Last month I started a series of preparation notes as I study for my IT Infrastructure Library (ITIL®) Foundation certification:
This post continues by looking at the topic of the second stage in the ITIL service lifecycle: service design.
“To design IT services, together with the governing IT practices, processes and policies to realise the service provider’s strategy and to facilitate the introduction of these services into supported environments, ensuring quality service delivery, customer satisfaction, and cost-effective service provision”
Service design’s value to the business is:
- Reduction in total cost of ownership.
- Improvement of quality of service, consistency, implementation of new or ongoing services.
- Business/organisation strategic alignment.
- Improvement in IT governance.
- Streamlined IT processes.
- Efficient decision-making and ITSM.
It translates the concepts in the service strategy into hard and fast design.
There are four perspectives of ITSM:
- People – need input from stakeholders, end users, others.
- Products – services (not always physical products).
- Processes – to create the service design package.
- Partners – to work with in delivery (e.g. suppliers).
The output from service design is one or more service design packages (SDPs) containing:
- Service design.
- Organisational readiness assessment.
- Service lifecycle plan.
There are five aspects of service design:
- Service solutions – for new or changed services – from the service portfolio.
- Management information solutions – able to support new or changed services.
- Technical architectures – frameworks used to make sure service solutions are designed, implemented and consistent across the entire organisation.
- Processes – skills, processes, responsibilities to roll out new or changed services.
- Measurement methods and metrics.
ITIL defines the following Service Design processes, which are expanded upon in the rest of this post:
- Supplier management.
- Service level management.
- Service catalogue management.
- Availability management.
- Capacity management.
- Information security management.
- Design coordination.
- IT Service continuity management.
“Ensures that suppliers and the services they provide are managed to support IT service targets and business expectations. Also, it obtains value for money from suppliers and contracts, while ensuring contracts with suppliers are aligned to business needs.”
- Supplier – any third party supplying goods or services required to deliver services.
- Supplier and Contract Management Information System (SCMIS) – tools used to support supplier management, integrated with the Service Knowledge Management System (SKMS).
- Underpinning Contract – contracts with third parties for supply.
- Basic terms and conditions.
- Service description and scope – constraints etc.
- Service standards – minimum levels that constitute acceptable performance and quality.
- Workload ranges – which standards for what pricing.
- Management information – data to be reported by supplier on performance – critical success factors and/or key performance indicators.
- Responsibilities and dependencies – obligations of third party supplier and organization.
Supplier categorisation is used to assess how much time to spend on each supplier – either value/performance-based or risk/impact-based:
- Strategic – significant partners in immediate and long term.
- Tactical – business interaction and a lot of contact; manage performance.
- Operational – needed for day-to-day work (e.g. software licence provider).
- Commodity – low-level products that could be bought from many locations.
Supplier management activities deal with underpinning contracts (UCs):
- Define any new suppliers (e.g. to meet new needs).
- Evaluate new suppliers (make sure contract will be good).
- Place contracts into SCMIS (categorised).
- Supplier contract management (ongoing) to ensure service level criteria are being met (checking quality/cost, periodic reviews), manage relationship.
- Contract termination/renewal.
Service Level Management
Hitting the targets that supplier and customer have agreed on.
“Ensures that all current and planned IT services are delivered to agreed achievable targets. This is accomplished with a constant cycle of negotiating, agreeing, monitoring and reviewing IT Service Targets and Achievements.”
- Service Improvement Plan (SIP):
- Formal plans to help improve a process or service due to SLA breaches, training needs, weak systems, customer complaints, etc.
- Service Level Agreement (SLA):
- Based on underpinning contract and OLA (see below).
- Service-based (SLA to provide a single service).
- Customer-based (SLA for all services used by a customer – e.g. by geography).
- Multi-level (SLA for Corporate, Customer and Service levels).
- Common elements:
- Service Description.
- Mutual Responsibilities (service goes both ways – there may be requirements on the customer too).
- Scope (defining targets).
- Service Hours.
- Service Availability.
- Customer Support Information.
- Contacts and Escalation Policy.
- Costs and Charging Methods.
- Service Level Requirement (SLR):
- Based on customer business objectives.
- Service Level Agreement Monitoring (SLAM) Chart:
- Regular reporting.
- Organisation Level Agreement (OLA):
- Sometimes referred to as underpinning agreements.
- Make sure that internal suppliers (e.g. support teams) will help meet the SLA targets agreed with the customer.
Service Catalogue Management
“To provide and maintain a single source of consistent information on all operational services and those being prepared to run operationally. To ensure that it is widely available to those who are authorised to view it”
The Service Catalogue is a database or structured document with information about all live IT services, including those available for deployment. It is the only part of the service portfolio that is published to customers:
- Ordering and Requests.
- How to make the request – not the request itself!
- Business Service Catalogue:
- Customer-facing services.
- Technical Service Catalogue:
- Support services, configuration items, etc.
“To ensure that the level of availability delivered in all IT services meets the agreed availability needs and/or service level targets in a cost-effective and timely manner. This is both current and future needs of the business.”
- Provide advice and guidance to all other areas of the business and IT on availability.
- Produce an up-to-date availability plan.
- Help diagnose and resolve problems.
- Reactive activities:
- Looking back at past incidents.
- Proactive activities:
- Planning, designing, updating.
- Ability of the IT service or configuration item to perform its agreed function when required. Usually calculated as a percentage.
- Availability Management Information System (AMIS)
- Time when not available (e.g. when performing maintenance).
- = Mean Time to Restore Service (MTRS).
- Includes detection time, diagnosis time, repair time and restoration time.
- How long can perform without interruption (uptime).
- = Mean Time Between Failures (MTBF).
- Coping with interruptions/time between issues.
- = Mean Time Between System Incidents (MTBSI).
- Response Time:
- Time taken to respond to an incident.
- An event that can cause harm or loss to an objective (a threat). Conversely, opportunities are about the possibility of doing something.
- So risk is associated with the impacts of doing or not doing something (including mitigations).
- Vital Business Function:
- Any critical thing that you have to have.
- Ability of suppliers to meet terms of contracts.
“To ensure that the capacity of IT services and the IT infrastructure meets the agreed capacity and performance related requirements in a cost-effective and timely manner. It meets both the current and future capacity and performance needs of the business.”
- Produce and maintain an appropriate/up-to-date plan.
- Assist with diagnosing and resolving performance/capacity issues.
- Ensure all performance achievements meet all of their agreed targets.
- The maximum amount of delivery ability that an IT service can provide (e.g. bandwidth, storage).
- Capacity Management Information System (CMIS).
- Predicting future behaviour of a system or service item, e.g. if increase use of the service.
- Analyse using performance monitoring data.
- Customising the use of resources in appropriate quantities.
- Analyse using performance monitoring data.
- Business Capacity Management:
- Plan to meet business needs and requirements.
- Service Capacity Management:
- About performance of the services themselves.
- Prediction of end-to-end performance.
- Component Capacity Management:
- About the capacity of individual components (network, servers, applications, etc.).
- Performance monitoring:
- Monitoring performance of components of the service.
- Demand management:
- Comes from service strategy.
- Balance costs and required resources; supply and demand.
- Capacity planning:
- Forecasting when more (or less) capacity will be needed.
- Application Sizing:
- Ability to support new or modified applications and know what their capacity requirements will be.
Information Security Management
“To align IT security with business security and ensure that the confidentiality, integrity and availability of the organisation’s assets, information, data and IT services matches the agreed needs of the business.”
- Ensuring information remains confidential.
- Risk Management:
- Assess and manage/control risks.
- Security Management Information System (SMIS).
- Information Security Policy:
- A list of rules/requirements to follow.
- Exploits vulnerabilities (e.g. denial of service).
- Weakness exploited by threats (e.g. open network ports).
The Information Security Management System:
- Guides the development and management of an information security programme.
- Formal process.
- Cycle of:
- Plan: identify measures, procedures, requirements (e.g. regulatory), etc.
- Implement: put the above in place.
- Control: making sure documentation is present, all in order.
- Evaluate: audit for compliance.
- Maintain: making sure agreements are documented and improved upon (CSI).
- Cycle of:
- Physical security (e.g. of devices).
- Procedural security: how to secure things.
- Organisational security: security policies, etc.
“To provide and maintain a single point of co-ordination and control for all activities and processes within this stage of the service lifecycle.”
- Activities relating to the overall service design lifecycle stage.
- Activities relating to each individual design.
- Based on service design packages (SDPs).
IT Service Continuity Management
Dealing with “Disaster Recovery”.
- Business Continuity Plan:
- Business Impact Analysis.
- IT Service Continuity Plan:
- Triggers, actions, etc.
Recovery Operations (in order of urgency):
- Immediate: hot standby/swap (e.g. load balancing/mirroring).
- Fast: recover within a few minutes.
- Intermediate: warm standby (e.g. restore data from backup).
- Gradual: cold standby (restore non-critical services over time).
- Board: crisis management and company-level control.
- Senior management: direct and co-ordinate; authorise spending money.
- Management: reporting on progress.
- Supervisors and staff: execute plan.
The next post in this series will follow soon, looking at service transition.
These notes were written and published prior to sitting the exam (so this post doesn’t breach any NDA). They are intended as an aid and no guarantee is given or implied as to their suitability for others hoping to pass the exam.
ITIL® is a registered trademark of Axelos limited.