Availability Management balances business availability requirements against the associated costs. So, should we consider availability requirements before the service has been designed and implemented or after?  The Availability Management process should begin in the Service Strategy stage of the lifecycle and continue in each stage of the service lifecycle. Availability Management ensures that the design approach takes two distinctive but related perspectives. Designing for availability focuses on all aspects of the technical design of the IT service. Designing for recovery ensures that in the event of a service failure, the business can resume normal operations at normal as quickly as possible. One of the techniques that can be invaluable to both perspectives is the Component Failure Impact Analysis (CFIA). The CFIA can be used to predict and evaluate the impact a component failure can have on its related IT service. This activity identifies areas of weakness or fragility within

During a discussion in a recent Intro to MOF class, we talked about some of the best practice guidance from MOF that we would use in our ITSM improvement initiatives.  We had an enthusiastic “YES” that the MOF question based guidance will be a most welcome addition in our toolkit.  Let’s talk a little bit about MOF and what this guidance entails. MOF is a Microsoft Solution Accelerator that helps integrate IT best practices, governance and risk, compliance, and team accountabilities for managing key functions across the IT service life cycle. In the documents, MOF provides scripted questions to help organizations drive service improvements by process or stage or activity. For example, the MOF Reliability Accelerator offers direction on understanding, setting targets and measuring IT service reliability. It addresses creating plans for the following areas:  Confidentiality Integrity Availability Continuity Capacity Here is an example of the question based guidance from MOF 4.0 w

I was recently asked,  "From an ITIL standpoint, what’s the difference between Accountability and Responsibility?"   That's a g reat Question! There is a big difference between Accountability and Responsibility.  The ITIL Continual Service Improvement (CSI) book provides the following definitions: Accountable: Ownership of a process, and/or activity. The person who is held accountable and ensures that the goals and objectives of a process are being followed. Responsible: Performer of a task. The person responsible for getting the task/activity done. This person gets the work done and does not necessarily have the authority to ensure that others are getting their tasks completed. Accountable roles oversee or "own" the process or task; responsible roles execute or perform one or more aspects of the process or task. For example: A CIO is accountable for the quality of all IT services, including the results produced by the IT staff and supplier

How many of our colleagues use their own personal devices for business purposes? Now, here’s the burning question. How many employers are aware that they are using those devices? Employees using personal devices at work are part of a growing revolution known as the consumerization of IT, or bring your own technology (BYOT). According to a recent Unisys-IDC study, workers reported that they are using smart phones, laptops and mobile phones in the workplace at nearly twice the rate reported by employers. This disconnect between what workers are doing and what IT leaders believe is happening is echoed in a recent survey of IT security professionals which highlighted the security and management threats posed by the growing use of personal devices like smart phones on corporate networks. About 40 percent of IT security decision makers in the Cisco-sponsored survey said they had experienced a breach or loss of information due to an unsupported network device. So what’s an IT organization t

I recently gave a workshop outlining the basic ideas and steps needed to design and implement ITSM processes. During the workshop we discussed the importance of knowing the maturity level of your processes. You determine the maturity of your processes by conducting a maturity assessment. Using a maturity assessment model will allow you to know where your processes currently reside in terms of usability, effectiveness, efficiency and economy. You can also determine what level of maturity you want your processes to achieve as a future state. Finally a maturity assessment will show you what steps you need to take to close the gap between your “as is” process and your “to be” future state. There are three maturity assessment models you might think about using. Capability Maturity Model Integration (CMMI), ISO/IEC 15504 and the ITIL Process Maturity Framework (PMF). All three use a multi-level approach to identify the maturity of your processes. Each also uses a set of assessment criteria

I was recently asked a very thought provoking question about the importance of social networking to knowledge management? Social networking is having a wide and varied impact on ITSM as a whole. As with all new and emerging technologies,  organizations must develop strategies on how social networking will be incorporated into their environment. Policies must be established that define what will and will not be allowed in the corporate arena. Within the knowledge management process,  many organizations are embracing the use of social networking technologies but doing so with caution. Once knowledge is posted on the web, it can take on a life of it’s own. There must be internal security policies that insure that proprietry knowledge does not become available to the public. These policies should address the appropriate use of the technology as well as appropriate staff behavior.  Policies and procedures should also be defined for filtering, validating and controlling any knowledge tha

I have been asked by many students, how do you move from that role as the fire fighter resolving incidents to the role of being able to prevent them from occurring in the first place? Much of this has to do with good design and a strong proactive problem management process, but a solid event management process is an excellent offensive weapon in the prevention of impacting incidents in your environment. Event Management is the process that gives IT the ability to detect events, make sense of them and determine the appropriate control action. It is the basis for our operational monitoring and control. This gives us a way to compare actual performance against what was designed and written in SLAs. What is perfect about event management is that we can apply it to any aspect of our environment from delivery of a service, monitoring an individual CI, environmental conditions to software license usage. In conjunction with the other Service Management processes, along with both passive an

In order for IT organizations to be successful, we must align ourselves with our business partners. Business and customer requirements must drive service and process continual improvement activities. As a service provider, we must ask ourselves if we really understand our customer’s needs and expectations. When was the last time we checked with our business to determime if we are delivering value? When was the last time you asked the business, “How are we doing”? One of the gathering techniques we learn in the Certified Process Design Engineering (CPDE) course is how to conduct a needs assessment. Here are the steps for conducting a successful assessment: 2 to 4 weeks prior to the assessment: Establish a high-level interview schedule Identify interview participants Develop a detailed interview schedule Contact each participant to determine availability Develop a list of interview questions/solicit feedback Refine your list of interview questions  1 to 2 weeks prior to the ass

I often get asked what goes into a Process Definition Document (PDD).  Certified Process Design Engineers (CPDE) learn that PDDs should  include: Policies A process overview Roles and Responsibilities Process Maps Activities Vocabulary Policies Policies specific to a process should be included in the Process Definition Document.  A policy is a formal document that describes the overall intentions and direction of a service provider, as expressed by senior management. Company policies are used to guide actions toward a specific outcome. They must be specific, measurable and underpinned by the process.  Overview The overview section contains the process description, objectives, goals, owner boundaries, triggers, supplier data, inputs, high level activities, outputs, customers and metrics. Roles and Responsibilities Roles and responsibilities define and describe the active participants in the process, including the process owner, process manager, suppliers, customers and sta

I was asked recently how Certified Process Design Engineer® (CPDE) and Six Sigma might work together. I was also asked to clarify the value of holding a Certified Process Design Engineer® certification. To deal with these questions we must first clarify the difference between CPDE® and Six Sigma. First CPDE® is a role and a set of methods and approaches for that role to use in defining, designing and implementing strong IT Service Management processes. Six Sigma is a quality framework based on the work of men like W. Edwards Deming, Joseph Juran and Philip Crosby (the Big Three of the quality movement) and developed out of Motorola’s efforts to improve quality. The two are not at odds, rather they complement each other. A CPDE has the skills to look at an organization, understand its culture, its approach to process and quality and its need for improvement. Once this assessment is done (using tools like the ITIL Process Maturity Framework, or CMMI) the CPDE would identify which el

I recently attended a great opportunity to connect, learn and grow at the itSMF USA Fusion 10 Conference in Louisville, Kentucky. It was a wonderful chance to see old friends and acquaintances, to meet and make new friends and learn from some of the most articulate and impressive speakers on ITSM and ITIL available in the industry. I came away with some key points that I thought I would share with you so you can also gain the benefit and value of the data, information, knowledge and wisdom presented at the Conference. Here are my key take0aways: Service Management is alive and well. A new wave of users and supporters has emerged and were present at the show. I saw and met so many new people. I was impressed that ITSM and ITIL has not simply remained in the hands of a core group of users but has found continued life among new industries and implementers. ITSM and ITIL seem to be growing especially among colleges and university IT departments and in the medical and scientif

Not too long ago, I was involved in a post implementation meeting for a change that was not very successful. During the meeting there was a very heated discussion, some of the comments I heard were:  ‘I thought you were going to do that’ ‘That is not my responsibility” ‘Why wasn’t I informed that this was occurring’ 'I have the responsibility, but not the authority to get the job done' ‘I knew how to fix the issue, but no one ever asked me’   It occurred to me that having a RACI chart would address these comments. The RACI model is a straight forward tool used for identifying activities and relating them to roles and responsibilities, thus avoiding confusion over who does what and how people are involved. The acronym RACI stands for:  Responsible : This role is responsible for the correct execution of process and activities. This person or persons do the work to achieve the task. Accountable : This role has ownership of the quality and the end result o

Trends such as virtualization, cloud computing, and agile development have all prompted the need for leaner, more efficient, and more highly automated ITSM processes. Probably one of the things that is most misunderstood about ITIL is that it is a highly scalable framework. Organizations need to understand that if their processes are bureaucratic, it’s most likely because they have made them that way. So in the spirit of continual improvement, what’s an organization to do… throw out ITIL and start over? That’s what the DevOps folks would have you think. If you haven’t heard of DevOps, according to Wikipedia the term refers to the emerging understanding of the interdependence of development and operations in meeting a business' goal to produce timely software products and services. DevOps has been referred to as (1) a movement, (2) an approach, and one blogger went so far so refer to it as (3) a “framework of ideas and principles designed to foster cooperation, learning and coo

What is strategic thinking? This question often crosses my mind and those of my students, especially when I am teaching the ITIL Lifecycle classes. Just as often as the question arises, a variety of answers are put forth as well. One definition of strategic thinking holds that “the role of strategic thinking is ‘to seek innovation and imagine new and very different futures that may lead the company to redefine its core strategies and even its industry’ ". This implies that the definition and use of strategic thinking are related but different from strategic planning—putting into action or executing the ideas developed using strategic thinking. Strategic thinking is just that—postulating or thinking about what the future holds and what the future looks like. Strategic planning is action based. A good organization recognizes they need both. As a Professor who attempts to provide learners with theory-driven practical data, information, knowledge and wisdom, I particularly like th

People ask me why I think that many designs and projects often fail. The most common answer is from a lack of preparation and management. Many IT organizations just think about the technology (product) implementation and fail to understand the risks of not planning for the effective and efficient use of the four Ps: People, Process, Products (services, technology and tools) and Partners (suppliers, manufacturers and vendors). A holistic approach should be adopted for all Service Design aspects and areas to ensure consistency and integration within all activities and processes across the entire IT environment, providing end to end business-related functionality and quality. (SD 2.4.2) People:   Have to have proper skills and possess the necessary competencies in order to get involved in the provision of IT services. The right skills, the right knowledge, the right level of experience must be kept current and aligned to the business needs. Products:   These are the technology managem

The Professor was recently asked about Application Cost models.  While ITIL does not speak specifically about “Application Cost Models,” there is information about how to create a service cost model using ITIL’s Financial Management process.  From ITIL’s perspective, an application is one part of an end-to-end service. Developing a cost model involves: Identifying all costs attributed to the service (hardware, software, salaries, accommodations, external services, transfer costs (e.g., from other internal units) Determining which costs can be directly tied to the service Deciding how to fairly apportion indirect costs (e.g., infrastructure, technical staff time) Adjusting the total to allow for unabsorbed overhead costs (e.g., administrative or managerial salaries, building/accommodation costs such as a data center or IT office space) A spread sheet can be used to break each cost down into a unit cost.  Overall cost for the application (or service) can then be calculated based

Perhaps one of the most underused yet powerful processes from ITIL is Problem Management. Many people recognize the importance of Problem Management, especially in relationship to Incident Management. Yet when I ask students if they have implemented a Problem Management process the response is often “We plan to...” or “We started but did not get too far…” or “Not yet.” So what is keeping companies and individuals from using Problem Management to its full effectiveness? I propose that some of the reason is fear, uncertainty and doubt about how to go about “doing” Problem Management. By understanding that the Problem Management process has a number of techniques and tools available to help a service provider indentify root cause and recommend permanent resolution we may be able to remove some of the fear, uncertainty and doubt. What are some of the techniques and how could we apply them? Let’s take a brief look and see what we can uncover. Chronological Analysis: This time based appr

The Professor was recently asked for real life examples or best practices for the criteria that organizations have used to define major incidents. ITIL defines a major incident as an incident that results in significant disruption to the business and so real world examples are going to vary from one business to the next. For a financial services company, for example, a major incident could be an incident affecting live money transactions. For a retail company, a major incident could be an incident affecting its point of sale service. For a manufacturing company, a major incident could be an incident that affects the production line. Simply put… real dollars are being lost. A major incident could also be a service outage that affects are large number of users. Those users could be your company’s external customers, or it could be your internal employees. So for many organizations, outages affecting the company’s web site, or its email or customer relationship management (CRM) service

A close friend of mine has a saying that I always remember “All roads lead through incident management”. We know that the primary goal of the incident management process is to restore normal service operations as quickly as possible and to minimize any adverse impact on business operations. This will insure the highest levels of service quality and availability are delivered to the user community, guaranteeing that the business is receiving value and facilitating the outcomes it wants to achieve. The value this process produces for the business is in the ability to: detect and resolve incidents quickly, resulting in higher availability of IT services. align IT activities to real time business priorities and dynamically allocate resources as necessary. identify potential improvements to services, through the analysis of incident trends. So it sounds like we have everything covered as long as we handle all incidents in the same consistent and proceduralized manner. Well not so fast

Our senior IT executives are being held accountable to better manage the quality and reliability of IT in business and respond to a growing number of regulatory and contractual requirements. Every enterprise needs to tailor the use of standards and practices to suit its individual requirements. Control Objectives for Information and Related Technology (COBIT) and the IT Infrastructure Library (ITIL) can both play a useful role in IT governance. Very simply COBIT helps our senior management teams to define what should be done and ITIL provides the framework for how to manage our services. When we think about COBIT and IT governance at the most fundamental level, there are four questions that every leader asks him or herself when it comes to IT initiatives: Is my IT organization doing the right things? Are we doing them the right way? Are we getting them done well? Are we getting value from our IT department? COBIT helps answer these questions by defining IT activities in a gen