitor and evaluate (ME) process www.isoiec20000certification.com
domain defines the processes needed to Organizations using ISO/IEC 20000-1: 2005 for
assess current IT performance, IT controls and certification audits will transfer to the new edition,
regulatory compliance. ISO/IEC 20000-1: 2011.
Further details are available at www.isaca.org and ITIL guidance supports organizations that are
www.itgi.org implementing service management practices to
achieve the requirements of ISO/IEC 20000-1: 2005
and the new edition ISO/IEC 20000-1: 2011.
A.6 ISO/IEC 20000 SERVICE
MANAGEMENT SERIES Other references include:
ISO/IEC 20000 is an internationally recognized n Dugmore, J. and Lacy, S. (2011). Introduction to

standard for ITSM covering service providers who ISO/IEC 20000 Series: IT Service Management.
manage and deliver IT-enabled services to internal British Standards Institution, London.
or external customers. ISO/IEC 20000-1 is aligned n Dugmore, J. and Lacy, S. (2011). BIP 0005: A
with other ISO management systems standards Managers Guide to Service Management (6th
such as ISO 9001 and ISO/IEC 27001. edition). British Standards Institution, London.
One of the most common routes for an
organization to achieve the requirements of ISO/ A.7 ENVIRONMENTAL MANAGEMENT
IEC 20000 is by adopting ITIL best practices. ISO/IEC AND GREEN/SUSTAINABLE IT
20000-1 is based on a service management system The transition to a low-carbon economy is a global
(SMS). The SMS is defined as a management system challenge. Many governments have set targets
to direct and control the service management to reduce carbon emissions or achieve carbon
activities of the service provider. ISO/IEC 20000 neutrality. IT is an enabler for environmental
includes: and cultural change that will help governments
n ISO/IEC 20000-1:2005 Information technology to achieve their targets for example, through
Service management Part 1: Specification enabling tele- and video-conferencing, and remote
n ISO/IEC 20000-1:2011 Information technology and home working. However, IT is also a major user
Service management Part 1: Requirements for of energy and natural resources. Green IT refers
a service management system (the most recent to environmentally sustainable computing where
edition of the ISO/IEC 20000 standard) the use and disposal of computers and printers are
CSI_Append_A.indd 5 09/07/2011 10:20

carried out in sustainable ways that do not have a the engineering of systems, services and software.
negative impact on the environment. SC7 publications include:
Appendix E in ITIL Service Design includes further n ISO/IEC 20000 Information technology service
information on environmental architectures and management (see section A.6)
standards. Appendix E in ITIL Service Operation n ISO/IEC 19770-1 Information technology
also provides useful considerations for facilities software asset management processes. ISO/
management, including environmental aspects. IEC 19770-2:2009 establishes specifications for
tagging software to optimize its identification
The ISO 14001 series of standards for an
and management
environment management system is designed to
assure internal and external stakeholders that the n ISO/IEC 15288 Systems and software engineering
organization is an environmentally responsible systems life cycle processes. The processes
organization. It enables an organization of any size can be used as a basis for establishing business
or type to: environments e.g. methods, procedures,
techniques, tools and trained personnel
n Identify and control the environmental impact n ISO/IEC 12207 Systems and software engineering
of its activities, products or services software life cycle processes
n Improve its environmental performance n ISO/IEC 15504 Process assessment series. Also
continually known as SPICE (software process improvement
n Implement a systematic approach to setting and and capability determination), it aims to ensure
achieving environmental objectives and targets, consistency and repeatability of the assessment
and then demonstrating that they have been ratings with evidence to substantiate the
achieved. ratings. The series includes exemplar process
Further details are available at www.iso.org assessment models (PAM), related to one
or more conformant or compliant process
reference model (PRM). ISO/IEC 15504-8 is
A.8 ISO STANDARDS AND PUBLICATIONS an exemplar process assessment model for IT
FOR IT service management that is under development
ISO 9241 is a series of standards and guidance on n ISO/IEC 25000 series provides guidance for
the ergonomics of human system interaction that the use of standards named Software product
cover people working with computers. It covers Quality Requirements and Evaluation (SQuaRE)
aspects that impact the utility of a service (whether n ISO/IEC 42010 Systems and software engineering
it is fit for purpose) such as: recommended practice for architectural
description of software-intensive systems.
n ISO 9241-11:1999 Guidance on usability
n ISO 9241-210:2010 Human-centred design for SC7 is working on the harmonization of standards
interactive systems in the service management, software and IT
n ISO 9241-151:2008 Guidance on world wide web systems domains. Further details are available at
user interfaces. www.iso.org
ISO/IEC JTC1 is Joint Technical Committee 1 of ISO

and the International Electrotechnical Commission A.9 ITIL AND THE OSI FRAMEWORK
(IEC). It deals with information technology At around the time that ITIL V1 was being written,
standards and other publications. the International Standards Organization launched
SC27 is a subcommittee under ISO/IEC JTC1 that an initiative that resulted in the Open Systems
develops ISO/IEC 27000, the information security Interconnection (OSI) framework. Since this
management system (ISMS) family of standards. For initiative covered many of the same areas as ITIL
further details, Appendix C includes information on V1, it is not surprising that there was considerable
ISO/IEC 27001. SC7 is a subcommittee under ISO/IEC overlap.
JTC1 that covers the standardization of processes, However, it is also not surprising that they
supporting tools and supporting technologies for classified their processes differently, used different
terminology, or used the same terminology in
CSI_Append_A.indd 6 09/07/2011 10:20

different ways. To confuse matters even more, it is structured project approach, but many will, due
common for different groups in an organization to the sheer scope and scale of the improvement.
to use terminology from both ITIL and the OSI Project management is discussed in more detail in
framework. ITIL Service Transition.
The OSI framework made significant contributions Visit www.msp-officialsite.com for more
to the definition and execution of ITSM information on MSP.
programmes and projects around the world. It
Visit www.p3o-officialsite.com for more
has also caused a great deal of debate between
information on P3O.
teams that do not realize the origins of the
terminology that they are using. For example, Visit www.prince-officialsite.com for more
some organizations have two change management information on PRINCE2.
departments one following the ITIL change Visit www.pmi.org for more information on PMI
management process and the other using the and PMBOK.
OSI installation, moves, additions and changes
(IMAC) model. Each department is convinced See also the following publications:
that it is completely different from the other, n Cleland, David I. and Ireland, Lewis R. (2006).
and that it is performing a different role. Closer Project Management: Strategic Design and
examination will reveal that there are several areas Implementation (5th edition). McGraw-Hill
of commonality. Professional.
In service operation, the management of known n Haugan, Gregory T. (2006). Project Management
errors may be mapped to fault management. There Fundamentals. Management Concepts.
is also a section related to operational capacity n Office of Government Commerce (2009).
management, which can be related to the OSI Managing Successful Projects with PRINCE2.
concept of performance management. TSO, London.
Information on the set of ISO standards for the OSI n Cabinet Office (2011). Managing Successful
framework is available at: www.iso.org Programmes. TSO, London.
n Office of Government Commerce (2008).
Portfolio, Programme and Project Offices. TSO,
A.10 PROGRAMME AND PROJECT London.
MANAGEMENT n The Project Management Institute (2008).
Large, complex deliveries are often broken down A Guide to the Project Management Body
into manageable, interrelated projects. For those of Knowledge (PMBOK Guide) (4th edition).
managing this overall delivery, the principles of Project Management Institute.
programme management are key to delivering on
time and within budget. Best management practice A.11 ORGANIZATIONAL CHANGE
in this area is found in Managing Successful
Programmes (MSP). There is a wide range of publications that cover
organizational change including the related
Guidance on effective portfolio, programme guidance for programme and project management
and project management is brought together referred to in the previous section.
in Portfolio, Programme and Project Offices
(P3O), which is aimed at helping organizations Chapter 5 in ITIL Service Transition covers aspects
to establish and maintain appropriate business of organizational change elements that are an
support structures with proven roles and essential part of, or a strong contributor towards,
responsibilities. service transition. ITIL Service Transition and ITIL
Continual Service Improvement (this volume) refer
Structured project management methods, such to Kotters eight steps for organizational change.
as PRINCE2 (PRojects IN Controlled Environments)
or the Project Management Body of Knowledge Visit www.johnkotter.com for more information.
(PMBOK) developed by the Project Management See also the following publications:
Institute (PMI), can be used when improving n Kotter, John P. (1996). Leading Change. Harvard
IT services. Not all improvements will require a Business School Press.
CSI_Append_A.indd 7 09/07/2011 10:20

n Kotter, John P. (1999) What Leaders Really Do. process improvement goals and priorities, provides
Harvard Business School Press. guidance for quality processes, and suggests a
n Kotter, J. P. (2000). Leading change: why point of reference for appraising current processes.
transformation efforts fail. Harvard Business There are several CMMI models covering different
Review JanuaryFebruary. domains of application.
n Kotter, John P. and Cohen, Dan S. (2002) The The eSourcing Capability Model for Service
Heart of Change: Real-Life Stories of How Providers (eSCM-SP) is a framework developed
People Change their Organizations. Harvard by ITSqc at Carnegie Mellon to improve the
Business School Press. relationship between IT service providers and their
n Kotter, J. P. and Schlesinger, L. C. (1979). customers.
Choosing strategies for change. Harvard
Organizations can be assessed against CMMI
Business Review Vol. 57, No. 2, p.106.
models using SCAMPI (Standard CMMI Appraisal
n Kotter, John P., Rathgeber, Holger, Mueller, Method for Process Improvement).
Peter and Johnson, Spenser (2006). Our Iceberg
Is Melting: Changing and Succeeding Under Any For more information, see www.sei.cmu.edu/cmmi/
Conditions. St. Martins Press.
A.14 BALANCED SCORECARD
A.12 SKILLS FRAMEWORK FOR THE A new approach to strategic management was
INFORMATION AGE developed in the early 1990s by Drs Robert Kaplan
(Harvard Business School) and David Norton.
The Skills Framework for the Information Age
They named this system the balanced scorecard.
(SFIA) enables employers of IT professionals to carry
Recognizing some of the weaknesses and
out a range of human resource activities against
vagueness of previous management approaches,
a common framework including a skills audit,
the balanced scorecard approach provides a clear
planning future skill requirements, development
prescription as to what companies should measure
programmes, standardization of job titles and
in order to balance the financial perspective. The
functions, and resource allocation.
balanced scorecard suggests that the organization
SFIA provides a standardized view of the wide be viewed from four perspectives, and it is valuable
range of professional skills needed by people to develop metrics, collect data and analyse the
working in IT. SFIA is constructed as a simple two- organization relative to each of these perspectives:
dimensional matrix consisting of areas of work on
n The learning and growth perspective
one axis and levels of responsibility on the other.
It uses a common language and a sensible, logical n The business process perspective
structure that can be adapted to the training n The customer perspective
and development needs of a very wide range of n The financial perspective.
businesses. Some organizations may choose to use the
Visit www.sfia.org.uk for further details. balanced scorecard method as a way of assessing
and reporting their IT quality performance in
general and their service operation performance in
A.13 CARNEGIE MELLON: CMMI AND
particular.
ESCM FRAMEWORK
Further details are available through the
The Capability Maturity Model Integration (CMMI) balanced scorecard user community at
is a process improvement approach developed www.scorecardsupport.com
by the Software Engineering Institute (SEI) of
Carnegie Mellon University. CMMI provides
organizations with the essential elements of A.15 SIX SIGMA
effective processes. It can be used to guide Six Sigma is a data-driven process improvement
process improvement across a project, a division approach that supports continual improvement. It
or an entire organization. CMMI helps integrate is business-output-driven in relation to customer
traditionally separate organizational functions, sets specification. The objective is to implement a
CSI_Append_A.indd 8 09/07/2011 10:20

measurement-oriented strategy focused on process

improvement and defects reduction. A Six Sigma
defect is defined as anything outside customer
specifications.
Six Sigma focuses on dramatically reducing
process variation using statistical process control
(SPC) measures. The fundamental objective is to
reduce errors to fewer than 3.4 defects per million
executions (regardless of the process). Service
providers must determine whether it is reasonable
to expect delivery at a Six Sigma level given the
wide variation in IT deliverables, roles and tasks
within IT operational environments.
There are two primary sub-methodologies
within Six Sigma: DMAIC (Define, Measure,
Analyse, Improve, Control) and DMADV (Define,
Measure, Analyse, Design, Verify). DMAIC is an
improvement method for existing processes for
which performance does not meet expectations, or
for which incremental improvements are desired.
DMADV focuses on the creation of new processes.
For more information, see:
n George, Michael L. (2003). Lean Six Sigma for
Service: How to Use Lean Speed and Six Sigma
Quality to Improve Services and Transactions.
McGraw-Hill.
n Pande, Pete and Holpp, Larry (2001) What Is Six
Sigma? McGraw-Hill.
n Pande, Peter S., Neuman, Robert P. and
Cavanagh, Roland R. (2000). The Six Sigma Way:
How GE, Motorola, and Other Top Companies
are Honing their Performance. McGraw-Hill.
CSI_Append_A.indd 9 09/07/2011 10:20

CSI_Append_A.indd 10 09/07/2011 10:20
B
Appendix B:
Example of a continual
service improvement
register
CSI_Append_B.indd 1 09/07/2011 10:20

CSI_Append_B.indd 2 09/07/2011 10:20

Opportunity Date raised Size Timescale Description Priority KPI metric Justification Raised by To be Date required
CSI_Append_B.indd 3
no. (small, (short, (urgent, 1, actioned by by
medium, medium, 2, 3)
large) long)
1 01/04/2011 Small Short A number of failures Urgent n% reduction in Significant A. Other J. Doe 14/4/2011
have occurred when failures reduction in
implementing updated failures after
or new applications. transition and
This has been caused by resulting business
the testing procedure in impact
release and deployment
using out-of-date test
data. The requirement is
to update the test data
in repository test 4371
2 01/05/2011 Medium Long Event management: the 2 n% reduction in Will help reduce N. More J. Smith 01/07/2011
number of alerts from spurious events the amount of
the ABC 479 module analysis time and
of the payroll suite is avoid potential
still excessive causing oversight of
unnecessary analysis significant events
time. Additional filtering
required
3 01/06/2011 Medium Long Training issue: Service 3 n% improvement All queries to the B. Floor F. Less 01/09/2011
desk staff would benefit in relevant service desk on
from additional training staff trained in this application
in the use of the human the HR joiners currently have to
resources (HR) joiners and leavers be escalated to
and leavers application application the application
management team.
With some basic
training a number
of these could be
dealt with by first
line support
4 01/07/2011 Large Medium Change management 3 Alignment to Redesign of J. Jones B. Car 10/10/2011
process: having multiple single channel the change
authorization channels management
has caused issues with process will
some users because of reduce confusion
uncoordinated changes and impact to
stakeholders
| 185
09/07/2011 10:20
CSI_Append_B.indd 4 09/07/2011 10:20
CSI_Append_C.indd 1
and management C
Appendix C:
Risk assessment
09/07/2011 10:21
CSI_Append_C.indd 2 09/07/2011 10:21
| 189
Appendix C: Risk assessment and

management
This appendix contains basic information about to risk management that is best suited to its needs
several broadly known and used approaches to and circumstances, and it is possible that the
the assessment and management of risk. It is not approach adopted will leverage the ideas reflected
intended to be a comprehensive study of the in more than one of the recognized standards and/
subject, but rather to provide an awareness of or frameworks.
some of the methods in use.
In this appendix the following approaches to
managing risks are briefly explained:
C.1 DEFINITION OF RISK AND RISK n Management of Risk (M_o_R)
MANAGEMENT n ISO 31000
Risk may be defined as uncertainty of outcome, n ISO/IEC 27001
whether a positive opportunity or negative threat. n Risk IT.
It is the fact that there is uncertainty that creates
the need for attention and formal management of C.2 MANAGEMENT OF RISK (M_o_R)
risk. After all, if an organization were absolutely
certain that a negative threat would materialize, Management of Risk (M_o_R) is intended to help
there would be little difficulty in determining organizations put in place an effective framework
an appropriate course of action. Likewise, if an for risk management. This will help them take
organization could be guaranteed that the positive informed decisions about the risks that affect their
opportunity would be realized, then its path would strategic, programme, project and operational
be clear. Managing risks requires the identification objectives.
and control of the exposure to those risks which M_o_R provides a route map of risk management,
may have an impact on the achievement of an bringing together principles, an approach, a
organizations business objectives. process with a set of interrelated steps and
Every organization manages its risk, but not always pointers to more detailed sources of advice on risk
in a way that is visible, repeatable and consistently management techniques and specialisms. It also
applied to support decision-making. The purpose provides advice on how these principles, approach
of formal risk management is to enable better and process should be embedded, reviewed and
decision-making based on a sound understanding applied differently depending on the nature of the
of risks and their likely impact on the achievement objectives at risk.
of objectives. An organization can gain this The M_o_R framework is illustrated in Figure C.1.
understanding by ensuring that it makes cost-
The M_o_R framework is based on four core
effective use of a risk framework that has a series
concepts:
of well-defined steps. Decision-making should
include determining any appropriate actions to n M_o_R principles Principles are essential for
take to manage the risks to a level deemed to be the development and maintenance of good
acceptable by the organization. risk management practice. They are informed
by corporate governance principles and the
A number of different methodologies, standards
international standard for risk management,
and frameworks have been developed for risk
ISO 31000: 2009. They are high-level and
management. Some focus more on generic
universally applicable statements that provide
techniques widely applicable to different levels and
guidance to organizations as they design an
needs, while others are specifically concerned with
appropriate approach to risk management as
risk management relating to important assets used
part of their internal controls.
by the organization in the pursuit of its objectives.
Each organization should determine the approach
CSI_Append_C.indd 3 09/07/2011 10:21

190 | Appendix C: Risk assessment and management
_R principles
M _o
ed and review
M_o
_R a Emb roac
h
ppr _R app
Risk oach M_o
regi Issue
ster
ster regi
Implement
Identify
Communicate
M_
Ris o_R
k m ap
an pro
Plan str age ach
Assess ate me
gy nt
ach
p pro ent
R a gem
o_ a
M_ man icy
i s k pol
R
Risk management
M_o_R approach
process guide
Figure C.1 The M_o_R framework
n M_o_R approach Principles need to be visibility of risks. For more information on summary
adapted and adopted to suit each individual risk profiles and other M_o_R techniques, see
organization. An organizations approach to Management of Risk: Guidance for Practitioners
the principles needs to be agreed and defined (OGC, 2010).
within a risk management policy, process guide
and strategies. C.3 ISO 31000
n M_o_R process The process is divided into four
main steps: identify, assess, plan and implement. ISO 31000 was published in November 2009 and
Each step describes the inputs, outputs, tasks is the first set of international guidelines for risk
and techniques involved to ensure that the management, intended to be applicable and
overall process is effective. adaptable for any public, private or community
enterprise, association, group or individual. ISO
n Embedding and reviewing M_o_RHaving
31000 is a process-oriented rather than a control-
put in place an approach and process that
oriented approach to risk management, and
satisfy the principles, an organization should
provides guidance on a broader, more conceptual
ensure that they are consistently applied across
basis, rather than specifying all aspects of an
the organization and that their application
organizations risk assessment and management
undergoes continual improvement in order for
approach. For example, ISO 31000 does not
them to be effective.
define how an organization will create risk
There are several common techniques which data or measure risk, nor does it ensure that an
support risk management, including a summary organization will include a review of all risk areas
risk profile. A summary risk profile is a graphical relevant to the achievement of their objectives.
representation of information normally found in ISO 31000 was published as a standard without
an existing risk register, and helps to increase the certification.
CSI_Append_C.indd 4 09/07/2011 10:21

Appendix C: Risk assessment and management | 191
This consists of three steps: risk identification, risk

analysis and risk evaluation. The risk identification
step is intended to create a comprehensive list
Establish the context of risks based on those events that might create,
enhance, prevent, degrade, accelerate or delay the
Risk assessment achievement of the organizations objectives. Risk
Communication and consultation
analysis involves developing a full understanding
Monitoring and review

of the risks as an input to risk evaluation and the
Risk identification
decisions regarding the plan for treating the risks.
Risk evaluation is to make decisions about which
risks require treatment and the relative priorities
Risk analysis amongst them.
Risk treatment involves the modification of risks
Risk evaluation
using one or more approaches. These approaches
are not necessarily mutually exclusive and may
include:
Risk treatment n Avoiding the risk by deciding not to start or
continue with the activity that gives rise to the
Process
risk
n Taking or increasing the risk in order to pursue
Figure C.2 ISO 31000 risk management process an opportunity
flow n Removing the risk source
n Changing the likelihood
ISO 31000 defines risk as the effect of uncertainty n Changing the consequences
on objectives. Risk management should be n Sharing the risk with another party or parties
performed within a framework that provides the (including contracts and risk financing)
foundations and provisions which will embed the n Retaining the risk by informed decision.
management of risk throughout all levels of the
organization. ISO 31000 identifies the necessary The approach described in ISO 31000 provides
components of such a framework as: broad scope for each organization to adopt the
high-level principles and adapt them to their
n Mandate and commitment specific needs and circumstances.
n Design of framework for managing risk
n Understanding the organization and its context
C.4 ISO/IEC 27001
n Establishing risk management policy
n Accountability ISO/IEC 27001 was published in October 2005 and is
an information security management system (ISMS)
n Integration into organizational processes
standard which formally specifies a management
n Resources
system that is intended to bring information
n Establishing internal communication and security under explicit management control.
reporting mechanisms While ISO/IEC 27001 is a security standard, not a
n Establishing external communication and risk management standard, it mandates specific
reporting mechanisms requirements for security, including requirements
n Implementing risk management relating to risk management. The risk management
n Monitoring and review of the framework methods described in this context may be applied
n Continual improvement of the framework. to general risk management activities as well.
Within this context the risk management process is ISO/IEC 27001 requires that management:
seen at a high level in Figure C.2. n Systematically examines the organization's
Once the framework has been established and the information security risks, taking account of the
context understood, risk assessment is undertaken. threats, vulnerabilities and impacts
CSI_Append_C.indd 5 09/07/2011 10:21

192 | Appendix C: Risk assessment and management
n Designs and implements a coherent and Knowingly and objectively accepting

comprehensive suite of information security risks, providing they clearly satisfy the
controls and/or other forms of risk treatment organizations policies and the criteria for
(such as risk avoidance or risk transfer) accepting risks
to address those risks that are deemed Avoiding risks
unacceptable Transferring the associated business risks to
n Adopts an overarching management process to other parties, e.g. insurers, suppliers
ensure that the information security controls n Select control objectives and controls for the
continue to meet the organizations information treatment of risks
security needs on an ongoing basis. n Obtain management approval of the proposed
residual risks
The key risk management-related steps described
in ISO/IEC 27001 include: n Obtain management authorization to
implement and operate the ISMS.
n Define the risk assessment approach of the
organization During the implementation and operation of
n Identify a risk assessment methodology that is the ISMS, a plan for risk treatment is formulated
suited to the ISMS, and the identified business (identifying the appropriate management
information security, legal and regulatory action, resources, responsibilities and priorities
requirements for managing information security risks) and
implemented. ISO/IEC 27001 also calls for the
n Develop criteria for accepting risks and identify
ongoing monitoring and reviewing of the risks and
acceptable levels of risk
risk treatment and the formal maintenance of the
n Identify the risks
ISMS to ensure that the organizations goals are
n Identify the assets within the scope of the ISMS,
met.
and the owners of these assets
n Identify the threats to these assets This approach is focused specifically on the assets
involved in organizational information security,
n Identify the vulnerabilities that might be
but the general principles can be applied to overall
exploited by the threats
service provision.
n Identify the impact that losses of confidentiality,
integrity and availability may have on these
assets C.5 RISK IT
n Analyse and evaluate the risks Risk IT is part of the IT governance product
n Assess the business impacts on the organization portfolio of ISACA that provides a framework for
that might result from security failures, taking effective governance and management of IT risk,
into account the consequences of a loss of based on a set of guiding principles. Risk IT is about
confidentiality, integrity or availability of the IT risk, including business risk related to the use of
assets IT. The publications in which Risk IT is documented
n Assess the realistic likelihood of security failures include The Risk IT Framework (ISACA, 2009)
occurring in the light of prevailing threats and The Risk IT Practitioner Guide (ISACA, 2009)
and vulnerabilities, and impacts associated (available from www.isaca.org).
with these assets, and the controls currently
The key principles in Risk IT are that effective
implemented
enterprise governance and management of IT risk:
n Estimate the levels of risk
n Determine whether the risks are acceptable n Always connect to the business objectives
or require treatment using the previously n Align the management of IT-related business
established criteria for accepting risks risk with overall enterprise risk management
n Identify and evaluate options for the treatment n Balance the costs and benefits of managing IT
of risks. Possible actions may include: risk
Applying appropriate controls n Promote fair and open communication of IT risk
CSI_Append_C.indd 6 09/07/2011 10:21

Appendix C: Risk assessment and management | 193
n Establish the right tone from the top while Risk governance
defining and enforcing personal accountability
Integrate
for operating within acceptable and well- with
enterprise risk
defined tolerance levels management
n Are continuous processes and part of daily Establish Make

and maintain risk-aware
activities. a common
risk view
business
decisions
The framework provides for three domains, each

containing three processes, as shown in Figure C.3.
The Risk IT Framework describes the key activities
of each process, the responsibilities for the process,
Business
information flows between the processes and the objectives
performance management of each process.
Manage Analyse
Risk governance ensures that IT risk management risk risk
practices are embedded in the enterprise, Communication Maintain

Articulate React to Collect risk
enabling it to secure optimal risk-adjusted return. risk events data profile
Risk evaluation ensures that IT-related risks
Risk response Risk evaluation
and opportunities are identified, analysed and
presented in business terms. Risk response ensures
that IT-related risk issues, opportunities and events Figure C.3 ISACA Risk IT process framework
are addressed in a cost-effective manner and in line
with business priorities.
CSI_Append_C.indd 7 09/07/2011 10:21

CSI_Append_C.indd 8 09/07/2011 10:21
D
Appendix D:
Examples of inputs
and outputs across
the service lifecycle
CSI_Append_D.indd 1 09/07/2011 10:21

CSI_Append_D.indd 2 09/07/2011 10:21
| 197
Appendix D: Examples of inputs and

outputs across the service lifecycle
This appendix identifies some of the major inputs designed to help understand how the different
and outputs between each stage of the service lifecycle stages interact. See Table 3.1 for more
lifecycle. This is not an exhaustive list and is detail on the inputs and outputs of the CSI stage.
Lifecycle stage Examples of inputs from other service Examples of outputs to other service lifecycle
lifecycle stages stages
Service strategy Information and feedback for business cases Vision and mission
and service portfolio Strategies, strategic plans and policies
Requirements for strategies and plans Financial information and budgets
Inputs and feedback on strategies and policies Service portfolio
Financial reports, service reports, dashboards, Change proposals
and outputs of service review meetings Service charters including service packages, service
Response to change proposals models, and details of utility and warranty
Service portfolio updates including the service Patterns of business activity and demand forecasts
catalogue Updated knowledge and information in the SKMS
Change schedule Achievements against metrics, KPIs and CSFs
Knowledge and information in the service Feedback to other lifecycle stages
knowledge management system (SKMS) Improvement opportunities logged in the CSI
register
Service design Vision and mission Service portfolio updates including the service
Strategies, strategic plans and policies catalogue
Financial information and budgets Service design packages, including:
Service portfolio n Details of utility and warranty
Service charters including service packages, n Acceptance criteria
service models, and details of utility and n Updated service models
warranty
n Designs and interface specifications
Feedback on all aspects of service design and
n Transition plans
service design packages
n Operation plans and procedures
Requests for change (RFCs) for designing
changes and improvements Information security policies
Input to design requirements from other Designs for new or changed services, management
lifecycle stages information systems and tools, technology
architectures, processes, measurement methods and
Service reports, dashboards, and outputs of
metrics
service review meetings
SLAs, OLAs and underpinning contracts
RFCs to transition or deploy new or changed services
Financial reports
Updated knowledge and information in the SKMS
Feedback to other lifecycle stages
register
CSI_Append_D.indd 3 09/07/2011 10:21

198 | Appendix D: Examples of inputs and outputs across the service lifecycle
Lifecycle stage Examples of inputs from other service Examples of outputs to other service lifecycle
lifecycle stages stages
Service transition Vision and mission New or changed services, management information
Strategies, strategic plans and policies systems and tools, technology architectures,
Financial information and budgets processes, measurement methods and metrics
Service portfolio Responses to change proposals and RFCs
Change proposals, including utility and Change schedule
warranty requirements and expected Known errors
timescales Standard changes for use in request fulfilment
RFCs for implementing changes and Knowledge and information in the SKMS (including
improvements the configuration management system)
Service design packages, including: Financial reports
n Details of utility and warranty Updated knowledge and information in the SKMS
n Acceptance criteria Achievements against metrics, KPIs and CSFs
n Service models Feedback to other lifecycle stages
n Designs and interface specifications Improvement opportunities logged in the CSI
register
n Transition plans
n Operation plans and procedures
Input to change evaluation and change
advisory board (CAB) meetings
Service operation Vision and mission Achievement of agreed service levels to deliver value
Strategies, strategic plans and policies to the business
Financial information and budgets Operational requirements
Service portfolio Operational performance data and service records
Service reports, dashboards, and outputs of RFCs to resolve operational issues
service review meetings Financial reports
Service design packages, including: Updated knowledge and information in the SKMS
n Details of utility and warranty Achievements against metrics, KPIs and CSFs
n Operations plans and procedures Feedback to other lifecycle stages
n Recovery procedures Improvement opportunities logged in the CSI
Service level agreements (SLAs), operational register
level agreements (OLAs) and underpinning
contracts
Known errors
Standard changes for use in request fulfilment
Information security policies
Change schedule
Patterns of business activity and demand
forecasts
Continual service Vision and mission RFCs for implementing improvements across all
improvement Strategies, strategic plans and policies lifecycle stages
Financial information and budgets Business cases for significant improvements
Service portfolio Updated CSI register
Achievements against metrics, key Service improvement plans
performance indicators (KPIs) and critical Results of customer and user satisfaction surveys
success factors (CSFs) from each lifecycle stage Service reports, dashboards, and outputs of service
Operational performance data and service review meetings
records Financial reports
Improvement opportunities logged in the CSI Updated knowledge and information in the SKMS
register Achievements against metrics, KPIs and CSFs
Knowledge and information in the SKMS Feedback to other lifecycle stages
CSI_Append_D.indd 4 09/07/2011 10:21

Abbreviations and
glossary
CSI_Abbreviations_glossary.indd 1 09/07/2011 10:23

| 201
Abbreviations
ACD automatic call distribution eSCM-CL eSourcing Capability Model for Client
Organizations
AM availability management
eSCM-SP eSourcing Capability Model for Service
AMIS availability management information
Providers
system
FTA fault tree analysis
ASP application service provider
IRR internal rate of return
AST agreed service time
ISG IT steering group
BCM business continuity management
ISM information security management
BCP business continuity plan
ISMS information security management
BIA business impact analysis
system
BMP Best Management Practice
ISO International Organization for
BRM business relationship manager Standardization
BSI British Standards Institution ISP internet service provider
CAB change advisory board IT information technology
CAPEX capital expenditure ITSCM IT service continuity management
CCM component capacity management ITSM IT service management
CFIA component failure impact analysis itSMF IT Service Management Forum
CI configuration item IVR interactive voice response
CMDB configuration management database KEDB known error database
CMIS capacity management information KPI key performance indicator
system
LOS line of service
CMM capability maturity model
MIS management information system
CMMI Capability Maturity Model Integration
M_o_R Management of Risk
CMS configuration management system
MTBF mean time between failures
COBIT Control OBjectives for Information and
MTBSI mean time between service incidents
related Technology
MTRS mean time to restore service
COTS commercial off the shelf
MTTR mean time to repair
CSF critical success factor
NPV net present value
CSI continual service improvement
OLA operational level agreement
CTI computer telephony integration
OPEX operational expenditure
DIKW Data-to-Information-to-Knowledge-to-
Wisdom PBA pattern of business activity
DML definitive media library PDCA Plan-Do-Check-Act
ECAB emergency change advisory board PFS prerequisite for success
ELS early life support PIR post-implementation review

202 | Abbreviations and glossary
PMBOK Project Management Body of SLA service level agreement

Knowledge
SLM service level management
PMI Project Management Institute
SLP service level package
PMO project management office
SLR service level requirement
PRINCE2 PRojects IN Controlled Environments
SMART specific, measurable, achievable,
PSO projected service outage relevant and time-bound
QA quality assurance SMIS security management information
system
QMS quality management system
SMO service maintenance objective
RACI responsible, accountable, consulted
and informed SoC separation of concerns
RCA root cause analysis SOP standard operating procedure
RFC request for change SOR statement of requirements
ROA return on assets SOX Sarbanes-Oxley (US law)
ROI return on investment SPI service provider interface
RPO recovery point objective SPM service portfolio management
RTO recovery time objective SPOF single point of failure
SAC service acceptance criteria TCO total cost of ownership
SACM service asset and configuration TCU total cost of utilization
management
TO technical observation
SAM software asset management
TOR terms of reference
SCM service capacity management
TQM total quality management
SCMIS supplier and contract management
UC underpinning contract
information system
UP user profile
SDP service design package
VBF vital business function
SFA service failure analysis
VOI value on investment
SIP service improvement plan
WIP work in progress
SKMS service knowledge management
system

Abbreviations and glossary | 203
Glossary
The core ITIL publications (ITIL Service Strategy, ITIL activity

Service Design, ITIL Service Operation, ITIL Service A set of actions designed to achieve a particular
Transition, ITIL Continual Service Improvement) result. Activities are usually defined as part
referred to in parentheses at the beginning of a of processes or plans, and are documented in
definition indicate where a reader can find more procedures.
information. Terms without such a reference
may either be used generically across all five core agreement
publications, or simply may not be explained in
A document that describes a formal understanding
any greater detail elsewhere in the ITIL series. In
between two or more parties. An agreement is not
other words, readers are only directed to other
legally binding, unless it forms part of a contract.
sources where they can expect to expand on their
See also operational level agreement; service level
knowledge or to see a greater context.
agreement.
acceptance
alert
Formal agreement that an IT service, process, plan
(ITIL Service Operation) A notification that a
or other deliverable is complete, accurate, reliable
threshold has been reached, something has
and meets its specified requirements. Acceptance
changed, or a failure has occurred. Alerts are often
is usually preceded by change evaluation or testing
created and managed by system management
and is often required before proceeding to the
tools and are managed by the event management
next stage of a project or process. See also service
process.
acceptance criteria.
access management analytical modelling

(ITIL Continual Service Improvement) (ITIL Service
(ITIL Service Operation) The process responsible for
Design) (ITIL Service Strategy) A technique that
allowing users to make use of IT services, data or
uses mathematical models to predict the behaviour
other assets. Access management helps to protect
of IT services or other configuration items.
the confidentiality, integrity and availability of
Analytical models are commonly used in capacity
assets by ensuring that only authorized users are
management and availability management. See
able to access or modify them. Access management
also modelling; simulation modelling.
implements the policies of information security
management and is sometimes referred to as rights
management or identity management.
application
Software that provides functions which are
accounting required by an IT service. Each application may be
part of more than one IT service. An application
(ITIL Service Strategy) The process responsible
runs on one or more servers or clients. See also
for identifying the actual costs of delivering IT
application management; application portfolio.
services, comparing these with budgeted costs, and
managing variance from the budget.
application management
accredited (ITIL Service Operation) The function responsible
for managing applications throughout their
Officially authorized to carry out a role. For
lifecycle.
example, an accredited body may be authorized to
provide training or to conduct audits.

application portfolio attribute

(ITIL Service Design) A database or structured (ITIL Service Transition) A piece of information
document used to manage applications throughout about a configuration item. Examples are name,
their lifecycle. The application portfolio contains location, version number and cost. Attributes of
key attributes of all applications. The application CIs are recorded in a configuration management
portfolio is sometimes implemented as part of the database (CMDB) and maintained as part of a
service portfolio, or as part of the configuration configuration management system (CMS). See also
management system. relationship; configuration management system.
application sizing audit

(ITIL Service Design) The activity responsible for Formal inspection and verification to check
understanding the resource requirements needed whether a standard or set of guidelines is being
to support a new application, or a major change followed, that records are accurate, or that
to an existing application. Application sizing helps efficiency and effectiveness targets are being met.
to ensure that the IT service can meet its agreed An audit may be carried out by internal or external
service level targets for capacity and performance. groups. See also assessment; certification.
architecture authority matrix

(ITIL Service Design) The structure of a system or IT See RACI.
service, including the relationships of components
to each other and to the environment they are automatic call distribution (ACD)
in. Architecture also includes the standards and (ITIL Service Operation) Use of information
guidelines that guide the design and evolution of technology to direct an incoming telephone call
the system. to the most appropriate person in the shortest
possible time. ACD is sometimes called automated
assessment call distribution.
Inspection and analysis to check whether a
standard or set of guidelines is being followed, availability
that records are accurate, or that efficiency and (ITIL Service Design) Ability of an IT service or
effectiveness targets are being met. See also audit. other configuration item to perform its agreed
function when required. Availability is determined
asset by reliability, maintainability, serviceability,
(ITIL Service Strategy) Any resource or capability. performance and security. Availability is usually
The assets of a service provider include anything calculated as a percentage. This calculation is often
that could contribute to the delivery of a based on agreed service time and downtime. It is
service. Assets can be one of the following types: best practice to calculate availability of an IT service
management, organization, process, knowledge, using measurements of the business output.
people, information, applications, infrastructure
or financial capital. See also customer asset; service availability management (AM)
asset; strategic asset. (ITIL Service Design) The process responsible
for ensuring that IT services meet the current
asset management and future availability needs of the business in
(ITIL Service Transition) A generic activity or a cost-effective and timely manner. Availability
process responsible for tracking and reporting the management defines, analyses, plans, measures
value and ownership of assets throughout their and improves all aspects of the availability of IT
lifecycle. See also service asset and configuration services, and ensures that all IT infrastructures,
management; fixed asset management; software processes, tools, roles etc. are appropriate for the
asset management. agreed service level targets for availability. See also
availability management information system.

availability management information benchmark

system (AMIS) (ITIL Continual Service Improvement) (ITIL Service
(ITIL Service Design) A set of tools, data and Transition) A baseline that is used to compare
information that is used to support availability related data sets as part of a benchmarking
management. See also service knowledge exercise. For example, a recent snapshot of a
management system. process can be compared to a previous baseline
of that process, or a current baseline can be
availability plan compared to industry data or best practice. See
also benchmarking; baseline.
(ITIL Service Design) A plan to ensure that existing
and future availability requirements for IT services
can be provided cost-effectively. benchmarking
(ITIL Continual Service Improvement) The process
balanced scorecard responsible for comparing a benchmark with
related data sets such as a more recent snapshot,
(ITIL Continual Service Improvement) A
industry data or best practice. The term is also used
management tool developed by Drs Robert
to mean creating a series of benchmarks over time,
Kaplan (Harvard Business School) and David
and comparing the results to measure progress or
Norton. A balanced scorecard enables a strategy
improvement. This process is not described in detail
to be broken down into key performance
within the core ITIL publications.
indicators. Performance against the KPIs is used
to demonstrate how well the strategy is being
achieved. A balanced scorecard has four major Best Management Practice (BMP)
areas, each of which has a small number of KPIs. The Best Management Practice portfolio is owned
The same four areas are considered at different by the Cabinet Office, part of HM Government.
levels of detail throughout the organization. Formerly owned by CCTA and then OGC, the BMP
functions moved to the Cabinet Office in June
baseline 2010. The BMP portfolio includes guidance on IT
service management and project, programme, risk,
portfolio and value management. There is also a
Transition) A snapshot that is used as a reference
management maturity model as well as related
point. Many snapshots may be taken and recorded
glossaries of terms.
over time but only some will be used as baselines.
For example:
best practice
n An ITSM baseline can be used as a starting point
Proven activities or processes that have been
to measure the effect of a service improvement
successfully used by multiple organizations. ITIL is
plan
an example of best practice.
n A performance baseline can be used to measure
changes in performance over the lifetime of an billing
IT service
(ITIL Service Strategy) Part of the charging process.
n A configuration baseline can be used as part of
Billing is the activity responsible for producing an
a back-out plan to enable the IT infrastructure
invoice or a bill and recovering the money from
to be restored to a known configuration if a
customers. See also pricing.
change or release fails.
See also benchmark. British Standards Institution (BSI)

The UK national standards body, responsible for
creating and maintaining British standards. See
www.bsi-global.com for more information. See also
International Organization for Standardization.

budget business continuity management (BCM)

A list of all the money an organization or business (ITIL Service Design) The business process
unit plans to receive, and plans to pay out, over responsible for managing risks that could
a specified period of time. See also budgeting; seriously affect the business. Business continuity
planning. management safeguards the interests of key
stakeholders, reputation, brand and value-creating
budgeting activities. The process involves reducing risks to
The activity of predicting and controlling the an acceptable level and planning for the recovery
spending of money. Budgeting consists of a of business processes should a disruption to the
periodic negotiation cycle to set future budgets business occur. Business continuity management
(usually annual) and the day-to-day monitoring sets the objectives, scope and requirements for IT
and adjusting of current budgets. service continuity management.
build business customer

(ITIL Service Transition) The activity of assembling a (ITIL Service Strategy) A recipient of a product or
number of configuration items to create part of an a service from the business. For example, if the
IT service. The term is also used to refer to a release business is a car manufacturer, then the business
that is authorized for distribution for example, customer is someone who buys a car.
server build or laptop build. See also configuration
baseline. business objective
(ITIL Service Strategy) The objective of a business
business process, or of the business as a whole. Business
(ITIL Service Strategy) An overall corporate entity objectives support the business vision, provide
or organization formed of a number of business guidance for the IT strategy, and are often
units. In the context of ITSM, the term includes supported by IT services.
public sector and not-for-profit organizations, as
well as companies. An IT service provider provides business operations
IT services to a customer within a business. The IT (ITIL Service Strategy) The day-to-day execution,
service provider may be part of the same business monitoring and management of business processes.
as its customer (internal service provider), or part
of another business (external service provider). business perspective
(ITIL Continual Service Improvement) An
business capacity management understanding of the service provider and IT
(ITIL Continual Service Improvement) (ITIL Service services from the point of view of the business, and
Design) In the context of ITSM, business capacity an understanding of the business from the point of
management is the sub-process of capacity view of the service provider.
management responsible for understanding future
business requirements for use in the capacity plan. business process
See also service capacity management; component A process that is owned and carried out by the
capacity management. business. A business process contributes to the
delivery of a product or service to a business
business case customer. For example, a retailer may have a
(ITIL Service Strategy) Justification for a significant purchasing process that helps to deliver services to
item of expenditure. The business case includes its business customers. Many business processes rely
information about costs, benefits, options, issues, on IT services.
risks and possible problems. See also cost benefit
analysis.

business relationship management Capability Maturity Model Integration

(ITIL Service Strategy) The process responsible for (CMMI)
maintaining a positive relationship with customers. (ITIL Continual Service Improvement) A process
Business relationship management identifies improvement approach developed by the Software
customer needs and ensures that the service Engineering Institute (SEI) of Carnegie Mellon
provider is able to meet these needs with an University, US. CMMI provides organizations with
appropriate catalogue of services. This process has the essential elements of effective processes. It
strong links with service level management. can be used to guide process improvement across
a project, a division or an entire organization.
business relationship manager (BRM) CMMI helps integrate traditionally separate
(ITIL Service Strategy) A role responsible for organizational functions, set process improvement
maintaining the relationship with one or more goals and priorities, provide guidance for quality
customers. This role is often combined with the processes, and provide a point of reference for
service level manager role. appraising current processes. See www.sei.cmu.edu/
cmmi for more information. See also maturity.
business service
A service that is delivered to business customers by capacity
business units. For example, delivery of financial (ITIL Service Design) The maximum throughput
services to customers of a bank, or goods to the that a configuration item or IT service can deliver.
customers of a retail store. Successful delivery For some types of CI, capacity may be the size or
of business services often depends on one or volume for example, a disk drive.
more IT services. A business service may consist
almost entirely of an IT service for example, an capacity management
online banking service or an external website (ITIL Continual Service Improvement) (ITIL Service
where product orders can be placed by business Design) The process responsible for ensuring that
customers. See also customer-facing service. the capacity of IT services and the IT infrastructure
is able to meet agreed capacity- and performance-
business service management related requirements in a cost-effective and
The management of business services delivered to timely manner. Capacity management considers
business customers. Business service management is all resources required to deliver an IT service, and
performed by business units. is concerned with meeting both the current and
future capacity and performance needs of the
business unit business. Capacity management includes three sub-
(ITIL Service Strategy) A segment of the business processes: business capacity management, service
that has its own plans, metrics, income and costs. capacity management, and component capacity
Each business unit owns assets and uses these to management. See also capacity management
create value for customers in the form of goods information system.
and services.
capacity management information system
call (CMIS)
(ITIL Service Operation) A telephone call to the (ITIL Service Design) A set of tools, data and
service desk from a user. A call could result in an information that is used to support capacity
incident or a service request being logged. management. See also service knowledge
management system.
capability
(ITIL Service Strategy) The ability of an
organization, person, process, application, IT
service or other configuration item to carry out
an activity. Capabilities are intangible assets of an
organization. See also resource.

capacity plan change advisory board (CAB)

(ITIL Service Design) A plan used to manage the (ITIL Service Transition) A group of people
resources required to deliver IT services. The plan that support the assessment, prioritization,
contains details of current and historic usage of IT authorization and scheduling of changes. A
services and components, and any issues that need change advisory board is usually made up of
to be addressed (including related improvement representatives from: all areas within the IT service
activities). The plan also contains scenarios for provider; the business; and third parties such as
different predictions of business demand and suppliers.
costed options to deliver the agreed service level
targets. change evaluation
(ITIL Service Transition) The process responsible for
capacity planning formal assessment of a new or changed IT service
(ITIL Service Design) The activity within capacity to ensure that risks have been managed and to
management responsible for creating a capacity help determine whether to authorize the change.
plan.
change management
capital cost (ITIL Service Transition) The process responsible for
(ITIL Service Strategy) The cost of purchasing controlling the lifecycle of all changes, enabling
something that will become a financial asset for beneficial changes to be made with minimum
example, computer equipment and buildings. disruption to IT services.
The value of the asset depreciates over multiple
accounting periods. See also operational cost. change model
(ITIL Service Transition) A repeatable way of
capital expenditure (CAPEX) dealing with a particular category of change. A
See capital cost. change model defines specific agreed steps that
will be followed for a change of this category.
category Change models may be very complex with many
A named group of things that have something steps that require authorization (e.g. major
in common. Categories are used to group similar software release) or may be very simple with no
things together. For example, cost types are used requirement for authorization (e.g. password
to group similar types of cost. Incident categories reset). See also change advisory board; standard
are used to group similar types of incident, change.
while CI types are used to group similar types of
configuration item. change proposal
(ITIL Service Strategy) (ITIL Service Transition) A
certification document that includes a high level description
Issuing a certificate to confirm compliance to a of a potential service introduction or significant
standard. Certification includes a formal audit by change, along with a corresponding business
an independent and accredited body. The term is case and an expected implementation schedule.
also used to mean awarding a certificate to provide Change proposals are normally created by the
evidence that a person has achieved a qualification. service portfolio management process and are
passed to change management for authorization.
change Change management will review the potential
impact on other services, on shared resources, and
(ITIL Service Transition) The addition, modification
on the overall change schedule. Once the change
or removal of anything that could have an effect
proposal has been authorized, service portfolio
on IT services. The scope should include changes
management will charter the service.
to all architectures, processes, tools, metrics and
documentation, as well as changes to IT services
and other configuration items.

change record charter

(ITIL Service Transition) A record containing the (ITIL Service Strategy) A document that contains
details of a change. Each change record documents details of a new service, a significant change or
the lifecycle of a single change. A change record other significant project. Charters are typically
is created for every request for change that authorized by service portfolio management or
is received, even those that are subsequently by a project management office. The term charter
rejected. Change records should reference the is also used to describe the act of authorizing the
configuration items that are affected by the work required to complete the service change or
change. Change records may be stored in the project. See also change proposal; service charter;
configuration management system, or elsewhere in project portfolio.
the service knowledge management system.
client
change request A generic term that means a customer, the business
See request for change. or a business customer. For example, client manager
may be used as a synonym for business relationship
change schedule manager. The term is also used to mean:
(ITIL Service Transition) A document that lists n A computer that is used directly by a user for
all authorized changes and their planned example, a PC, a handheld computer or a work
implementation dates, as well as the estimated station
dates of longer-term changes. A change schedule n The part of a client server application that the
is sometimes called a forward schedule of change, user directly interfaces with for example, an
even though it also contains information about email client.
changes that have already been implemented.
closed
charging (ITIL Service Operation) The final status in the
(ITIL Service Strategy) Requiring payment for IT lifecycle of an incident, problem, change etc. When
services. Charging for IT services is optional, and the status is closed, no further action is taken.
many organizations choose to treat their IT service
provider as a cost centre. See also charging process; closure
charging policy. (ITIL Service Operation) The act of changing the
status of an incident, problem, change etc. to
charging policy closed.
(ITIL Service Strategy) A policy specifying the
objective of the charging process and the way in COBIT
which charges will be calculated. See also cost. (ITIL Continual Service Improvement) Control
OBjectives for Information and related Technology
charging process (COBIT) provides guidance and best practice for the
(ITIL Service Strategy) The process responsible for management of IT processes. COBIT is published
deciding how much customers should pay (pricing) by ISACA in conjunction with the IT Governance
and recovering money from them (billing). This Institute (ITGI). See www.isaca.org for more
process is not described in detail within the core information.
ITIL publications.
code of practice
A guideline published by a public body or a
standards organization, such as ISO or BSI. Many
standards consist of a code of practice and a
specification. The code of practice describes
recommended best practice.

commercial off the shelf (COTS) configuration

(ITIL Service Design) Pre-existing application (ITIL Service Transition) A generic term used to
software or middleware that can be purchased describe a group of configuration items that work
from a third party. together to deliver an IT service, or a recognizable
part of an IT service. Configuration is also used to
compliance describe the parameter settings for one or more
Ensuring that a standard or set of guidelines is configuration items.
followed, or that proper, consistent accounting or
other practices are being employed. configuration baseline
(ITIL Service Transition) The baseline of a
component configuration that has been formally agreed and
A general term that is used to mean one part of is managed through the change management
something more complex. For example, a computer process. A configuration baseline is used as a basis
system may be a component of an IT service; an for future builds, releases and changes.
application may be a component of a release unit.
Components that need to be managed should be configuration item (CI)
configuration items. (ITIL Service Transition) Any component or other
service asset that needs to be managed in order
component capacity management (CCM) to deliver an IT service. Information about each
(ITIL Continual Service Improvement) (ITIL Service configuration item is recorded in a configuration
Design) The sub-process of capacity management record within the configuration management
responsible for understanding the capacity, system and is maintained throughout its lifecycle
utilization and performance of configuration by service asset and configuration management.
items. Data is collected, recorded and analysed for Configuration items are under the control of
use in the capacity plan. See also business capacity change management. They typically include IT
management; service capacity management. services, hardware, software, buildings, people
and formal documentation such as process
component CI documentation and service level agreements.
(ITIL Service Transition) A configuration item that is
part of an assembly. For example, a CPU or memory
configuration management
CI may be part of a server CI. See service asset and configuration management.
component failure impact analysis (CFIA) configuration management database

(ITIL Service Design) A technique that helps to (CMDB)
identify the impact of configuration item failure (ITIL Service Transition) A database used to
on IT services and the business. A matrix is created store configuration records throughout their
with IT services on one axis and CIs on the other. lifecycle. The configuration management system
This enables the identification of critical CIs (that maintains one or more configuration management
could cause the failure of multiple IT services) and databases, and each database stores attributes of
fragile IT services (that have multiple single points configuration items, and relationships with other
of failure). configuration items.
confidentiality
(ITIL Service Design) A security principle that
requires that data should only be accessed by
authorized people.

configuration management system (CMS) control perspective

(ITIL Service Transition) A set of tools, data and (ITIL Service Strategy) An approach to the
information that is used to support service management of IT services, processes, functions,
asset and configuration management. The assets etc. There can be several different control
CMS is part of an overall service knowledge perspectives on the same IT service, process etc.,
management system and includes tools for allowing different individuals or teams to focus
collecting, storing, managing, updating, analysing on what is important and relevant to their specific
and presenting data about all configuration role. Examples of control perspective include
items and their relationships. The CMS may also reactive and proactive management within IT
include information about incidents, problems, operations, or a lifecycle view for an application
known errors, changes and releases. The CMS is project team.
maintained by service asset and configuration
management and is used by all IT service core service
management processes. See also configuration (ITIL Service Strategy) A service that delivers the
management database. basic outcomes desired by one or more customers.
A core service provides a specific level of utility and
continual service improvement (CSI) warranty. Customers may be offered a choice of
(ITIL Continual Service Improvement) A stage utility and warranty through one or more service
in the lifecycle of a service. Continual service options. See also enabling service; enhancing
improvement ensures that services are aligned service; IT service; service package.
with changing business needs by identifying and
implementing improvements to IT services that cost
support business processes. The performance of The amount of money spent on a specific activity,
the IT service provider is continually measured IT service or business unit. Costs consist of real cost
and improvements are made to processes, IT (money), notional cost (such as peoples time) and
services and IT infrastructure in order to increase depreciation.
efficiency, effectiveness and cost effectiveness.
Continual service improvement includes the seven- cost benefit analysis
step improvement process. Although this process
An activity that analyses and compares the
is associated with continual service improvement,
costs and the benefits involved in one or more
most processes have activities that take place across
alternative courses of action. See also business case;
multiple stages of the service lifecycle. See also
internal rate of return; net present value; return on
Plan-Do-Check-Act.
investment; value on investment.
contract
cost centre
A legally binding agreement between two or more
(ITIL Service Strategy) A business unit or project to
parties.
which costs are assigned. A cost centre does not
charge for services provided. An IT service provider
control
can be run as a cost centre or a profit centre.
A means of managing a risk, ensuring that a
business objective is achieved or that a process cost element
is followed. Examples of control include policies,
(ITIL Service Strategy) The middle level of category
procedures, roles, RAID, door locks etc. A control is
to which costs are assigned in budgeting and
sometimes called a countermeasure or safeguard.
accounting. The highest-level category is cost type.
Control also means to manage the utilization or
For example, a cost type of people could have
behaviour of a configuration item, system or IT
cost elements of payroll, staff benefits, expenses,
service.
training, overtime etc. Cost elements can be further
broken down to give cost units. For example, the
Control OBjectives for Information and
cost element expenses could include cost units of
related Technology hotels, transport, meals etc.
See COBIT.

cost management crisis management

(ITIL Service Strategy) A general term that is Crisis management is the process responsible
used to refer to budgeting and accounting, and for managing the wider implications of business
is sometimes used as a synonym for financial continuity. A crisis management team is responsible
management. for strategic issues such as managing media
relations and shareholder confidence, and decides
cost model when to invoke business continuity plans.
(ITIL Service Strategy) A framework used in
budgeting and accounting in which all known critical success factor (CSF)
costs can be recorded, categorized and allocated Something that must happen if an IT service,
to specific customers, business units or projects. See process, plan, project or other activity is to succeed.
also cost type; cost element; cost unit. Key performance indicators are used to measure
the achievement of each critical success factor.
cost type For example, a critical success factor of protect IT
(ITIL Service Strategy) The highest level of category services when making changes could be measured
to which costs are assigned in budgeting and by key performance indicators such as percentage
accounting for example, hardware, software, reduction of unsuccessful changes, percentage
people, accommodation, external and transfer. See reduction in changes causing incidents etc.
also cost element; cost unit.
CSI register
cost unit (ITIL Continual Service Improvement) A database or
(ITIL Service Strategy) The lowest level of category structured document used to record and manage
to which costs are assigned, cost units are usually improvement opportunities throughout their
things that can be easily counted (e.g. staff lifecycle.
numbers, software licences) or things easily
measured (e.g. CPU usage, electricity consumed). culture
Cost units are included within cost elements. For A set of values that is shared by a group of people,
example, a cost element of expenses could include including expectations about how people should
cost units of hotels, transport, meals etc. See also behave, their ideas, beliefs and practices. See also
cost type. vision.
cost effectiveness customer

A measure of the balance between the Someone who buys goods or services. The customer
effectiveness and cost of a service, process or of an IT service provider is the person or group who
activity. A cost-effective process is one that achieves defines and agrees the service level targets. The
its objectives at minimum cost. See also key term is also sometimes used informally to mean
performance indicator; return on investment; value user for example, This is a customer-focused
for money. organization.
countermeasure customer asset

Can be used to refer to any type of control. Any resource or capability of a customer. See also
The term is most often used when referring to asset.
measures that increase resilience, fault tolerance or
reliability of an IT service.
course corrections
Changes made to a plan or activity that has already
started to ensure that it will meet its objectives.
Course corrections are made as a result of
monitoring progress.

customer agreement portfolio deliverable

(ITIL Service Strategy) A database or structured Something that must be provided to meet a
document used to manage service contracts or commitment in a service level agreement or a
agreements between an IT service provider and its contract. It is also used in a more informal way to
customers. Each IT service delivered to a customer mean a planned output of any process.
should have a contract or other agreement that
is listed in the customer agreement portfolio. See demand management
also customer-facing service; service catalogue; (ITIL Service Design) (ITIL Service Strategy) The
service portfolio. process responsible for understanding, anticipating
and influencing customer demand for services.
customer-facing service Demand management works with capacity
(ITIL Service Design) An IT service that is visible management to ensure that the service provider
to the customer. These are normally services has sufficient capacity to meet the required
that support the customers business processes demand. At a strategic level, demand management
and facilitate one or more outcomes desired by can involve analysis of patterns of business
the customer. All live customer-facing services, activity and user profiles, while at a tactical level,
including those available for deployment, are it can involve the use of differential charging
recorded in the service catalogue along with to encourage customers to use IT services at less
customer-visible information about deliverables, busy times, or require short-term activities to
prices, contact points, ordering and request respond to unexpected demand or the failure of a
processes. Other information such as relationships configuration item.
to supporting services and other CIs will also be
recorded for internal use by the IT service provider. Deming Cycle
See Plan-Do-Check-Act.
dashboard
(ITIL Service Operation) A graphical representation dependency
of overall IT service performance and availability. The direct or indirect reliance of one process or
Dashboard images may be updated in real time, activity on another.
and can also be included in management reports
and web pages. Dashboards can be used to support deployment
service level management, event management and
(ITIL Service Transition) The activity responsible
incident diagnosis.
for movement of new or changed hardware,
software, documentation, process etc. to the live
Data-to-Information-to-Knowledge-to-
environment. Deployment is part of the release
Wisdom (DIKW) and deployment management process.
(ITIL Service Transition) A way of understanding
the relationships between data, information, design
knowledge and wisdom. DIKW shows how each of (ITIL Service Design) An activity or process that
these builds on the others. identifies requirements and then defines a solution
that is able to meet these requirements. See also
definitive media library (DML) service design.
(ITIL Service Transition) One or more locations in
which the definitive and authorized versions of all design coordination
software configuration items are securely stored. (ITIL Service Design) The process responsible for
The definitive media library may also contain coordinating all service design activities, processes
associated configuration items such as licences and and resources. Design coordination ensures the
documentation. It is a single logical storage area consistent and effective design of new or changed
even if there are multiple locations. The definitive IT services, service management information
media library is controlled by service asset and systems, architectures, technology, processes,
configuration management and is recorded in the information and metrics.
configuration management system.

detection early life support (ELS)

(ITIL Service Operation) A stage in the expanded (ITIL Service Transition) A stage in the service
incident lifecycle. Detection results in the incident lifecycle that occurs at the end of deployment and
becoming known to the service provider. Detection before the service is fully accepted into operation.
can be automatic or the result of a user logging an During early life support, the service provider
incident. reviews key performance indicators, service levels
and monitoring thresholds and may implement
development improvements to ensure that service targets can
(ITIL Service Design) The process responsible for be met. The service provider may also provide
creating or modifying an IT service or application additional resources for incident and problem
ready for subsequent release and deployment. management during this time.
Development is also used to mean the role or
function that carries out development work. This economies of scale
process is not described in detail within the core (ITIL Service Strategy) The reduction in average cost
ITIL publications. that is possible from increasing the usage of an IT
service or asset. See also economies of scope.
development environment
(ITIL Service Design) An environment used to economies of scope
create or modify IT services or applications. (ITIL Service Strategy) The reduction in cost that is
Development environments are not typically allocated to an IT service by using an existing asset
subjected to the same degree of control as test or for an additional purpose. For example, delivering
live environments. See also development. a new IT service from an existing IT infrastructure.
See also economies of scale.
diagnosis
(ITIL Service Operation) A stage in the incident and effectiveness
problem lifecycles. The purpose of diagnosis is to (ITIL Continual Service Improvement) A measure
identify a workaround for an incident or the root of whether the objectives of a process, service or
cause of a problem. activity have been achieved. An effective process or
activity is one that achieves its agreed objectives.
document See also key performance indicator.
Information in readable form. A document may
be paper or electronic for example, a policy efficiency
statement, service level agreement, incident record (ITIL Continual Service Improvement) A measure
or diagram of a computer room layout. See also of whether the right amount of resource has been
record. used to deliver a process, service or activity. An
efficient process achieves its objectives with the
downtime minimum amount of time, money, people or other
(ITIL Service Design) (ITIL Service Operation) The resources. See also key performance indicator.
time when an IT service or other configuration item
is not available during its agreed service time. The emergency change
availability of an IT service is often calculated from (ITIL Service Transition) A change that must be
agreed service time and downtime. introduced as soon as possible for example, to
resolve a major incident or implement a security
driver patch. The change management process will
Something that influences strategy, objectives or normally have a specific procedure for handling
requirements for example, new legislation or the emergency changes. See also emergency change
actions of competitors. advisory board.

emergency change advisory board (ECAB) escalation

(ITIL Service Transition) A subgroup of the change (ITIL Service Operation) An activity that obtains
advisory board that makes decisions about additional resources when these are needed to
emergency changes. Membership may be decided meet service level targets or customer expectations.
at the time a meeting is called, and depends on the Escalation may be needed within any IT service
nature of the emergency change. management process, but is most commonly
associated with incident management, problem
enabling service management and the management of customer
(ITIL Service Strategy) A service that is needed in complaints. There are two types of escalation:
order to deliver a core service. Enabling services functional escalation and hierarchic escalation.
may or may not be visible to the customer, but they
are not offered to customers in their own right. See eSourcing Capability Model for Client
also enhancing service. Organizations (eSCM-CL)
(ITIL Service Strategy) A framework to help
enhancing service organizations in their analysis and decision-making
(ITIL Service Strategy) A service that is added to on service sourcing models and strategies. It was
a core service to make it more attractive to the developed by Carnegie Mellon University in the
customer. Enhancing services are not essential US. See also eSourcing Capability Model for Service
to the delivery of a core service but are used to Providers.
encourage customers to use the core services
or to differentiate the service provider from its eSourcing Capability Model for Service
competitors. See also enabling service; excitement Providers (eSCM-SP)
factor. (ITIL Service Strategy) A framework to help
IT service providers develop their IT service
enterprise financial management management capabilities from a service sourcing
(ITIL Service Strategy) The function and processes perspective. It was developed by Carnegie Mellon
responsible for managing the overall organizations University in the US. See also eSourcing Capability
budgeting, accounting and charging requirements. Model for Client Organizations.
Enterprise financial management is sometimes
referred to as the corporate financial department. event
See also financial management for IT services. (ITIL Service Operation) A change of state that has
significance for the management of an IT service
environment or other configuration item. The term is also used
(ITIL Service Transition) A subset of the IT to mean an alert or notification created by any
infrastructure that is used for a particular purpose IT service, configuration item or monitoring tool.
for example, live environment, test environment, Events typically require IT operations personnel
build environment. Also used in the term physical to take actions, and often lead to incidents being
environment to mean the accommodation, air logged.
conditioning, power system etc. Environment
is used as a generic term to mean the external event management
conditions that influence or affect something. (ITIL Service Operation) The process responsible for
managing events throughout their lifecycle. Event
error management is one of the main activities of IT
(ITIL Service Operation) A design flaw or operations.
malfunction that causes a failure of one or more
IT services or other configuration items. A mistake excitement factor
made by a person or a faulty process that impacts a (ITIL Service Strategy) An attribute added to
configuration item is also an error. something to make it more attractive or more
exciting to the customer. For example, a restaurant
may provide a free drink with every meal. See also
enhancing service.

expanded incident lifecycle fault tree analysis (FTA)

(ITIL Continual Service Improvement) (ITIL Service (ITIL Continual Service Improvement) (ITIL Service
Design) Detailed stages in the lifecycle of an Design) A technique that can be used to determine
incident. The stages are detection, diagnosis, a chain of events that has caused an incident, or
repair, recovery and restoration. The expanded may cause an incident in the future. Fault tree
incident lifecycle is used to help understand all analysis represents a chain of events using Boolean
contributions to the impact of incidents and to notation in a diagram.
plan for how these could be controlled or reduced.
financial management
external customer (ITIL Service Strategy) A generic term used to
A customer who works for a different business describe the function and processes responsible for
from the IT service provider. See also external managing an organizations budgeting, accounting
service provider; internal customer. and charging requirements. Enterprise financial
management is the specific term used to describe
external service provider the function and processes from the perspective of
(ITIL Service Strategy) An IT service provider that is the overall organization. Financial management
part of a different organization from its customer. for IT services is the specific term used to describe
An IT service provider may have both internal and the function and processes from the perspective of
external customers. See also outsourcing; Type III the IT service provider.
service provider.
financial management for IT services
facilities management (ITIL Service Strategy) The function and processes
(ITIL Service Operation) The function responsible responsible for managing an IT service providers
for managing the physical environment where the budgeting, accounting and charging requirements.
IT infrastructure is located. Facilities management Financial management for IT services secures an
includes all aspects of managing the physical appropriate level of funding to design, develop
environment for example, power and cooling, and deliver services that meet the strategy of the
building access management, and environmental organization in a cost-effective manner. See also
monitoring. enterprise financial management.
failure fit for purpose

(ITIL Service Operation) Loss of ability to operate to (ITIL Service Strategy) The ability to meet an
specification, or to deliver the required output. The agreed level of utility. Fit for purpose is also used
term may be used when referring to IT services, informally to describe a process, configuration
processes, activities, configuration items etc. A item, IT service etc. that is capable of meeting its
failure often causes an incident. objectives or service levels. Being fit for purpose
requires suitable design, implementation, control
fault and maintenance.
See error.
fit for use
fault tolerance (ITIL Service Strategy) The ability to meet an agreed
level of warranty. Being fit for use requires suitable
(ITIL Service Design) The ability of an IT service or
design, implementation, control and maintenance.
other configuration item to continue to operate
correctly after failure of a component part. See
also countermeasure; resilience.

fixed asset management impact

(ITIL Service Transition) The process responsible for (ITIL Service Operation) (ITIL Service Transition) A
tracking and reporting the value and ownership measure of the effect of an incident, problem or
of fixed assets throughout their lifecycle. Fixed change on business processes. Impact is often based
asset management maintains the asset register on how service levels will be affected. Impact and
and is usually carried out by the overall business, urgency are used to assign priority.
rather than by the IT organization. Fixed asset
management is sometimes called financial asset incident
management and is not described in detail within (ITIL Service Operation) An unplanned interruption
the core ITIL publications. to an IT service or reduction in the quality of an
IT service. Failure of a configuration item that has
fulfilment not yet affected service is also an incident for
Performing activities to meet a need or example, failure of one disk from a mirror set.
requirement for example, by providing a new IT
service, or meeting a service request. incident management
(ITIL Service Operation) The process responsible
function for managing the lifecycle of all incidents. Incident
A team or group of people and the tools or management ensures that normal service operation
other resources they use to carry out one or more is restored as quickly as possible and the business
processes or activities for example, the service impact is minimized.
desk. The term also has two other meanings:
n An intended purpose of a configuration item,
incident record
person, team, process or IT service. For example, (ITIL Service Operation) A record containing
one function of an email service may be to store the details of an incident. Each incident record
and forward outgoing mails, while the function documents the lifecycle of a single incident.
of a business process may be to despatch goods
to customers. indirect cost
n To perform the intended purpose correctly, as in (ITIL Service Strategy) The cost of providing an
The computer is functioning. IT service which cannot be allocated in full to
a specific customer for example, the cost of
gap analysis providing shared servers or software licences. Also
known as overhead. See also direct cost.
(ITIL Continual Service Improvement) An activity
that compares two sets of data and identifies the
differences. Gap analysis is commonly used to information security management (ISM)
compare a set of requirements with actual delivery. (ITIL Service Design) The process responsible for
See also benchmarking. ensuring that the confidentiality, integrity and
availability of an organizations assets, information,
governance data and IT services match the agreed needs of
the business. Information security management
Ensures that policies and strategy are actually
supports business security and has a wider scope
implemented, and that required processes are
than that of the IT service provider, and includes
correctly followed. Governance includes defining
handling of paper, building access, phone calls
roles and responsibilities, measuring and reporting,
etc. for the entire organization. See also security
and taking actions to resolve any issues identified.
management information system.
guideline
A document describing best practice, which
recommends what should be done. Compliance
with a guideline is not normally enforced. See also
standard.

information security management system internal rate of return (IRR)

(ISMS) (ITIL Service Strategy) A technique used to help
(ITIL Service Design) The framework of policy, make decisions about capital expenditure. It
processes, functions, standards, guidelines and calculates a figure that allows two or more
tools that ensures an organization can achieve its alternative investments to be compared. A
information security management objectives. See larger internal rate of return indicates a better
also security management information system. investment. See also net present value; return on
investment.
information security policy
(ITIL Service Design) The policy that governs the
internal service provider
organizations approach to information security (ITIL Service Strategy) An IT service provider that
management. is part of the same organization as its customer.
An IT service provider may have both internal and
information system external customers. See also insourcing; Type I
service provider; Type II service provider.
See management information system.
information technology (IT) International Organization for

Standardization (ISO)
The use of technology for the storage,
communication or processing of information. The International Organization for Standardization
The technology typically includes computers, (ISO) is the worlds largest developer of standards.
telecommunications, applications and other ISO is a non-governmental organization that is a
software. The information may include business network of the national standards institutes of 156
data, voice, images, video etc. Information countries. See www.iso.org for further information
technology is often used to support business about ISO.
processes through IT services.
International Standards Organization
insourcing See International Organization for Standardization.
(ITIL Service Strategy) Using an internal service
provider to manage IT services. The term insourcing internet service provider (ISP)
is also used to describe the act of transferring the An external service provider that provides access
provision of an IT service from an external service to the internet. Most ISPs also provide other IT
provider to an internal service provider. See also services such as web hosting.
service sourcing.
Ishikawa diagram
integrity (ITIL Continual Service Improvement) (ITIL Service
(ITIL Service Design) A security principle that Operation) A technique that helps a team to
ensures data and configuration items are identify all the possible causes of a problem.
modified only by authorized personnel and Originally devised by Kaoru Ishikawa, the output
activities. Integrity considers all possible causes of of this technique is a diagram that looks like a
modification, including software and hardware fishbone.
failure, environmental events, and human
intervention. ISO 9000
A generic term that refers to a number of
internal customer international standards and guidelines for quality
A customer who works for the same business as management systems. See www.iso.org for more
the IT service provider. See also external customer; information. See also International Organization
internal service provider. for Standardization.

ISO 9001 IT service

An international standard for quality management A service provided by an IT service provider. An IT
systems. See also ISO 9000; standard. service is made up of a combination of information
technology, people and processes. A customer-
ISO/IEC 20000 facing IT service directly supports the business
An international standard for IT service processes of one or more customers and its service
management. level targets should be defined in a service level
agreement. Other IT services, called supporting
ISO/IEC 27001 services, are not directly used by the business but
are required by the service provider to deliver
(ITIL Continual Service Improvement) (ITIL
customer-facing services. See also core service;
Service Design) An international specification
enabling service; enhancing service; service; service
for information security management. The
package.
corresponding code of practice is ISO/IEC 27002.
See also standard.
IT service continuity management (ITSCM)
ISO/IEC 27002 (ITIL Service Design) The process responsible
for managing risks that could seriously affect IT
(ITIL Continual Service Improvement) An
services. IT service continuity management ensures
international code of practice for information
that the IT service provider can always provide
security management. The corresponding
minimum agreed service levels, by reducing
specification is ISO/IEC 27001. See also standard.
the risk to an acceptable level and planning for
the recovery of IT services. IT service continuity
IT infrastructure
management supports business continuity
All of the hardware, software, networks, facilities management.
etc. that are required to develop, test, deliver,
monitor, control or support applications and IT IT service management (ITSM)
services. The term includes all of the information
The implementation and management of quality
technology but not the associated people,
IT services that meet the needs of the business.
processes and documentation.
IT service management is performed by IT service
providers through an appropriate mix of people,
IT operations
process and information technology. See also
(ITIL Service Operation) Activities carried out by IT service management.
operations control, including console management/
operations bridge, job scheduling, backup and IT service provider
restore, and print and output management. IT
(ITIL Service Strategy) A service provider that
operations is also used as a synonym for service
provides IT services to internal or external
operation.
customers.
IT operations control
(ITIL Service Operation) The function responsible
for monitoring and control of the IT services and IT
infrastructure. See also operations bridge.
IT operations management
(ITIL Service Operation) The function within an IT
service provider that performs the daily activities
needed to manage IT services and the supporting IT
infrastructure. IT operations management includes
IT operations control and facilities management.

ITIL knowledge management

A set of best-practice publications for IT service (ITIL Service Transition) The process responsible
management. Owned by the Cabinet Office (part for sharing perspectives, ideas, experience and
of HM Government), ITIL gives guidance on the information, and for ensuring that these are
provision of quality IT services and the processes, available in the right place and at the right time.
functions and other capabilities needed to support The knowledge management process enables
them. The ITIL framework is based on a service informed decisions, and improves efficiency by
lifecycle and consists of five lifecycle stages (service reducing the need to rediscover knowledge.
strategy, service design, service transition, service See also Data-to-Information-to-Knowledge-to-
operation and continual service improvement), Wisdom; service knowledge management system.
each of which has its own supporting publication.
There is also a set of complementary ITIL known error
publications providing guidance specific to industry (ITIL Service Operation) A problem that has a
sectors, organization types, operating models and documented root cause and a workaround. Known
technology architectures. See www.itil-officialsite. errors are created and managed throughout their
com for more information. lifecycle by problem management. Known errors
may also be identified by development or suppliers.
job description
A document that defines the roles, responsibilities, lifecycle
skills and knowledge required by a particular The various stages in the life of an IT service,
person. One job description can include multiple configuration item, incident, problem, change
roles for example, the roles of configuration etc. The lifecycle defines the categories for status
manager and change manager may be carried out and the status transitions that are permitted. For
by one person. example:
n The lifecycle of an application includes
key performance indicator (KPI)
requirements, design, build, deploy, operate,
(ITIL Continual Service Improvement) (ITIL Service optimize
Design) A metric that is used to help manage an
n The expanded incident lifecycle includes
IT service, process, plan, project or other activity.
detection, diagnosis, repair, recovery and
Key performance indicators are used to measure
restoration
the achievement of critical success factors. Many
n The lifecycle of a server may include: ordered,
metrics may be measured, but only the most
received, in test, live, disposed etc.
important of these are defined as key performance
indicators and used to actively manage and report
on the process, IT service or activity. They should be live
selected to ensure that efficiency, effectiveness and (ITIL Service Transition) Refers to an IT service or
cost effectiveness are all managed. other configuration item that is being used to
deliver service to a customer.
knowledge base
(ITIL Service Transition) A logical database live environment
containing data and information used by the (ITIL Service Transition) A controlled environment
service knowledge management system. containing live configuration items used to deliver
IT services to customers.

maintainability manual workaround

(ITIL Service Design) A measure of how quickly and (ITIL Continual Service Improvement) A
effectively an IT service or other configuration item workaround that requires manual intervention.
can be restored to normal working after a failure. Manual workaround is also used as the name of
Maintainability is often measured and reported as a recovery option in which the business process
MTRS. Maintainability is also used in the context of operates without the use of IT services. This is a
software or IT service development to mean ability temporary measure and is usually combined with
to be changed or repaired easily. another recovery option.
major incident market space

(ITIL Service Operation) The highest category of (ITIL Service Strategy) Opportunities that an IT
impact for an incident. A major incident results in service provider could exploit to meet the business
significant disruption to the business. needs of customers. Market spaces identify the
possible IT services that an IT service provider may
management information wish to consider delivering.
Information that is used to support decision
making by managers. Management information is maturity
often generated automatically by tools supporting (ITIL Continual Service Improvement) A measure
the various IT service management processes. of the reliability, efficiency and effectiveness of
Management information often includes the values a process, function, organization etc. The most
of key performance indicators, such as percentage mature processes and functions are formally
of changes leading to incidents or first-time fix aligned to business objectives and strategy, and
rate. are supported by a framework for continual
improvement.
management information system (MIS)
(ITIL Service Design) A set of tools, data and maturity level
information that is used to support a process A named level in a maturity model, such as the
or function. Examples include the availability Carnegie Mellon Capability Maturity Model
management information system and the supplier Integration.
and contract management information system. See
also service knowledge management system. mean time between failures (MTBF)
(ITIL Service Design) A metric for measuring and
Management of Risk (M_o_R) reporting reliability. MTBF is the average time
M_o_R includes all the activities required to that an IT service or other configuration item can
identify and control the exposure to risk, which perform its agreed function without interruption.
may have an impact on the achievement of an This is measured from when the configuration item
organizations business objectives. See www.mor- starts working, until it next fails.
officialsite.com for more details.
mean time to repair (MTTR)
management system The average time taken to repair an IT service or
The framework of policy, processes, functions, other configuration item after a failure. MTTR is
standards, guidelines and tools that ensures measured from when the configuration item fails
an organization or part of an organization can until it is repaired. MTTR does not include the
achieve its objectives. This term is also used with time required to recover or restore. It is sometimes
a smaller scope to support a specific process or incorrectly used instead of mean time to restore
activity for example, an event management service.
system or risk management system. See also system.

mean time to restore service (MTRS) net present value (NPV)

The average time taken to restore an IT service or (ITIL Service Strategy) A technique used to help
other configuration item after a failure. MTRS is make decisions about capital expenditure. It
measured from when the configuration item fails compares cash inflows with cash outflows. Positive
until it is fully restored and delivering its normal net present value indicates that an investment is
functionality. See also maintainability; mean time worthwhile. See also internal rate of return; return
to repair. on investment.
metric objective
(ITIL Continual Service Improvement) Something The outcomes required from a process, activity or
that is measured and reported to help manage organization in order to ensure that its purpose
a process, IT service or activity. See also key will be fulfilled. Objectives are usually expressed
performance indicator. as measurable targets. The term is also informally
used to mean a requirement.
middleware
(ITIL Service Design) Software that connects two Office of Government Commerce (OGC)
or more software components or applications. OGC (former owner of Best Management Practice)
Middleware is usually purchased from a supplier, and its functions have moved into the Cabinet
rather than developed within the IT service Office as part of HM Government. See www.
provider. See also commercial off the shelf. cabinetoffice.gov.uk
mission operate
A short but complete description of the overall To perform as expected. A process or configuration
purpose and intentions of an organization. It states item is said to operate if it is delivering the
what is to be achieved, but not how this should be required outputs. Operate also means to perform
done. See also vision. one or more operations. For example, to operate
a computer is to do the day-to-day operations
model needed for it to perform as expected.
A representation of a system, process, IT service,
configuration item etc. that is used to help operation
understand or predict future behaviour. (ITIL Service Operation) Day-to-day management of
an IT service, system or other configuration item.
modelling Operation is also used to mean any predefined
A technique that is used to predict the future activity or transaction for example, loading a
behaviour of a system, process, IT service, magnetic tape, accepting money at a point of sale,
configuration item etc. Modelling is commonly or reading data from a disk drive.
used in financial management, capacity
management and availability management. operational
The lowest of three levels of planning and delivery
monitoring (strategic, tactical, operational). Operational
(ITIL Service Operation) Repeated observation of a activities include the day-to-day or short-term
configuration item, IT service or process to detect planning or delivery of a business process or IT
events and to ensure that the current status is service management process. The term is also a
known. synonym for live.
operational cost
The cost resulting from running the IT services,
which often involves repeating payments for
example, staff costs, hardware maintenance and
electricity (also known as current expenditure or
revenue expenditure). See also capital expenditure.

operational expenditure (OPEX) Pareto principle

See operational cost. (ITIL Service Operation) A technique used to
prioritize activities. The Pareto principle says that
operational level agreement (OLA) 80% of the value of any activity is created with
(ITIL Continual Service Improvement) (ITIL 20% of the effort. Pareto analysis is also used
Service Design) An agreement between an IT in problem management to prioritize possible
service provider and another part of the same problem causes for investigation.
organization. It supports the IT service providers
delivery of IT services to customers and defines partnership
the goods or services to be provided and the A relationship between two organizations that
responsibilities of both parties. For example, there involves working closely together for common
could be an operational level agreement: goals or mutual benefit. The IT service provider
should have a partnership with the business and
n Between the IT service provider and a
with third parties who are critical to the delivery of
procurement department to obtain hardware in
IT services. See also value network.
agreed times
n Between the service desk and a support group
pattern of business activity (PBA)
to provide incident resolution in agreed times.
(ITIL Service Strategy) A workload profile of one
See also service level agreement.
or more business activities. Patterns of business
activity are used to help the IT service provider
operations control
understand and plan for different levels of business
See IT operations control. activity. See also user profile.
operations management performance

See IT operations management. A measure of what is achieved or delivered by a
system, person, team, process or IT service.
optimize
Review, plan and request changes, in order to performance management
obtain the maximum efficiency and effectiveness Activities to ensure that something achieves its
from a process, configuration item, application etc. expected outcomes in an efficient and consistent
manner.
organization
A company, legal entity or other institution. The pilot
term is sometimes used to refer to any entity that (ITIL Service Transition) A limited deployment of
has people, resources and budgets for example, a an IT service, a release or a process to the live
project or business unit. environment. A pilot is used to reduce risk and
to gain user feedback and acceptance. See also
outcome change evaluation; test.
The result of carrying out an activity, following a
process, or delivering an IT service etc. The term is plan
used to refer to intended results as well as to actual A detailed proposal that describes the activities
results. See also objective. and resources needed to achieve an objective for
example, a plan to implement a new IT service
outsourcing or process. ISO/IEC 20000 requires a plan for the
(ITIL Service Strategy) Using an external service management of each IT service management
provider to manage IT services. See also service process.
sourcing.
overhead
See indirect cost.

Plan-Do-Check-Act (PDCA) proactive problem management

(ITIL Continual Service Improvement) A four-stage (ITIL Service Operation) Part of the problem
cycle for process management, attributed to management process. The objective of proactive
Edward Deming. Plan-Do-Check-Act is also called problem management is to identify problems that
the Deming Cycle. Plan design or revise processes might otherwise be missed. Proactive problem
that support the IT services; Do implement the management analyses incident records, and uses
plan and manage the processes; Check measure data collected by other IT service management
the processes and IT services, compare with processes to identify trends or significant problems.
objectives and produce reports; Act plan and
implement changes to improve the processes. problem
(ITIL Service Operation) A cause of one or more
planning incidents. The cause is not usually known at the
An activity responsible for creating one or more time a problem record is created, and the problem
plans for example, capacity planning. management process is responsible for further
investigation.
policy
Formally documented management expectations problem management
and intentions. Policies are used to direct decisions, (ITIL Service Operation) The process responsible for
and to ensure consistent and appropriate managing the lifecycle of all problems. Problem
development and implementation of processes, management proactively prevents incidents from
standards, roles, activities, IT infrastructure etc. happening and minimizes the impact of incidents
that cannot be prevented.
post-implementation review (PIR)
A review that takes place after a change or a problem record
project has been implemented. It determines if the (ITIL Service Operation) A record containing
change or project was successful, and identifies the details of a problem. Each problem record
opportunities for improvement. documents the lifecycle of a single problem.
practice procedure
A way of working, or a way in which work must A document containing steps that specify how to
be done. Practices can include activities, processes, achieve an activity. Procedures are defined as part
functions, standards and guidelines. See also best of processes. See also work instruction.
practice.
process
pricing A structured set of activities designed to
(ITIL Service Strategy) Pricing is the activity for accomplish a specific objective. A process takes
establishing how much customers will be charged. one or more defined inputs and turns them into
defined outputs. It may include any of the roles,
PRINCE2 responsibilities, tools and management controls
See PRojects IN Controlled Environments. required to reliably deliver the outputs. A process
may define policies, standards, guidelines, activities
priority and work instructions if they are needed.
(ITIL Service Operation) (ITIL Service Transition) A
category used to identify the relative importance
process control
of an incident, problem or change. Priority is The activity of planning and regulating a process,
based on impact and urgency, and is used to with the objective of performing the process in an
identify required times for actions to be taken. For effective, efficient and consistent manner.
example, the service level agreement may state
that Priority 2 incidents must be resolved within 12
hours.

process manager Project Management Institute (PMI)

A role responsible for the operational management A membership association that advances the
of a process. The process managers responsibilities project management profession through
include planning and coordination of all activities globally recognized standards and certifications,
required to carry out, monitor and report on the collaborative communities, an extensive research
process. There may be several process managers programme, and professional development
for one process for example, regional change opportunities. PMI is a not-for-profit membership
managers or IT service continuity managers for organization with representation in many countries
each data centre. The process manager role is often around the world. PMI maintains and publishes the
assigned to the person who carries out the process Project Management Body of Knowledge (PMBOK).
owner role, but the two roles may be separate in See www.pmi.org for more information. See also
larger organizations. PRojects IN Controlled Environments (PRINCE2).
process owner project management office (PMO)

The person who is held accountable for ensuring (ITIL Service Design) (ITIL Service Strategy) A
that a process is fit for purpose. The process function or group responsible for managing the
owners responsibilities include sponsorship, design, lifecycle of projects. See also charter; project
change management and continual improvement portfolio.
of the process and its metrics. This role can be
assigned to the same person who carries out the project portfolio
process manager role, but the two roles may be (ITIL Service Design) (ITIL Service Strategy) A
separate in larger organizations. database or structured document used to manage
projects throughout their lifecycle. The project
production environment portfolio is used to coordinate projects and ensure
See live environment. that they meet their objectives in a cost-effective
and timely manner. In larger organizations,
programme the project portfolio is typically defined and
A number of projects and activities that are maintained by a project management office. The
planned and managed together to achieve project portfolio is important to service portfolio
an overall set of related objectives and other management as new services and significant
outcomes. changes are normally managed as projects. See also
charter.
project
projected service outage (PSO)
A temporary organization, with people and other
assets, that is required to achieve an objective or (ITIL Service Transition) A document that identifies
other outcome. Each project has a lifecycle that the effect of planned changes, maintenance
typically includes initiation, planning, execution, activities and test plans on agreed service levels.
and closure. Projects are usually managed
using a formal methodology such as PRojects IN PRojects IN Controlled Environments
Controlled Environments (PRINCE2) or the Project (PRINCE2)
Management Body of Knowledge (PMBOK). See The standard UK government methodology for
also charter; project management office; project project management. See www.prince-officialsite.
portfolio. com for more information. See also Project
Management Body of Knowledge (PMBOK).
Project Management Body of Knowledge
(PMBOK) qualification
A project management standard maintained and (ITIL Service Transition) An activity that ensures that
published by the Project Management Institute. the IT infrastructure is appropriate and correctly
See www.pmi.org for more information. See also configured to support an application or IT service.
PRojects IN Controlled Environments (PRINCE2). See also validation.

quality recovery
The ability of a product, service or process to (ITIL Service Design) (ITIL Service Operation)
provide the intended value. For example, a Returning a configuration item or an IT service to
hardware component can be considered to be of a working state. Recovery of an IT service often
high quality if it performs as expected and delivers includes recovering data to a known consistent
the required reliability. Process quality also requires state. After recovery, further steps may be needed
an ability to monitor effectiveness and efficiency, before the IT service can be made available to the
and to improve them if necessary. See also quality users (restoration).
management system.
relationship
quality assurance (QA) A connection or interaction between two people
(ITIL Service Transition) The process responsible for or things. In business relationship management,
ensuring that the quality of a service, process or it is the interaction between the IT service
other service asset will provide its intended value. provider and the business. In service asset and
Quality assurance is also used to refer to a function configuration management, it is a link between
or team that performs quality assurance. This two configuration items that identifies a
process is not described in detail within the core dependency or connection between them. For
ITIL publications. See also service validation and example, applications may be linked to the servers
testing. they run on, and IT services have many links to all
the configuration items that contribute to that IT
quality management system (QMS) service.
(ITIL Continual Service Improvement) The
framework of policy, processes, functions, release
standards, guidelines and tools that ensures an (ITIL Service Transition) One or more changes to
organization is of a suitable quality to reliably an IT service that are built, tested and deployed
meet business objectives or service levels. See also together. A single release may include changes to
ISO 9000. hardware, software, documentation, processes and
other components.
quick win
(ITIL Continual Service Improvement) An release and deployment management
improvement activity that is expected to provide (ITIL Service Transition) The process responsible for
a return on investment in a short period of time planning, scheduling and controlling the build,
with relatively small cost and effort. See also Pareto test and deployment of releases, and for delivering
principle. new functionality required by the business while
protecting the integrity of existing services.
RACI
(ITIL Service Design) A model used to help release management
define roles and responsibilities. RACI stands for See release and deployment management.
responsible, accountable, consulted and informed.
release record
record (ITIL Service Transition) A record that defines
A document containing the results or other output the content of a release. A release record has
from a process or activity. Records are evidence relationships with all configuration items that
of the fact that an activity took place and may be are affected by the release. Release records may
paper or electronic for example, an audit report, be in the configuration management system or
an incident record or the minutes of a meeting. elsewhere in the service knowledge management
system.

reliability response time

(ITIL Continual Service Improvement) (ITIL Service A measure of the time taken to complete an
Design) A measure of how long an IT service or operation or transaction. Used in capacity
other configuration item can perform its agreed management as a measure of IT infrastructure
function without interruption. Usually measured as performance, and in incident management as a
MTBF or MTBSI. The term can also be used to state measure of the time taken to answer the phone, or
how likely it is that a process, function etc. will to start diagnosis.
deliver its required outputs. See also availability.
responsiveness
repair A measurement of the time taken to respond
(ITIL Service Operation) The replacement or to something. This could be response time of a
correction of a failed configuration item. transaction, or the speed with which an IT service
provider responds to an incident or request for
request for change (RFC) change etc.
(ITIL Service Transition) A formal proposal for
a change to be made. It includes details of the restoration of service
proposed change, and may be recorded on paper See restore.
or electronically. The term is often misused to mean
a change record, or the change itself. restore
(ITIL Service Operation) Taking action to return
request fulfilment an IT service to the users after repair and recovery
(ITIL Service Operation) The process responsible for from an incident. This is the primary objective of
managing the lifecycle of all service requests. incident management.
requirement retire
(ITIL Service Design) A formal statement of what is (ITIL Service Transition) Permanent removal of an
needed for example, a service level requirement, IT service, or other configuration item, from the
a project requirement or the required deliverables live environment. Being retired is a stage in the
for a process. See also statement of requirements. lifecycle of many configuration items.
resilience return on investment (ROI)

(ITIL Service Design) The ability of an IT service (ITIL Continual Service Improvement) (ITIL Service
or other configuration item to resist failure or to Strategy) A measurement of the expected benefit
recover in a timely manner following a failure. For of an investment. In the simplest sense, it is the net
example, an armoured cable will resist failure when profit of an investment divided by the net worth
put under stress. See also fault tolerance. of the assets invested. See also net present value;
value on investment.
resolution
(ITIL Service Operation) Action taken to repair review
the root cause of an incident or problem, or An evaluation of a change, problem, process,
to implement a workaround. In ISO/IEC 20000, project etc. Reviews are typically carried out at
resolution processes is the process group that predefined points in the lifecycle, and especially
includes incident and problem management. after closure. The purpose of a review is to ensure
that all deliverables have been provided, and to
resource identify opportunities for improvement. See also
(ITIL Service Strategy) A generic term that includes change evaluation; post-implementation review.
IT infrastructure, people, money or anything else
that might help to deliver an IT service. Resources
are considered to be assets of an organization. See
also capability; service asset.

risk Sarbanes-Oxley (SOX)

A possible event that could cause harm or loss, US law that regulates financial practice and
or affect the ability to achieve objectives. A risk corporate governance.
is measured by the probability of a threat, the
vulnerability of the asset to that threat, and the scope
impact it would have if it occurred. Risk can also The boundary or extent to which a process,
be defined as uncertainty of outcome, and can be procedure, certification, contract etc. applies. For
used in the context of measuring the probability of example, the scope of change management may
positive outcomes as well as negative outcomes. include all live IT services and related configuration
items; the scope of an ISO/IEC 20000 certificate
risk assessment may include all IT services delivered out of a named
The initial steps of risk management: analysing the data centre.
value of assets to the business, identifying threats
to those assets, and evaluating how vulnerable security
each asset is to those threats. Risk assessment See information security management.
can be quantitative (based on numerical data) or
qualitative. security management
See information security management.
risk management
The process responsible for identifying, assessing security management information system
and controlling risks. Risk management is also (SMIS)
sometimes used to refer to the second part of the
(ITIL Service Design) A set of tools, data and
overall process after risks have been identified and
information that is used to support information
assessed, as in risk assessment and management.
security management. The security management
This process is not described in detail within the
information system is part of the information
core ITIL publications. See also risk assessment.
security management system. See also service
knowledge management system.
role
A set of responsibilities, activities and authorities security policy
assigned to a person or team. A role is defined in
See information security policy.
a process or function. One person or team may
have multiple roles for example, the roles of
configuration manager and change manager may
server
be carried out by a single person. Role is also used (ITIL Service Operation) A computer that is
to describe the purpose of something or what it is connected to a network and provides software
used for. functions that are used by other computers.
root cause service

(ITIL Service Operation) The underlying or original A means of delivering value to customers by
cause of an incident or problem. facilitating outcomes customers want to achieve
without the ownership of specific costs and risks.
root cause analysis (RCA) The term service is sometimes used as a synonym
for core service, IT service or service package. See
(ITIL Service Operation) An activity that identifies
also utility; warranty.
the root cause of an incident or problem. Root
cause analysis typically concentrates on IT
infrastructure failures. See also service failure
service acceptance criteria (SAC)
analysis. (ITIL Service Transition) A set of criteria used to
ensure that an IT service meets its functionality
and quality requirements and that the IT service
provider is ready to operate the new IT service
when it has been deployed. See also acceptance.

service asset service charter

Any resource or capability of a service provider. See (ITIL Service Design) (ITIL Service Strategy) A
also asset. document that contains details of a new or
changed service. New service introductions and
service asset and configuration significant service changes are documented in
management (SACM) a charter and authorized by service portfolio
management. Service charters are passed to the
(ITIL Service Transition) The process responsible for
service design lifecycle stage where a new or
ensuring that the assets required to deliver services
modified service design package will be created.
are properly controlled, and that accurate and
The term charter is also used to describe the act of
reliable information about those assets is available
authorizing the work required by each stage of the
when and where it is needed. This information
service lifecycle with respect to the new or changed
includes details of how the assets have been
service. See also change proposal; service portfolio;
configured and the relationships between assets.
service catalogue.
See also configuration management system.
service capacity management (SCM) service continuity management

See IT service continuity management.
Design) The sub-process of capacity management
responsible for understanding the performance service culture
and capacity of IT services. Information on the A customer-oriented culture. The major objectives
resources used by each IT service and the pattern of a service culture are customer satisfaction
of usage over time are collected, recorded and and helping customers to achieve their business
analysed for use in the capacity plan. See also objectives.
business capacity management; component
capacity management. service design
(ITIL Service Design) A stage in the lifecycle of a
service catalogue service. Service design includes the design of the
(ITIL Service Design) (ITIL Service Strategy) A services, governing practices, processes and policies
database or structured document with information required to realize the service providers strategy
about all live IT services, including those available and to facilitate the introduction of services into
for deployment. The service catalogue is part of supported environments. Service design includes
the service portfolio and contains information the following processes: design coordination,
about two types of IT service: customer-facing service catalogue management, service level
services that are visible to the business; and management, availability management, capacity
supporting services required by the service provider management, IT service continuity management,
to deliver customer-facing services. See also information security management, and supplier
customer agreement portfolio; service catalogue management. Although these processes are
management. associated with service design, most processes have
activities that take place across multiple stages of
service catalogue management the service lifecycle. See also design.
(ITIL Service Design) The process responsible for
providing and maintaining the service catalogue service design package (SDP)
and for ensuring that it is available to those who (ITIL Service Design) Document(s) defining all
are authorized to access it. aspects of an IT service and its requirements
through each stage of its lifecycle. A service design
package is produced for each new IT service, major
change or IT service retirement.

service desk service level management (SLM)

(ITIL Service Operation) The single point of contact (ITIL Service Design) The process responsible for
between the service provider and the users. A negotiating achievable service level agreements
typical service desk manages incidents and service and ensuring that these are met. It is responsible
requests, and also handles communication with the for ensuring that all IT service management
users. processes, operational level agreements and
underpinning contracts are appropriate for
service failure analysis (SFA) the agreed service level targets. Service level
(ITIL Service Design) A technique that identifies management monitors and reports on service
underlying causes of one or more IT service levels, holds regular service reviews with customers,
interruptions. Service failure analysis identifies and identifies required improvements.
opportunities to improve the IT service
providers processes and tools, and not just the IT service level package (SLP)
infrastructure. It is a time-constrained, project-like See service option.
activity, rather than an ongoing process of analysis.
service level requirement (SLR)
service improvement plan (SIP) (ITIL Continual Service Improvement) (ITIL Service
(ITIL Continual Service Improvement) A formal Design) A customer requirement for an aspect of
plan to implement improvements to a process or IT an IT service. Service level requirements are based
service. on business objectives and used to negotiate
agreed service level targets.
service knowledge management system
(SKMS) service level target
(ITIL Service Transition) A set of tools and databases (ITIL Continual Service Improvement) (ITIL Service
that is used to manage knowledge, information Design) A commitment that is documented in
and data. The service knowledge management a service level agreement. Service level targets
system includes the configuration management are based on service level requirements, and are
system, as well as other databases and information needed to ensure that the IT service is able to meet
systems. The service knowledge management business objectives. They should be SMART, and are
system includes tools for collecting, storing, usually based on key performance indicators.
managing, updating, analysing and presenting
all the knowledge, information and data that service lifecycle
an IT service provider will need to manage the An approach to IT service management that
full lifecycle of IT services. See also knowledge emphasizes the importance of coordination and
management. control across the various functions, processes and
systems necessary to manage the full lifecycle of
service level IT services. The service lifecycle approach considers
Measured and reported achievement against one the strategy, design, transition, operation and
or more service level targets. The term is sometimes continual improvement of IT services. Also known
used informally to mean service level target. as service management lifecycle.
service level agreement (SLA) service management

(ITIL Continual Service Improvement) (ITIL Service A set of specialized organizational capabilities
Design) An agreement between an IT service for providing value to customers in the form of
provider and a customer. A service level agreement services.
describes the IT service, documents service level
targets, and specifies the responsibilities of the service management lifecycle
IT service provider and the customer. A single See service lifecycle.
agreement may cover multiple IT services or
multiple customers. See also operational level
agreement.

service manager service package

A generic term for any manager within the service (ITIL Service Strategy) Two or more services that
provider. Most commonly used to refer to a have been combined to offer a solution to a
business relationship manager, a process manager specific type of customer need or to underpin
or a senior manager with responsibility for IT specific business outcomes. A service package can
services overall. consist of a combination of core services, enabling
services and enhancing services. A service package
service model provides a specific level of utility and warranty.
(ITIL Service Strategy) A model that shows how Customers may be offered a choice of utility and
service assets interact with customer assets warranty through one or more service options. See
to create value. Service models describe the also IT service.
structure of a service (how the configuration
items fit together) and the dynamics of the service service pipeline
(activities, flow of resources and interactions). (ITIL Service Strategy) A database or structured
A service model can be used as a template or document listing all IT services that are under
blueprint for multiple services. consideration or development, but are not yet
available to customers. The service pipeline
service operation provides a business view of possible future IT
(ITIL Service Operation) A stage in the lifecycle services and is part of the service portfolio that is
of a service. Service operation coordinates and not normally published to customers.
carries out the activities and processes required
to deliver and manage services at agreed levels to service portfolio
business users and customers. Service operation (ITIL Service Strategy) The complete set of services
also manages the technology that is used to deliver that is managed by a service provider. The service
and support services. Service operation includes portfolio is used to manage the entire lifecycle of
the following processes: event management, all services, and includes three categories: service
incident management, request fulfilment, problem pipeline (proposed or in development), service
management, and access management. Service catalogue (live or available for deployment), and
operation also includes the following functions: retired services. See also customer agreement
service desk, technical management, IT operations portfolio; service portfolio management.
management, and application management.
Although these processes and functions are service portfolio management (SPM)
associated with service operation, most processes (ITIL Service Strategy) The process responsible for
and functions have activities that take place across managing the service portfolio. Service portfolio
multiple stages of the service lifecycle. See also management ensures that the service provider has
operation. the right mix of services to meet required business
outcomes at an appropriate level of investment.
service option Service portfolio management considers services in
(ITIL Service Design) (ITIL Service Strategy) A choice terms of the business value that they provide.
of utility and warranty offered to customers by a
core service or service package. Service options are service provider
sometimes referred to as service level packages. (ITIL Service Strategy) An organization supplying
services to one or more internal customers or
service owner external customers. Service provider is often used
(ITIL Service Strategy) A role responsible for as an abbreviation for IT service provider. See also
managing one or more services throughout their Type I service provider; Type II service provider;
entire lifecycle. Service owners are instrumental Type III service provider.
in the development of service strategy and are
responsible for the content of the service portfolio.
See also business relationship management.

service reporting service transition

(ITIL Continual Service Improvement) Activities that (ITIL Service Transition) A stage in the lifecycle
produce and deliver reports of achievement and of a service. Service transition ensures that
trends against service levels. The format, content new, modified or retired services meet the
and frequency of reports should be agreed with expectations of the business as documented in the
customers. service strategy and service design stages of the
lifecycle. Service transition includes the following
service request processes: transition planning and support, change
(ITIL Service Operation) A formal request from a management, service asset and configuration
user for something to be provided for example, management, release and deployment
a request for information or advice; to reset a management, service validation and testing,
password; or to install a workstation for a new change evaluation, and knowledge management.
user. Service requests are managed by the request Although these processes are associated with
fulfilment process, usually in conjunction with the service transition, most processes have activities
service desk. Service requests may be linked to a that take place across multiple stages of the service
request for change as part of fulfilling the request. lifecycle. See also transition.
service sourcing service validation and testing

(ITIL Service Strategy) The strategy and approach (ITIL Service Transition) The process responsible
for deciding whether to provide a service internally, for validation and testing of a new or changed IT
to outsource it to an external service provider, or service. Service validation and testing ensures that
to combine the two approaches. Service sourcing the IT service matches its design specification and
also means the execution of this strategy. See also will meet the needs of the business.
insourcing; internal service provider; outsourcing.
serviceability
service strategy (ITIL Continual Service Improvement) (ITIL Service
(ITIL Service Strategy) A stage in the lifecycle of a Design) The ability of a third-party supplier to meet
service. Service strategy defines the perspective, the terms of its contract. This contract will include
position, plans and patterns that a service provider agreed levels of reliability, maintainability and
needs to execute to meet an organizations availability for a configuration item.
business outcomes. Service strategy includes the
following processes: strategy management for IT seven-step improvement process
services, service portfolio management, financial (ITIL Continual Service Improvement) The process
management for IT services, demand management, responsible for defining and managing the
and business relationship management. Although steps needed to identify, define, gather, process,
these processes are associated with service strategy, analyse, present and implement improvements.
most processes have activities that take place across The performance of the IT service provider
multiple stages of the service lifecycle. is continually measured by this process and
improvements are made to processes, IT services
and IT infrastructure in order to increase efficiency,
effectiveness and cost effectiveness. Opportunities
for improvement are recorded and managed in the
CSI register.
shift
(ITIL Service Operation) A group or team of people
who carry out a specific role for a fixed period of
time. For example, there could be four shifts of
IT operations control personnel to support an IT
service that is used 24 hours a day.

simulation modelling software asset management (SAM)

(ITIL Continual Service Improvement) (ITIL Service (ITIL Service Transition) The process responsible for
Design) A technique that creates a detailed tracking and reporting the use and ownership of
model to predict the behaviour of an IT service or software assets throughout their lifecycle. Software
other configuration item. A simulation model is asset management is part of an overall service
often created by using the actual configuration asset and configuration management process. This
items that are being modelled with artificial process is not described in detail within the core
workloads or transactions. They are used in ITIL publications.
capacity management when accurate results are
important. A simulation model is sometimes called source
a performance benchmark. See also analytical See service sourcing.
modelling; modelling.
specification
single point of contact
A formal definition of requirements. A
(ITIL Service Operation) Providing a single specification may be used to define technical or
consistent way to communicate with an operational requirements, and may be internal or
organization or business unit. For example, a single external. Many public standards consist of a code
point of contact for an IT service provider is usually of practice and a specification. The specification
called a service desk. defines the standard against which an organization
can be audited.
single point of failure (SPOF)
(ITIL Service Design) Any configuration item that stakeholder
can cause an incident when it fails, and for which A person who has an interest in an organization,
a countermeasure has not been implemented. A project, IT service etc. Stakeholders may be
single point of failure may be a person or a step in interested in the activities, targets, resources or
a process or activity, as well as a component of the deliverables. Stakeholders may include customers,
IT infrastructure. See also failure. partners, employees, shareholders, owners etc. See
also RACI.
SLAM chart
(ITIL Continual Service Improvement) A service standard
level agreement monitoring chart is used to help A mandatory requirement. Examples include ISO/
monitor and report achievements against service IEC 20000 (an international standard), an internal
level targets. A SLAM chart is typically colour-coded security standard for Unix configuration, or a
to show whether each agreed service level target government standard for how financial records
has been met, missed or nearly missed during each should be maintained. The term is also used
of the previous 12 months. to refer to a code of practice or specification
published by a standards organization such as ISO
SMART or BSI. See also guideline.
Design) An acronym for helping to remember that standard change
targets in service level agreements and project (ITIL Service Transition) A pre-authorized change
plans should be specific, measurable, achievable, that is low risk, relatively common and follows a
relevant and time-bound. procedure or work instruction for example, a
password reset or provision of standard equipment
snapshot to a new employee. Requests for change are not
(ITIL Continual Service Improvement) (ITIL Service required to implement a standard change, and
Transition) The current state of a configuration they are logged and tracked using a different
item, process or any other set of data recorded at mechanism, such as a service request. See also
a specific point in time. Snapshots can be captured change model.
by discovery tools or by manual techniques such as
an assessment. See also baseline; benchmark.

standby strategy management for IT services

(ITIL Service Design) Used to refer to resources (ITIL Service Strategy) The process responsible
that are not required to deliver the live IT services, for defining and maintaining an organizations
but are available to support IT service continuity perspective, position, plans and patterns with
plans. For example, a standby data centre may be regard to its services and the management
maintained to support hot standby, warm standby of those services. Once the strategy has been
or cold standby arrangements. defined, strategy management for IT services is
also responsible for ensuring that it achieves its
statement of requirements (SOR) intended business outcomes.
(ITIL Service Design) A document containing all
requirements for a product purchase, or a new or supplier
changed IT service. See also terms of reference. (ITIL Service Design) (ITIL Service Strategy) A third
party responsible for supplying goods or services
status that are required to deliver IT services. Examples
The name of a required field in many types of of suppliers include commodity hardware and
record. It shows the current stage in the lifecycle software vendors, network and telecom providers,
of the associated configuration item, incident, and outsourcing organizations. See also supply
problem etc. chain; underpinning contract.
storage management supplier and contract management

(ITIL Service Operation) The process responsible for information system (SCMIS)
managing the storage and maintenance of data (ITIL Service Design) A set of tools, data and
throughout its lifecycle. information that is used to support supplier
management. See also service knowledge
strategic management system.
(ITIL Service Strategy) The highest of three levels
of planning and delivery (strategic, tactical, supplier management
operational). Strategic activities include objective (ITIL Service Design) The process responsible for
setting and long-term planning to achieve the obtaining value for money from suppliers, ensuring
overall vision. that all contracts and agreements with suppliers
support the needs of the business, and that all
strategic asset suppliers meet their contractual commitments.
(ITIL Service Strategy) Any asset that provides the See also supplier and contract management
basis for core competence, distinctive performance information system.
or sustainable competitive advantage, or which
allows a business unit to participate in business supply chain
opportunities. Part of service strategy is to identify (ITIL Service Strategy) The activities in a value chain
how IT can be viewed as a strategic asset rather carried out by suppliers. A supply chain typically
than an internal administrative function. involves multiple suppliers, each adding value to
the product or service. See also value network.
strategy
(ITIL Service Strategy) A strategic plan designed to support group
achieve defined objectives. (ITIL Service Operation) A group of people
with technical skills. Support groups provide
the technical support needed by all of the IT
service management processes. See also technical
management.

supporting service technical observation (TO)

(ITIL Service Design) An IT service that is not directly (ITIL Continual Service Improvement) (ITIL
used by the business, but is required by the IT Service Operation) A technique used in service
service provider to deliver customer-facing services improvement, problem investigation and
(for example, a directory service or a backup availability management. Technical support staff
service). Supporting services may also include IT meet to monitor the behaviour and performance
services only used by the IT service provider. All live of an IT service and make recommendations for
supporting services, including those available for improvement.
deployment, are recorded in the service catalogue
along with information about their relationships to technical support
customer-facing services and other CIs. See technical management.
SWOT analysis tension metrics

(ITIL Continual Service Improvement) A technique (ITIL Continual Service Improvement) A set of
that reviews and analyses the internal strengths related metrics, in which improvements to one
and weaknesses of an organization and the metric have a negative effect on another. Tension
external opportunities and threats that it metrics are designed to ensure that an appropriate
faces. SWOT stands for strengths, weaknesses, balance is achieved.
opportunities and threats.
terms of reference (TOR)
system
(ITIL Service Design) A document specifying the
A number of related things that work together to requirements, scope, deliverables, resources and
achieve an overall objective. For example: schedule for a project or activity.
n A computer system including hardware,
software and applications test
n A management system, including the (ITIL Service Transition) An activity that verifies that
framework of policy, processes, functions, a configuration item, IT service, process etc. meets
standards, guidelines and tools that are planned its specification or agreed requirements. See also
and managed together for example, a quality acceptance; service validation and testing.
management system
n A database management system or operating third party
system that includes many software modules A person, organization or other entity that is not
which are designed to perform a set of related part of the service providers own organization
functions. and is not a customer for example, a software
supplier or a hardware maintenance company.
tactical Requirements for third parties are typically
The middle of three levels of planning and delivery specified in contracts that underpin service level
(strategic, tactical, operational). Tactical activities agreements. See also underpinning contract.
include the medium-term plans required to achieve
specific objectives, typically over a period of weeks threat
to months. A threat is anything that might exploit a
vulnerability. Any potential cause of an incident
technical management can be considered a threat. For example, a fire
(ITIL Service Operation) The function responsible is a threat that could exploit the vulnerability of
for providing technical skills in support of IT flammable floor coverings. This term is commonly
services and management of the IT infrastructure. used in information security management and IT
Technical management defines the roles of service continuity management, but also applies
support groups, as well as the tools, processes and to other areas such as problem and availability
procedures required. management.

threshold transition planning and support

The value of a metric that should cause an alert to (ITIL Service Transition) The process responsible
be generated or management action to be taken. for planning all service transition processes and
For example, Priority 1 incident not solved within coordinating the resources that they require.
four hours, More than five soft disk errors in an
hour, or More than 10 failed changes in a month. trend analysis
(ITIL Continual Service Improvement) Analysis
throughput of data to identify time-related patterns. Trend
(ITIL Service Design) A measure of the number of analysis is used in problem management to identify
transactions or other operations performed in a common failures or fragile configuration items,
fixed time for example, 5,000 e-mails sent per and in capacity management as a modelling tool
hour, or 200 disk I/Os per second. to predict future behaviour. It is also used as a
management tool for identifying deficiencies in IT
total cost of ownership (TCO) service management processes.
(ITIL Service Strategy) A methodology used to help
make investment decisions. It assesses the full tuning
lifecycle cost of owning a configuration item, not The activity responsible for planning changes to
just the initial cost or purchase price. See also total make the most efficient use of resources. Tuning is
cost of utilization. most commonly used in the context of IT services
and components. Tuning is part of capacity
total cost of utilization (TCU) management, which also includes performance
(ITIL Service Strategy) A methodology used to help monitoring and implementation of the required
make investment and service sourcing decisions. changes. Tuning is also called optimization,
Total cost of utilization assesses the full lifecycle particularly in the context of processes and other
cost to the customer of using an IT service. See also non-technical resources.
total cost of ownership.
Type I service provider
total quality management (TQM) (ITIL Service Strategy) An internal service provider
(ITIL Continual Service Improvement) A that is embedded within a business unit. There
methodology for managing continual may be several Type I service providers within an
improvement by using a quality management organization.
system. Total quality management establishes a
culture involving all people in the organization in a Type II service provider
process of continual monitoring and improvement. (ITIL Service Strategy) An internal service provider
that provides shared IT services to more than one
transaction business unit. Type II service providers are also
A discrete function performed by an IT service known as shared service units.
for example, transferring money from one
bank account to another. A single transaction Type III service provider
may involve numerous additions, deletions and (ITIL Service Strategy) A service provider that
modifications of data. Either all of these are provides IT services to external customers.
completed successfully or none of them is carried
out. underpinning contract (UC)
(ITIL Service Design) A contract between an IT
transition service provider and a third party. The third party
(ITIL Service Transition) A change in state, provides goods or services that support delivery
corresponding to a movement of an IT service or of an IT service to a customer. The underpinning
other configuration item from one lifecycle status contract defines targets and responsibilities that
to the next. are required to meet agreed service level targets in
one or more service level agreements.

unit cost value chain

(ITIL Service Strategy) The cost to the IT service (ITIL Service Strategy) A sequence of processes
provider of providing a single component of an IT that creates a product or service that is of value to
service. For example, the cost of a single desktop a customer. Each step of the sequence builds on
PC, or of a single transaction. the previous steps and contributes to the overall
product or service. See also value network.
urgency
(ITIL Service Design) (ITIL Service Transition) A value for money
measure of how long it will be until an incident, An informal measure of cost effectiveness. Value
problem or change has a significant impact on the for money is often based on a comparison with the
business. For example, a high-impact incident may cost of alternatives. See also cost benefit analysis.
have low urgency if the impact will not affect the
business until the end of the financial year. Impact value network
and urgency are used to assign priority. (ITIL Service Strategy) A complex set of
relationships between two or more groups
usability or organizations. Value is generated through
(ITIL Service Design) The ease with which an exchange of knowledge, information, goods or
application, product or IT service can be used. services. See also partnership; value chain.
Usability requirements are often included in a
statement of requirements. value on investment (VOI)
(ITIL Continual Service Improvement) A
user measurement of the expected benefit of an
A person who uses the IT service on a day-to-day investment. Value on investment considers both
basis. Users are distinct from customers, as some financial and intangible benefits. See also return
customers do not use the IT service directly. on investment.
user profile (UP) variance

(ITIL Service Strategy) A pattern of user demand for The difference between a planned value and the
IT services. Each user profile includes one or more actual measured value. Commonly used in financial
patterns of business activity. management, capacity management and service
level management, but could apply in any area
utility where plans are in place.
(ITIL Service Strategy) The functionality offered
by a product or service to meet a particular need. verification
Utility can be summarized as what the service (ITIL Service Transition) An activity that ensures
does, and can be used to determine whether a that a new or changed IT service, process, plan or
service is able to meet its required outcomes, or other deliverable is complete, accurate, reliable
is fit for purpose. The business value of an IT and matches its design specification. See also
service is created by the combination of utility and acceptance; validation; service validation and
warranty. See also service validation and testing. testing.
validation version
(ITIL Service Transition) An activity that ensures a (ITIL Service Transition) A version is used to identify
new or changed IT service, process, plan or other a specific baseline of a configuration item. Versions
deliverable meets the needs of the business. typically use a naming convention that enables the
Validation ensures that business requirements sequence or date of each baseline to be identified.
are met even though these may have changed For example, payroll application version 3 contains
since the original design. See also acceptance; updated functionality from version 2.
qualification; service validation and testing;
verification.

vision work instruction

A description of what the organization intends to A document containing detailed instructions that
become in the future. A vision is created by senior specify exactly what steps to follow to carry out
management and is used to help influence culture an activity. A work instruction contains much more
and strategic planning. See also mission. detail than a procedure and is only created if very
detailed instructions are needed.
vital business function (VBF)
(ITIL Service Design) Part of a business process workaround
that is critical to the success of the business. Vital (ITIL Service Operation) Reducing or eliminating
business functions are an important consideration the impact of an incident or problem for which a
of business continuity management, IT service full resolution is not yet available for example,
continuity management and availability by restarting a failed configuration item.
management. Workarounds for problems are documented in
known error records. Workarounds for incidents
vulnerability that do not have associated problem records are
A weakness that could be exploited by a threat documented in the incident record.
for example, an open firewall port, a password that
is never changed, or a flammable carpet. A missing workload
control is also considered to be a vulnerability. The resources required to deliver an identifiable
part of an IT service. Workloads may be
warranty categorized by users, groups of users, or functions
(ITIL Service Strategy) Assurance that a product within the IT service. This is used to assist in
or service will meet agreed requirements. This analysing and managing the capacity, performance
may be a formal agreement such as a service level and utilization of configuration items and IT
agreement or contract, or it may be a marketing services. The term is sometimes used as a synonym
message or brand image. Warranty refers to the for throughput.
ability of a service to be available when needed,
to provide the required capacity, and to provide
the required reliability in terms of continuity and
security. Warranty can be summarized as how the
service is delivered, and can be used to determine
whether a service is fit for use. The business value
of an IT service is created by the combination of
utility and warranty. See also service validation and
testing.

Index
CSI_Index.indd 1 09/07/2011 10:23

CSI_Index.indd 2 09/07/2011 10:23
| 241
Index
Page numbers in italic refer to figures and tables. capabilities 20, 21

Capability Maturity Model Integration (CMMI) 75,
analytical modelling 119 84, 180
application management 23 capacity management 668, 115, 11819, 120, 131
application monitoring 14950 Carnegie Mellon University 180
approach categories
assessment, pros and cons 76 benchmarking 81
benchmarking 845 of evaluation of CSI initiatives 74
CSI 356, 35 KPI 90
functional group 156 challenges when implementing CSI 70, 1556, 157,
lifecycle 1556 1678
Management of Risk (M_o_R) 18990 change
service 155 investigation of 146
assessments 746 organizational, and CSI 36, 15762, 158, 17980
advantages and risks of 768 process changes 156
gap analysis 79 change management 69, 1201, 131
processes, services and systems relationship 77 coalitions, forming guiding 159
pros and cons of assessment processes 76 COBIT 75, 91, 1767
value of processes versus maturity of processes communication
78, 79 plans, defining 1623, 163
assets 20 strategy 162
automated incident/problem resolution 148 transformation 1634
availability management 668, 11215, 131 of vision 159
availability reporting 86 competencies see skills
component capacity management 11518, 117
balanced scorecard see scorecards component failure impact analysis (CFIA) 112
baseline models 119 concepts
behaviours of knowledge management 1212
customer 118 of M_o_R framework 18990, 190
employee 1612 of organizational culture 23, 1612
organizational 23 of service management 205
benchmarking 7985 of seven-step improvement process 49
benefits configuration data 146
of benchmarking 81 continual service improvement see CSI
measuring achieved 11011 Control OBjectives for Information and related
of trend analysis 60 Technology see COBIT
Best Management Practice (BMP) publications 8, 9, core services 14
175 cost(s)
business capacity growth model 117 benchmarking 80
business capacity management 115, 116, 117 and effort 73
business cases 10810 management 1501
business continuity management (BCM) 11920, 123 of ownership (total) 84
business drivers 156 and return on investment 106, 108
business impact 52 Covey, Stephen 61
business intelligence 152 CSFs (critical success factors) 6970, 912, 167
business relationship managers 30, 130, 136, 1378 CSI (continual service improvement)
business reporting 152 challenges, risks and success factors 1678
CSI_Index.indd 3 09/07/2011 10:23

242 | Index
CSI (continual service improvement) continued fault tree analysis 11213

implementation of 70, 734, 15564, 1678 financial management for IT services 67, 131,
methods and techniques 73125 1501
and organizational change 36, 15762, 158, frameworks 42, 44
17980 designing a service measurement 867
organizing for 12941 eSCM 180
overview 35 ITIL 3
principles 3544 Management of Risk (M_o_R) 18990, 190
processes 4770 public 1920
register 367, 185 Risk IT process 1923, 193
and the service lifecycle 31 functional groups 48, 156
tools to support activities 14552 functions 223, 129
CSI manager role 1323, 1378
customer behaviour 118 gap analysis 79
customer engagement 138, 139 goals
customer-facing services 24 deriving measurements and metrics from 99
customer satisfaction surveys 52 high-level and KPIs 91
customers and metrics 935, 177
and assets 20 governance 25, 156
and benchmarking 82 enterprise 42
and information 61 of IT 42, 176
and services 1318 of risk 193
groups 22
data see also functional groups
analysis 40, 5860, 678, 83, 135, 136
configuration 146 implementation of CSI
data-poor environment 10910 communication strategy and plan 1634
defining 41 considerations and challenges 70, 1556, 157,
gathering 39, 535, 55, 657, 83, 134, 135 1678
layers 245, 26, 147 cost and effort 73
management, example of poor data 56 governance 156
processing 39, 558, 57, 657, 83, 135 and organizational change 15762
Data-to-Information-to-Knowledge-to-Wisdom review and evaluation 734
(DIKW) 38, 47 starting approaches 1556
Deming Cycle 38, 1756 incident management 67, 68, 69, 131
see also Plan-Do-Check-Act (PDCA) cycle industry norms, comparison with 74, 834
Deming, W. Edwards 38 information analysis 5860, 678
departmental requirements 116 information management 69
departments and divisions 22 information presentation and use 602, 62, 689
drivers information security management 67, 68, 131, 150
business 156 inputs
external and internal 37 across service lifecycle 1978
first- to fourth-order 64 and CSI roles 164
effort and cost 73 definition 21
employee behaviour 1612 to identify improvement strategy 50
enabling and enhancing services 14 by lifecycle stage 43
environmental management 1778 to measurement 52
eSCM framework 180 to monitoring process 645
evaluation 734 interfaces 65
event management 67, 148 internal service providers 82, 85, 98
expanded incident lifecycle 11315, 114 interpretation of metrics 957
external service providers 82, 85, 98
CSI_Index.indd 4 09/07/2011 10:23

Index | 243
ISO 31000 1901, 191 lifecycle approach 1556

see also risk management
ISO/IEC 20000 3, 27, 44, 177 Management of Risk (M_o_R) 18990, 190
see also IT service management see also risk management
ISO/IEC 27001 1912 management systems 257
see also information security management market performance 52
ISO standards 1778 maturity assessments 74, 84
IT measurement and metrics
balanced scorecard 104 balanced scorecard 1035
financial management for 67, 131, 1501 creating scorecards and reports 98100
governance 42, 176 CSFs and KPIs 913
green 1778 defining what to measure 503
managers 98 framework for effort and cost 73
operations management 22 and goals 935, 99
publications 178 interpreting metrics 957
Risk IT 1923, 193 measuring benefits 11011
IT service continuity management (ITSCM) 11920, organizational metrics 95
131 service quality metrics examples 94
IT service definition 13 SWOT analysis 1056
IT service management (ITSM) 16, 1468 target setting 100, 103
ITIL tension metrics 93
guidance and web services 175 types of metrics 91
introduction to framework 3 usage of 978
and the OSI framework 1789 from vision to measurement 50, 92
qualification scheme 141 see also service measurement
reasons for success 89 measurement-based management 1045
relationship with other BMP guides 8, 9 modelling 11819
service lifecycle 3 models 42, 44
ITIL publications 6, 28, 83, 175 baseline 119
ITIL Continual Service Improvement 35, 7, 10, business capacity growth 117
29, 140 CMMI (Capability Maturity Model Integration)
ITIL Service Design 67, 29, 38, 53, 65, 85, 112, 75, 84, 180
118, 132, 139, 178 process 21
ITIL Service Operation 7, 223, 29, 118, 120, 129, responsibility (RACI) 1389, 140
178 service management 90
ITIL Service Strategy 6, 13, 17, 22, 24, 25, 29, 42, service measurement 88
118, 129, 132, 145, 176 monitoring
ITIL Service Transition 7, 29, 38, 121, 122, 179 of application and service performance 14950
of CSI 536
key performance indicators see KPIs detection of incident 114
knowledge management procedures 55
concepts 1212 reasons for 39
as CSI support tool 38, 121, 1489
and IT decisions 38 objectives
and the SKMS 245 of CSI 4
KPIs (key performance indicators) deriving measurements and metrics from 99
and high-level goals 91 of seven-step improvement process 47
number of 912 organizational behaviour 23
qualitative and quantitative 92 organizational capabilities 15
samples of, for different processes 102 organizational change 36, 15762, 158, 17980
suitability for purpose 93 organizational culture 23, 1612
of value of service management processes 90 organizational metrics 95
CSI_Index.indd 5 09/07/2011 10:23

244 | Index
organizing for CSI CSI see seven-step improvement process

competence and training 13941 service management 202
customer engagement 138, 139 programme management 179
functions 129 project management 150, 179
organizational development 129 proprietary knowledge 19
responsibility model (RACI) 1389, 140 public frameworks and standards 1920
roles 12938
organizing for service management quality 54, 90
competence and skills 13940 quality management systems 1756
functions 223 quality metrics 94
organizational culture and behaviour 23, 1612 quality systems 42, 44
roles 23
OSI (Open Systems Interconnection) framework registers
1789 CSI 367, 185
outages 62, 1001 risk 125
outputs release and deployment management 1201, 131
across service lifecycle 1978 releases 1467
definition 21 reporting
by lifecycle stage 43 availability 86
to monitoring process 645 business 152
levels of 878
performance 54, 90 service 11112
performance indicators see KPIs reporting analysts 133
performance management 149 reports
performance monitoring 14950 creation of 98100
Plan-Do-Check-Act (PDCA) cycle 267, 27, 38, 47, examples of 100, 101
78, 1756 requesting services 149
policy requests for change (RFCs) 69, 89
reporting 111 resources 20, 21
seven-step improvement process 48 responsibility model (RACI) 1389, 140
template example 49 retired services 24
portfolio management 150 return on investment (ROI)
post-implementation review (PIR) 121 business cases in a data-poor environment 10910
presentation layer 24, 147 creating 106, 108
PRINCE2 (PRojects IN Controlled Environments, V2) establishing the business case 1089
8, 9, 179 and expectations 109
principles measuring benefits achieved 11011
of CSI 3544 risk management 1223, 176
of Management of Risk (M_o_R) 18990 business perspective on 1234
of seven-step improvement process 489 definition of 189
problem management 68, 69, 120, 131 ISO 31000 1901, 191
process assessments 84, 178 ISO/IEC 27001 1912
process changes 156, 157 Management of Risk (M_o_R) 18990, 190
process compliance 54 profiles and responsibilities 1245
process maturity comparison 84 reasons for 124
process metrics 53, 91 relation to safety, security and business
process re-engineering 157 continuity 123
process roles Risk IT 1923, 193
process managers 133 risk register 125
process owners 80, 130, 1312, 133 roles 23, 12938
process practitioners 132
processes
CSI_Index.indd 6 09/07/2011 10:23

Index | 245
Sarbanes-Oxley 109 levels of 878

scorecards model 88
balanced 1035, 180 reasons for measuring 39
creation of 989 seven-step improvement process 3942, 40, 41
IT balanced 104 see also measurement and metrics
service desk example 105 service metrics 53, 91
service approach 155 service owners 1301
service capacity management 115, 116 service performance monitoring 14950
service catalogue 24, 149 service pipeline 24
service desk 22, 67, 68, 69 service portfolio 234, 25
measurement 967, 1045 service providers 82, 85, 98
service failure analysis (SFA) 113 service quality metrics 94
service level agreements (SLAs) 16 service reporting
service level management (SLM) 378, 131 content 11112
as CSI support tool 1478 policy and rules 111
and information 656, 67, 68, 69 services 1315
service levels 52 customer-facing 24
achievement chart 62 requesting 149
service lifecycle 278 types of 14
and continual service improvement 31 utility and warranty of 1718
integration across 30 Seven Habits of Highly Effective People 61
ITIL 3 seven-step improvement process 3942, 40
processes through 2831, 29 challenges and risks 70
specialization and coordination across 28 concepts 49
service management 1516 CSFs and KPIs 6970
assets, capabilities and resources 20, 21 data and information analysis 5860, 678
best practices 1820, 19 data gathering 535, 55, 657
competence and skills for 13941 data processing 558, 57, 657
functions and roles 223 defining what to measure 503
governance 25 identifying strategy for improvement 4950, 50
ISO/IEC 20000 series 3, 27, 44, 177 implementing improvement 624, 64, 69
IT service management (ITSM) 16, 1468 information management 69
knowledge management and the SKMS 245, 26 information presentation and use 602, 62, 689
management systems 257 policies 48, 49
model 90 principles 489
organizational culture and behaviour 23 purpose and objectives 47
Plan-Do-Check-Act cycle 27 scope 478
process measurement 8990, 90 triggers, inputs, outputs and interfaces 645
processes 202, 11225 value to business 48
roles and customer engagement 139 SFIA (skills framework for the information age)
service lifecycle 2731 140, 180
service portfolio 234, 25 Shewhart Cycle see Plan-Do-Check-Act (PDCA) cycle
service providers 1617 simulation modelling 119
services 1315 Six Sigma 1801
stakeholders 17 skills
versus technology domain 89 benchmarking 80
utility and warranty 1718 and competence framework 140
service managers 130 for CSI 134, 1356, 138
service measurement 856 framework for the information age 140, 180
baselines 389 for service management 13940
creating a measurement framework grid 90, 91 SKMS (service knowledge management system)
design and development of 867 245, 26, 123, 147
CSI_Index.indd 7 09/07/2011 10:23

246 | Index
software configuration management 150 urgency, creating a sense of 157

software test management 150 usage
software version control 150 of information 602, 62, 689
standards 1920, 267, 42, 44, 1778 of ITIL Continual Service Improvement 5
statistical analysis tools 150 of measurement and metrics 958
strategic business units (SBUs) 104 users see customers
supplier performance 52 utility of services 1718
suppliers 17, 61
supporting services 24 value
SWOT analysis 1056, 107 of benchmarking 81
systems and network management 148 of CSI to business 5
Management of Value (MoV) 8
target setting 100, 103 of process versus maturity of process 78, 79
teams 22 of service 1718, 18
technical management 22, 30 of seven-step improvement process 48
technical observation (TO) 113 vision 50, 92, 15960, 163
technology 145 volume 54
application of architectural layers of CMS 147
service-centric view of the IT enterprise 151 warranty of services 1718
versus service management 89 wins, planning for and creating 160
tools to support CSI activities 14652 wisdom 41
technology metrics 53, 91 workflow 149
tension metrics 93 workload management 118
time cost 80
total cost of ownership (TCO) 84
total quality management (TQM) 175
training 141
training cost 73
trend analysis 5860, 957, 118
triggers 645
CSI_Index.indd 8 09/07/2011 10:23

Over time business requirements will change, so even with
successful service operations in place, there is still a need
to re-align service provision with these changing business
needs. What was good enough last year is unlikely to meet
requirements next year; therefore improvement opportunities
need to be constantly assessed and implemented. This
continual cycle of service improvement will help protect against
losing competitive edge and will ensure that the best possible
outcomes are being achieved.
ITIL Continual Service Improvement focuses on the elements

involved in identifying and introducing a cycle of service
management improvements. It provides structure for the
approach to assessing and measuring services, and helps you
to avoid temporary fixes in favour of a continual improvement

in quality that truly benefits the business customer.
ISBN 978-0-11-331308-2
ANAGE
TM
ME
BES
2011 edition
NT PRAC
T
9 780113 313082 www.best-management-practice.com
UC
TIC
E PROD
7188 ITIL CSI AN Cover V1_3.indd 1-3 11/07/2011 11:54

ITIL Continual Service Improvement PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

ITIL Continual Service Improvement PDF

Загружено:

Авторское право:

Доступные форматы

Over time business requirements will change, so even with

successful service operations in place, there is still a need

ITIL Continual Service Improvement focuses on the elements

ITIL Continual Service Improvement

ITIL Continual Service Improvement

7188 ITIL CSI AN Cover V1_3.indd 1-3 11/07/2011 11:54

CSI_Prelims.indd 1 09/07/2011 09:46

Mail, Telephone, Fax & E-mail

TSO@Blackwell and other Accredited Agents

Customers can also order publications from:

Crown Copyright 2011

Applications to reuse, reproduce or republish material in this publication should be sent to

The Swirl logo is a trade mark of the Cabinet Office

First edition Crown Copyright 2007

First published 2011

Printed in the United Kingdom for The Stationery Office

P002425506 c70 07/11

CSI_Prelims.indd 2 09/07/2011 09:46

List of figures v 3.11 Frameworks, models, standards

1 Introduction 1 5 Continual service improvement

2.3 Governance and management 5.9 Summary 125

3.7 Knowledge management 38 7.2 Summary 152

3.8 The Deming Cycle 38

CSI_Prelims.indd 3 09/07/2011 09:46

8 Implementing continual service Appendix B: Example of a continual

Appendix A: Related guidance 173

CSI_Prelims.indd 4 09/07/2011 09:46

CSI_Prelims.indd 5 09/07/2011 09:46

Figure 6.2 Service management roles and

CSI_Prelims.indd 6 09/07/2011 09:46

CSI_Prelims.indd 7 09/07/2011 09:46

CSI_Prelims.indd 8 09/07/2011 09:46

Learning is not compulsory neither is survival. Contact information

CSI_Prelims.indd 9 09/07/2011 09:46

2011 EDITION For a full list of acknowledgements of the ATO

David Wheeldon Wider team

CSI_Prelims.indd 10 09/07/2011 09:46

STRATIS; Helen Sussex, Logica; J.R. Tietsort, Micron

Chief architect and authors

CSI_Prelims.indd 11 09/07/2011 09:46

The ITIL framework is based on the five stages

ITSM and other concepts from this chapter are described in

more detail in Chapter 2. Figure 1.1 The ITIL service lifecycle

CSI_Chapter_01.indd 3 09/07/2011 09:48

CSI_Chapter_01.indd 4 09/07/2011 09:48

CSI_Chapter_01.indd 5 11/07/2011 15:55

1.2 CONTEXT guidelines and processes across the ITIL service

CSI_Chapter_01.indd 6 09/07/2011 09:48

CSI_Chapter_01.indd 7 09/07/2011 09:48

1.3 ITIL IN RELATION TO OTHER possible. It will help organizations to put in

CSI_Chapter_01.indd 8 09/07/2011 09:48

Management Management Portfolio,

ITIL is successful because it describes practices that

CSI_Chapter_01.indd 9 09/07/2011 09:48

1.5 CHAPTER SUMMARY n Chapter 7 Technology considerations

CSI_Chapter_01.indd 10 09/07/2011 09:48

2 Service management as a practice

CSI_Chapter_02.indd 3 09/07/2011 09:53

I must ask, do you I believe services are a means of delivering value by

What would that mean

Yes, and also because the customer

And also because the provider can

Figure 2.1 Conversation about the definition and meaning of services