C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y IT Infrastructure Library (ITIL) Part 5 – Service Delivery Service Level Mgmt, It Financial Mgmt

C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y

IT Infrastructure Library (ITIL)IT Infrastructure Library (ITIL)

Part 5 – Service Delivery

Service Level Mgmt, It Financial Mgmt and Security

2

Version 2004ITIL-Part2-IntroductionServiceSupport


Agenda

5-1 Service Delivery Model

5-2 Service Level Management

5-3 IT Financial Management

5-4 Security



5-1 – Service Delivery Model

4



Service delivery process model



5-2 – Service Level ManagementThe process of defining, agreeing, documenting and managing the levels of customer IT service, that are required and cost justified.

6



SLM – Overview

What is an SLA ?A written agreement between an A written agreement between an

IT Service provider and the IT IT Service provider and the IT Customer(s), defining the key Customer(s), defining the key service targets and service targets and responsibilities of both partiesresponsibilities of both parties

Goal The goal for SLM is to maintain and improve IT Service quality, through a constant cycle of

agreeing, monitoring and reporting upon IT Service achievements and instigation of actions to eradicate poor service - in line with business or Cost justification.

Scope All IT services And

- Contacts with Suppliers- Operationnal Level Agreements

7



Service Level Management - process

DefineServices:Internal

& external

ServiceLevel

Requirements

Establishrequirements

ServiceSpec sheets

ServiceQuality

Plan

Contractnegotiations

Service-catalogue

ServiceLevel

Agreements

OperationalLevel

Agreements

Underpinningcontracts

Monitor:Service Levels

ServiceLevel

Achievements

Report/evaluate

ServiceImprovement

Program

8



Service Level Management - Benefits

Benefits IT Services are designed to meet Service Level Requirements improved relationships with satisfied Customers both parties to the agreement have a clearer view of roles and responsibilities there are specific targets to aim for and against which service quality can be

measured, monitored and reported IT effort is focused on those areas that the business thinks are key IT and Customers have a clear and consistent expectation of the level of

service required (i.e. everyone understands and agrees what constitutes a ‘Priority One’ Incident, and everyone has a consistent understanding of what response and fix times are associated with something called 'Priority One')

service monitoring allows weak areas to be identified, so that remedial action can be taken (if there is a justifiable business case), thus improving future service quality

service monitoring also shows where Customer or User actions are causing the fault and so identify where working efficiency and/or training can be improved

SLM underpins supplier management (and vice versa) -

9



SLM : implementing the process (1)

Produce a service catalogue A service is one or more IT systems wich enable a business process Define a hierarchy Separate services seen by the customer (business service) and services not

seen by the customer (infrastructure, system, network application services) A service could be defined as a CI (Configuration Item)

Customer Service Accounts Sales Marketing

Legal Production

Retail Warehouse

Transport

Design

Payroll System Accounts System Invoicing Customer D/Base Sales D/Base Stock Control Legal System Factory Production

Suppliers D/Base Ordering Logistics Postal Addresses CAD/CAM Intranet Internet Routemaster Office Suite E-mail

Exa

mple

of

a s

imple

Exa

mple

of

a s

imple

Serv

ice C

ata

logue

Serv

ice C

ata

logue

10




Expectation Management Satisfactin = Expectation – Perception SLA are just documents and themselves doesn’t improve the quality

level Support of business managers to to manager excessive or unrealistic

demands (costs…) SLA Structure

Service based : mailing service Customer based : finance department Multi-levels SLA : coprporate level + customer level + service level

Establish Service Level Requirements and Draft SLA Iteractive process based on a first outline draft (as a starting point) Negociate requirements vs charging

Wording of SLAs Clear and concise without ambiguity

11




Seek agreement With customer representatives Care about the current issues. Establish long term

requirements. Start with a pilot SLA if no previous experience Identify customer requirements at all levels (cost,

responsivenss, availability…) Consult IT provider representatives to be sure that targets are

realistic and achievable Take into account suppliers contractual implications

Establish monitoring capabilities All targets in the SLA must be monitored and measured. Monitoring must match the customer perception Links to the service desk

12




Review underpinning contracts and operationnal level agreements

Contracts with external suppliers are mandatory Establish simple agreement with interanl groups

Contracts with external suppliers are mandatory

OLAs need to be simple but must include equivalent targets than SLA (response time, open hours…)

13




Define reporting and review procedures SLA reporting mechanisms must be defined and agreed with the

customers Frequency and format must be agreed Define period to review SLAs (annually for example)

Publicise the existence of SLAs Service Desk Support groups Suppliers Customers

=> Extract key targets

14



SLM : ongoing process (1)

Monitoring and reporting Launch monitoring when SLA is agreed Produce Service achievement reports (with exception reports if

SLA is broken) Example of

SLAM chart (front report)

15



SLM : ongoing process (2)

Service review meetings Periodic review meeting with customer representatives to

- analyse the last period- Preview any issues for the coming period

Actions must be minuted Service Improvement Program

To resolve issues impacting service quality In relation with problem management and availability management Driven by service review meetings

Maintenance of SLAs, contracts and OLAs Keep up to date To be reviewed annualy Align to business needs and strategy Verify services and targets

16



SLM : SLA contents (1)

Introduction- parties to the agreement - title and brief description of the agreement - signatories - dates: start, end, review - scope of the agreement; what is covered and what is excluded - responsibilities of both the Service Provider and the Customer- a description of the Services covered.

Service hours- the hours that each service is normally required (e.g. 24x7, Monday to

Friday 08:00 - 18:00) - arrangement for requesting service extensions, including required notice

periods (e.g. request must be made to the Service Desk by 12 noon for an evening extension, by 12 noon on Thursday for a week-end extension)

- special Hours (e.g. public holidays) - service calendar.

17




Availability- Availability targets within agreed hours, normally expressed as

percentages - measurement period and method must be stipulated. This may be expressed for the overall service, underpinning services and critical components or all three. However, it is difficult to relate such simplistic percentage Availability figures to service quality, or to Customer business activities. It is therefore often better to try to measure service UnAvailability in terms of the Customer's inability to carry out its business activities. For example, 'sales are immediately affected by a failure of IT to provide an adequate POS support service'. This strong link between the IT Service and the Customer's Business processes is a sign of maturity in both the SLM and the Availability Management processes.

Reliability- usually expressed as the number of service breaks, or the Mean Time

Between Failures (MTBF) or Mean Time Between System Incidents (MTBSI).

18




Support- support hours (where these are not the same as Service hours) - arrangement for requesting support extensions, including required notice

periods - special hours (e.g. public holidays) - target time to respond, either physically or by other method (e.g. telephone

contact, e-mail), to Incidents - target time to resolve Incidents, within each Incident Priority - targets varies

depending upon Incident priorities. Throughput

• Indication of likely traffic volumes and throughput activity (e.g. the number of transactions to be processed, number of concurrent Users, amount of data to be transmitted over the network). This is important so that performance issues which have been caused by excessive throughput outside the terms of the agreement may be identified.

Transaction response timesTransaction response times target times for average, or maximum workstation response times (sometimes expressed target times for average, or maximum workstation response times (sometimes expressed

as a percentile - e.g. 95% within 2 seconds). as a percentile - e.g. 95% within 2 seconds).

19




Batch turnaround times times for delivery of input and the time and place for delivery of output.

Change• targets for approving, handling and implementing RFCs, usually based upon

the Category or Urgency/priority of the Change.

IT Service Continuity and Security a brief mention of IT Service Continuity Plans and how to invoke them, and

coverage of any security issues, particularly any responsibilities of the Customer (e.g. back-up of free-standing PCs, password Changes)

details of any diminished or amended service targets should a disaster situation occur (if no separate SLA exists for such a situation).

Charging details of the charging formula and periods (if charges are being made). If the

SLA covers an Ouitsourcing relationship, charges should be detailed in an Annex as they are often covered by commercial in confidence provisions.

20




Service reporting and reviewing- the content, frequency and distribution of service reports, and the

frequency of service review meetings.

Performance incentives/penalties- Details of any agreement regarding financial incentives or

penalties based upon performance against service levels. These are more likely to be included if the services are being provided by a third-party organisation. It should be noted that penalty clauses can create their own difficulties. They can prove a barrier to partnership if unfairly invoked on a technicality and can also make service provider staff unwilling to admit to mistakes for fear of penalties being imposed. This can, unless used properly, be a barrier to effective Problem solving.

21



SLM : Key Performance Indicators and metrics

What number or percentage of Services are covered by SLAs? Are Underpinning contracts and OLAs in place for all SLAs

and for what percentage? Are SLAs being monitored and are regular reports being

produced? Are review meetings being held on time and correctly

minuted? What number or percentage of Services targets are being met

and what is the number and severity of service breaches? Are service level achievements improving ? Are Customer perception statistics improving? Are IT costs decreasing for services with stable (acceptable

but not improving) service level achievements?



5-3 – Financial Management for IT services

23



Introduction (1)

Introduce formal finacial Management for IT Services, because IT costs grow faster than other costs : Increases in Users numbers New technologies, more complex New needs

Three main processes Budgeting (predicted costs) IT accounting (costs of resources usage) Charging (costs back to Business Unit)

24



Introduction (2)

Relationship with other IT Service Management processes Service Level Management : SLA = customers expectations and IT

services obligations Capacity Management : estimate the costs of the desired capacity and

availability of the system Configuration Management : asset informations

Business vs IT

25



Financial Management - process

Business ITRequirements

IT Operational plan(Budgeting)

Cost analysis(Accounting)

Charges(Charging)

Costing models

Charging policies

Feedback of proposed charges to business (Report)

Service Level Management Financial Management

26



Financial Management - Financial model

PurchaseAnd

depreciation

Lease

Licences/maintenance

Salaries

Training

Expenses(travel,

meals ..)

Housingcost

Charges fromdepartments

Management/administration

EquipmentCost

(HW/SW)

Productcost

Product A

Product B

Product C

Product D

Product E

=Organisationcost

Overhead

Rates

Revenue

= Invoice/charging

Number of sales

BM 5-3-2002

Budgeting/cost accounting Products/charging

+

27



Budgeting (1)

Budgeting process has a key influence on strategic and tactical plans

Periodic (e.g. annual) round of negotiations between the business departments and the IT organisation covering expenditure plans and agreed investment programmes

ExampleBudget Item Capital Purchase

CostAnnual Maintenance

SpendThis Year

BudgetNext Year

Notes AnnualisedCost

Hardware

UNIX Server Yes £80,000 £8,000 £8,000 £8,000 No changes £34,667

NT Server Yes £10,000 £1,000 £1,000 £1,000 No changes £4,333

ORACLE No £7,000 £7,000 £8,400

Marketing and Sales appl. No £3,000 £3,000 £3,600

MS Windows (50-User) No £2,500 £2,500 £3,000 Staff increase

28



Budgeting (2)

Estimating the cost of budget items Arbitrage Expenditure trends Depreciation

Estimating the cost of workload dependent budget items Workload estimations Targets Forecasts

29



IT Accounting (1)

Business Perspective Charge for IT services or not ?

Different organisations Accounting Centre (costing inputs) Recovery Centre (costing outputs / services) Profit Centre (separate business entity)

- Sufficient autonomy- Outsourcing- Risk : the Customer becoming aware that the IT organisation is 'making a profit' from them

Building the cost models To calculate the costs of IT Service provision, it is necessary to design a framework in which all known costs can be recorded and allocated to

specific Customers, activities or other Category. This is called a Cost Model

30



IT Accounting (2)

Costs types hardware costs software costs people costs accommodation costs External Service costs Transfer costs

Direct or indirect costs

Major type Cost Elements

Hardware Central processing units, LANS, disk storage, peripherals, wide area network, PCs, portables, local servers

Software Operating systems, scheduling tools, applications, databases, personal productivity tools, monitoring tools, analysis packages

People Payroll costs, benefit cars, re-location costs, expenses, overtime, consultancy

Accommodation

Offices, storage, secure areas, utilities

External Service

Security services, Disaster Recovery services, Outsourcing services, HR overhead

Transfer Internal charges from other cost centres within the organisation

31



IT Accounting (3)

Cost Model

32



IT Accounting (4)

Classification of Cost Elements Capital

- computer equipment - building and plant - software packages

Operational- staff costs - maintenance of computer hardware and software - consultancy services, rental fees for equipment - software licence fees - accommodation costs - administration expenditures - electricity, water, gas, rates - disaster recovery - Consumables

Direct or Indirect Cost Centre Fixed or variable

33



IT Accounting (5)

Depreciation pre-determined, as in the case of a lease dependent on its physical deterioration through use or passage of time reduced by economic or technological obsolescence

Apportioning the IT Services costs

Capital

Annual Cost

Direct Apportionment Method

Customer

Marketing and Sales

Manufacturing Finance

Hardware UNIX Server Yes £34,667 No 50/50 split £17,333 £17,333

NT Server Yes £4,333 Yes £4,333

Netware Server Yes £1,300 No Infrastructure

PCs (50) Yes £26,000 No By PC £5,200 £19,240 £1,560

Routers (5) Yes £1,300 No Infrastructure

LAN Cabling Yes £17,333 No Infrastructure

Software

General Ledgers

No £20,000 Yes £20,000

ORACLE No £7,000 Yes £7,000

34



IT Accounting (6)

Calculating the Cost-by-service

35



IT Accounting (7)

Calculating the costs of Cost Units PC, Operator hour

Changes affecting costs Disks

Investment appraisal being clear about objectives thinking about different ways of meeting them estimating and presenting the costs and benefits of each

potentially worthwhile option ROI (Return on Investment )= average increase in

profits(average taken over an agreed number of years) / Investment

36



IT Accounting (8)

Total Cost of Ownership The Gartner Group pioneered a method of calculating the costs of a

product or service with the title of 'Total Cost of Ownership' (TCO). The most widely known example was that for Personal Computers. In an

era where the price of a PC on a desk had fallen to $2,000, Gartner demonstrated that the 5-year cost of a PC, when taking into account purchasing overheads, upgrades, maintenance, a proportion of support staff and Service Desk costs, disposal etc. was closer to $35,000

Budgeting, IT Accounting and Charging cycles

Budgeting IT Accounting Charging

Planning (annual)

Agree overall expenditures

Establish standard Unit costs for each IT resource

Establish pricing policyPublish price list

Operational (monthly)

Take actions to manage budget exceptions or changed costs

Monitor expenditure by cost-centre

Compile and issue bills

37



Charging (1)

Goals forcing the business divisions to control their own Users' demands reducing overall costs and highlighting areas of service provision which

are not Cost effective allowing the organisation to match service to justifiable business need,

through direct funding

Chargeable items Chargeable Items should be understandable and controllable by the

Customer Relate to the organisation's business

Variable costs and charges estimate of the likely charges and possible upper and lower limits variable costs do not decrease with decreasing usage

38



Charging (2)

Pricing the determination of a pricing objective understanding the true (not perceived) demand for the service accurate determination of Direct and Indirect costs the level of control of the internal market understanding the services available externally if Customers have a

choice legal, regulatory and tax issues

Internal market Tied customers / Untied customers

Differential charging For example, during peak daytime

Pricing flexibility Billing

Bills Charging information is passed to Customers to make them aware of the cost of the resources used by their business

to manage cash flow => Billing cycle

39



Charging (3)

Case Study : Discouraging use of services A company provided its Users with a dedicated, outsourced Service Desk facility.

The vendor charged the company on a per-call basis. The charging policy was to recharge all IT spending to the business on the basis of true cost.

Once the Service Desk was in place, Customers realised that they could reduce their costs by not placing Service Desk calls. Some business managers instructed their Users not to use the Service Desk, or to route all issues through a single, local support person.

Decreasing the total number of calls decreased the calculated charges to the Customer but did not reduce overall price of the service by the same amount. It also resulted in:

- increased wasted time for Users - reduced effectiveness of IT systems - poor perception of the IT Services and the IT organisation - additional work for the IT organisation to discover problems - reduced leverage in negotiating service costs with the outsourcing vendor.

Resolution- The charging method was changed to one in which a fixed fee per User was

negotiated, based upon an estimated call rate taken from previous years' volumes and business predictions. This charge was reviewed quarterly to check that call levels were within agreed thresholds.



5-4 – Security

41



Security management - essence

Security Management is responsible for continually delivering the Service on an agreed security area with the customer agreement

Security Management focuses on the integrity of data and the unauthorized use of it. It’s goals is to keep information reliable, secure and available, and prevent unauthorised use.

42



Security Management - definitions

Security Management is part of Information Security (BS 7799) and aims to ensure the safety of information

Terms used: Safety : refers to

not being vulnerable to known risks, avoiding unknown risks where possible

The tool to provide this is Security : which aim is to protect the value of information.

This is done by: Confidentiality : protecting information against unauthorised access and use, Integrity : accuracy, completeness and timelines of information, Availability : the information should be accessible at any agreed time.

43



Security Management - justification

• Internal : an organization can only function properly if she has the disposal of the right and complete information

• External : The processes of an organization deliver products and services which are made for a certain goal (competitive advantage). Security is an important condition to an adequate information flow to realise these processes.

Good security ads value to the continuity of the business

44



Security Management - relations

Strategic

Tactical

Operational

Managers Set

Service Delivery Set

Service Support Set

ITIL Security Management

Securitymanagement

IT servicesorganisation

Service level management

Availability management

Perf. & capacitymanagement

Business Continuity Planning

Incident management Problem

management

Change management

Release management

Configurationmanagement

45



Security Management - process

PLANMAINTAIN

EVALUATE IMPLEMENT

CONTROL

REPORTING SLA Security Chapter

Customer defines business requirements



5-5 – Annexes

47



Acronyms (1)

AMDB : Availability Management Database AST: Agreed Service Time ATM: Auto Teller Machine BCM: Business Continuity Management BIA: Business Impact Analysis BRM: Business Relationship Management CAB: Change Advisory Board CDB: Capacity Database CFIA: Component Failure Impact Analysis CI: Configuration Item CIA: Confidentiality, Integrity and Availability CMDB : Configuration Management Database CSBC : Computer Services Business Code CSS : Customer Satisfaction Survey DT : Down Time EFQM : European Foundation for Quality Management EUA : End User Availability

48



Acronyms (2)

EUDT : End User Down Time EUPT : End User Processing Time FTA : Fault Tree Analysis ICT : Information and Communication Technology(ies) ISP : Internet Service Provider ITAMM : IT Availability Metrics Model ITIL: Information Technology Infrastructure Library ITSC : IT Service Continuity ITSCM : IT Service Continuity Management ItSMF : IT Service Management Forum IVR : Interactive Voice Response KPI : Key Performance Indicator LAN : Local Area Network MBNQA : Malcolm Baldrige National Quality Award MIM : Major Incident Management MTBF : Mean Time Between Failures MTBSI : Mean Time Between System Incidents

49



Acronyms (3)

MTTR : Mean Time To Repair OGC : Office of Governnment Commerce OLA : Operational Level Agreement OLTP : On-line Transaction Processing PAD : Package Assembly/Disassembly device PKI : Public Key Infrastructure PRINCE : Projects IN Controlled Environments QA : Quality Assurance RAG : Red-Amber-Green RAID : Redundant Array of Inexpensive Disks RFC : Request For Charge ROCE : Return On Capital Employed ROI : Return On Investment RWO : Real World Object SIP : Service Improvement Programme

50



Acronyms (4)

SLA : Service Level Agreement SLAM :SLA Monitoring SLM : Service Level Management SLR : Service Level Requirement SMO : Service Maintenance Objectives SOA : System Outage Analysis SPOF : Single Point of Failure TCO : Total Cost of Ownership TOP : Technical Observation Post TOR : Terms Of Reference TQM : Total Quality Management UPS : Uninterruptible Power Supply VBF : Vital Business Function VSI : Virtual Storage Interrupt WAN : Wide Area Network

51



Contacts

CONTACT

Jean-Marc [email protected] +33 1 69 85 78 25Fax +33 1 69 85 78 7615 av du Cap Horn 91 400 Les UlisFrance

www.apogee-om.frwww.devoteam.com

DEVOTEAM Group locations France

Denmark United Kingdom

Germany Austria

The Netherlands Belgium

Spain

© DEVOTEAMThis document has been prepared

by DEVOTEAM. It is not to be copied or reproduced in any way without Devoteam

express permission. Copies of this document must be accompanied by title, date and this

copyright notice.

File Info

Date of release

Authors Jean-Marc Chevereau

10082004ITIL-Part2-IntroductionServiceSupport

Documents

C O N N E C T I N G B U S I N E S S & T E C H N O L O G Y IT Infrastructure Library (ITIL) Part 5 – Service Delivery Service Level Mgmt, It Financial Mgmt