Skip to main content

Posts

Component Failure Impact Analysis

Availability Management balances business availability requirements against the associated costs. So, should we consider availability requirements before the service has been designed and implemented or after?  The Availability Management process should begin in the Service Strategy stage of the lifecycle and continue in each stage of the service lifecycle. Availability Management ensures that the design approach takes two distinctive but related perspectives. Designing for availability focuses on all aspects of the technical design of the IT service. Designing for recovery ensures that in the event of a service failure, the business can resume normal operations at normal as quickly as possible. One of the techniques that can be invaluable to both perspectives is the Component Failure Impact Analysis (CFIA). The CFIA can be used to predict and evaluate the impact a component failure can have on its related IT service. This activity identifies areas of weakness or fragility within

MOF's Question Based Guidance

During a discussion in a recent Intro to MOF class, we talked about some of the best practice guidance from MOF that we would use in our ITSM improvement initiatives.  We had an enthusiastic “YES” that the MOF question based guidance will be a most welcome addition in our toolkit.  Let’s talk a little bit about MOF and what this guidance entails. MOF is a Microsoft Solution Accelerator that helps integrate IT best practices, governance and risk, compliance, and team accountabilities for managing key functions across the IT service life cycle. In the documents, MOF provides scripted questions to help organizations drive service improvements by process or stage or activity. For example, the MOF Reliability Accelerator offers direction on understanding, setting targets and measuring IT service reliability. It addresses creating plans for the following areas:  Confidentiality Integrity Availability Continuity Capacity Here is an example of the question based guidance from MOF 4.0 w

Accountable or Responsible?

I was recently asked,  "From an ITIL standpoint, what’s the difference between Accountability and Responsibility?"   That's a g reat Question! There is a big difference between Accountability and Responsibility.  The ITIL Continual Service Improvement (CSI) book provides the following definitions: Accountable: Ownership of a process, and/or activity. The person who is held accountable and ensures that the goals and objectives of a process are being followed. Responsible: Performer of a task. The person responsible for getting the task/activity done. This person gets the work done and does not necessarily have the authority to ensure that others are getting their tasks completed. Accountable roles oversee or "own" the process or task; responsible roles execute or perform one or more aspects of the process or task. For example: A CIO is accountable for the quality of all IT services, including the results produced by the IT staff and supplier

The Consumerization of IT

How many of our colleagues use their own personal devices for business purposes? Now, here’s the burning question. How many employers are aware that they are using those devices? Employees using personal devices at work are part of a growing revolution known as the consumerization of IT, or bring your own technology (BYOT). According to a recent Unisys-IDC study, workers reported that they are using smart phones, laptops and mobile phones in the workplace at nearly twice the rate reported by employers. This disconnect between what workers are doing and what IT leaders believe is happening is echoed in a recent survey of IT security professionals which highlighted the security and management threats posed by the growing use of personal devices like smart phones on corporate networks. About 40 percent of IT security decision makers in the Cisco-sponsored survey said they had experienced a breach or loss of information due to an unsupported network device. So what’s an IT organization t

Process Maturity Assessments

I recently gave a workshop outlining the basic ideas and steps needed to design and implement ITSM processes. During the workshop we discussed the importance of knowing the maturity level of your processes. You determine the maturity of your processes by conducting a maturity assessment. Using a maturity assessment model will allow you to know where your processes currently reside in terms of usability, effectiveness, efficiency and economy. You can also determine what level of maturity you want your processes to achieve as a future state. Finally a maturity assessment will show you what steps you need to take to close the gap between your “as is” process and your “to be” future state. There are three maturity assessment models you might think about using. Capability Maturity Model Integration (CMMI), ISO/IEC 15504 and the ITIL Process Maturity Framework (PMF). All three use a multi-level approach to identify the maturity of your processes. Each also uses a set of assessment criteria

Knowledge Management and Social Networking

I was recently asked a very thought provoking question about the importance of social networking to knowledge management? Social networking is having a wide and varied impact on ITSM as a whole. As with all new and emerging technologies,  organizations must develop strategies on how social networking will be incorporated into their environment. Policies must be established that define what will and will not be allowed in the corporate arena. Within the knowledge management process,  many organizations are embracing the use of social networking technologies but doing so with caution. Once knowledge is posted on the web, it can take on a life of it’s own. There must be internal security policies that insure that proprietry knowledge does not become available to the public. These policies should address the appropriate use of the technology as well as appropriate staff behavior.  Policies and procedures should also be defined for filtering, validating and controlling any knowledge tha

Event Management Reactive to Proactive

I have been asked by many students, how do you move from that role as the fire fighter resolving incidents to the role of being able to prevent them from occurring in the first place? Much of this has to do with good design and a strong proactive problem management process, but a solid event management process is an excellent offensive weapon in the prevention of impacting incidents in your environment. Event Management is the process that gives IT the ability to detect events, make sense of them and determine the appropriate control action. It is the basis for our operational monitoring and control. This gives us a way to compare actual performance against what was designed and written in SLAs. What is perfect about event management is that we can apply it to any aspect of our environment from delivery of a service, monitoring an individual CI, environmental conditions to software license usage. In conjunction with the other Service Management processes, along with both passive an