6 Nisan 2016 Çarşamba

ITIL STRATEGY DESIGN




ITIL STRATEGY DESIGN


ITIL Basics: Strategy, Design, Transition, Operations, and Improvement

There are 5 ITIL Lifecycle Phases as prescribed in ITIL. Service Strategy, Service Design, Service Transition, Service Operations, and Continual Service Improvement. These life cycles define what IT has to do to deliver value to the business and/or customers. ITIL  advises you to change your IT organizational functions and processes in this manner to deliver IT services and value to your customers. If your company makes the decision to launch an ITIL initiative, you have decided to introduce the necessary change to your current organizational structure and processes to align with ITIL advised structure and processes.
What is the ITIL structure? ITIL defines 5

IT Lifecycle Phases with the following Goals

1)Service Strategy: build a cost effective IT strategy. Find the right balance between performance and cost. Defines what to build and why it is needed. Its output is a business approved, business funded IT strategy.
2)Service Design: design IT services in alignment with Service Strategy. Defines how IT services will be built. Its output is a Service Design Package.
3)Service Transition: build and deploy IT services as specified by Service Design. Build and deploy services with minimal impact to the Production environment. Its output is a Live Application/Service that functions as expected.
4)Service Operations: Deliver and manage services at the agreed levels to business users/customers. Its expected output is managed services with happy customers.
5)Continual Service Improvement: Continual improvement of IT processes and metrics. Prioritize and initiate improvement projects. Its expected output is better metrics of all IT processes - cheaper, faster, better IT services.







STRATEGY - DESIGN 




1)Supplier Management


The purpose of supplier management is to obtain value for money from suppliers and contracts. It ensures that underpinning contracts and agreements align with business needs, Service Level Agreements and Service Level Requirements. Supplier Management oversees process of identification of business needs, evaluation of suppliers, establishing contracts, their categorization, management and termination.

2)Service Catalog Management

The CA Service Catalog Management process map provides IT with control over internal initiatives to develop, deliver and support the required services while establishing a partnership with its consumers who will receive the agreed services at the expected level and price.  Benefits include:
  Creating a service driven culture elevating the perception of the IT organization to a Service Provider  
  Providing a source of reliable information to manage investments  
  Increasing customer satisfaction and allowing them to choose the correct level of IT service for their needs  
  Setting the stage for a formal Service Level Management process
  Building the foundation to manage Service Requests

3)Information Security Management

Companies will be sensitive to the taste because of security reasons. This sensitivity can be moved to the physical size of the media data that can be carried on smaller and older is increasing with increasing size. 
Information Security Management (Information Security Management) The main purpose of the company IT security policies and security; digital data is managed in a secure and convenient way to ensure that is to match the case. This security, availability (accessibility), confidentiality (privacy), Integrity (integrity) and Authenticity (the authorization) are possible. 
Availability (accessibility) accessibility of data; protected against any attacks and are provided with the system to be available when needed by convertibility of possible errors. 
Confidentiality (Privacy) Data is only accessible by persons with access.
Integrity (Integrity) is provided with the protection of data against unauthorized intervention.
Authenticity (Empowerment): exchange of data held by companies inside or outside is provided with unreliable. 
Information Security Structure
Information security management level of security in the entire life cycle of the services offered by creating a security framework is to ensure that enough.
Basically security framework consists of the following components: 
    Security strategy, the creation of security policies that meet the control and regulation
    Establishment of control elements to support the policy
    Enterprise task, the creation of a security policy and strategy consistent with the request.
    Establishment of an effective security organization structure.
This foundation is supported by the following components:
    Managing the security risks
    To follow the process to ensure compatibility
    Monitoring of the IT Service Management process to control security needs are satisfied or no
    Establishing communication in order to understand clearly the security principles and policies. 
The standards established under information security, information management, procedures, guidelines, and it all data related to safety, such as Information Security Management System - Information Security Management System is located in. 
Policies: 
Information Security management improves overall information security policy. This policy created with other binding security policies. Allow creation of information security policies imposed on employees must receive the support of senior management in information security policies which will be expected to take place the following topics: 
    Access management policies
    e-mail policies
    Internet access policy
    Anti-Virus policies
    Data classification policies
    Document classification policies
    Remote access policies
    Hardware destruction policies 
    Supplier access policies 
ACTIVITIES:  


Security framework consists of five main activities: 
Controller (Control): is provided by the development of security control policies and procedures. Understanding the business needs of security and the implementation of policies that will meet these needs will rationalize and security management. 
Plan (Planning): Planning the security needs of Service Level Agreement (SLA) is guided by the requirements set by the security department. higher-level security needs of the enterprise security standards in SL are listed. 
Implement (Implementation): Located in creating awareness about application security activities. Furthermore, the system and the creation of a classification system for data, computers, applications, to secure the network still can be examined in this context. It also created the physical security outside are discussed in this phase. Security management is also emerging issues relating to safety (Security Incidents) it allows to solve these problems by studying. 
Evaluate (Evaluation): internal and external inspections in conformity assessment activities for information security management is situated. Internal audit in an IT security specialist group or organization is defined as the study of internal security inspectors would be considered to control the security organization of the external audit inspectors or auditors from outside the organization. problems with security (security Incidents) is provided in the same way the assessment of security issues evaluated in this section. 
Maintain (Maintenance): improving safety and eliminating deficiencies in the evaluation process in order to improve the organizational structure are the maintenance activities. 
ROLES: 
Located under the security manager is responsible for all information security management activities. the difficulty of creating and managing user policies and security policies can be addressed in this context. 
Comprise, in addition, the security manager's tasks:

      Establishment of information security policies and managing
      The enforcement of information security policies
      Classification of IT asset information
      Availability management and IT Service Continuity Management with
implementing security risk analysis 
      Safety and security testing to respond to light.
      Reducing the number of safety-related problems.
      Measuring the impact on the safety of the amendments
      Examining the security policy 

4)Capacity Management

Capacity Management is one of five components in the ITIL Service Delivery area. Capacity management is a process used to manage information technology (IT). Its primary goal is to ensure that IT resources are right-sized to meet current and future business requirements in a cost-effective manner. One common interpretation of capacity management is described in the ITIL framework.   
Capacity Management activities include:
Monitoring, analyzing, tuning, and implementing necessary changes in resource utilization. Managing demand for computing resources, which requires an understanding of business priorities. Modelling to simulate infrastructure performance and understand future resource needs.Application sizing to ensure required service levels can be met.
Storing capacity management data. Producing a capacity plan that documents current utilisation and forecasted requirements, as well as support costs for new applications or releases.Building the annual infrastructure growth plan with input from other teams.


Capacity Management components

The task of Capacity Management is to provide enough capacity to satisfy capacity and performance requirements. It should be timely and cost-effective. You noticed that performance is mentioned here Capacity Management is often connected with performance.
Capacity Management is a quite complex process. It includes proactive (e.g. forestall capacity issues) and reactive measures (e.g. responding to capacity events) and it is highly technical. To make it easier, ITIL suggests three subprocesses: 
    Business Capacity Management-
    Service Capacity Management 
    Component Capacity Management.



Business Capacity Management

Business Capacity Management translates business plans and needs into requirements for IT services and architecture. As customers’ business changes, so are service requirements changing. Change in service requirements usually has an impact on demand for capacity. Service Level Requirements and Service Level Agreement targets must be met.

Service Capacity Management

Service Capacity Management focuses on management, control and prediction of end-to-end performance of live IT services usage and workloads. It’s about measuring performance and comparing it to requirements that are set in Service Level Agreements (SLAs) or Service Level Requirements (SLRs).

Component Capacity Management

Component capacity is what most of us are familiar with. Open your computer properties and check hard disc storage capacity. Or, ask your ISP what your internet link throughput is. We speak about component capacity. Component Capacity Management focuses on management, control, performance prediction, utilization and capacity of technology components (e.g. a hard disc, network interface, processor, etc.).  

5)Availability Management

Availability Management is one of five components in the ITIL Service Delivery area. It is responsible for ensuring application systems are up and available for use according to the conditions of the Service Level Agreements (SLAs).
The Availability Management team reviews business process availability requirements and ensures the most cost effective contingency plans are put in place and tested on a regular basis to ensure business needs are met. For example, Internet applications supporting online ordering systems may have 30minute or less recovery requirements, so they may be provisioned with infrastructure components providing several levels of redundancy. Less critical, non-customer-facing applications used by a few users in small offices with a 5-day recovery period may be provisioned on less expensive infrastructure with limited redundancy capabilities.
Availability Management is also the lead in Component Failure Impact Analysis and Service Outage Analysis initiatives, determining cause, analyzing trends and taking any appropriate actions to ensure service availability meets SLAs.
Availability Management activities include:
    Ensuring service availability meets SLAs
    Determining the cause of availability failures
    Reviewing business requirements for availability of business systems
    Cataloging business requirements
    Ensuring proper contingency plans are in place and tested
    Establishing high-availability, redundant systems to support mission-critical applications.
The fundamental objective of Availability Management is to ensure that all the IT services are available and are functioning correctly whenever customers and users want to make use of them in the framework of the SLAs in force.
The responsibilities of Availability Management include:
    Determining availability requirements in close collaboration with customers.
    Guaranteeing the level of availability established for the IT services.
    Monitoring the availability of the IT services.
    Proposing improvements in the IT infrastructure and services with a view to increasing levels of availability.
    Supervising compliance with the OLAs and UCs agreed with internal and external service providers.



The availability depends on the correct design of the IT services, the reliability of the Cıs involved, their proper maintenance and the quality of the internal and external services agreed.
The main benefits of correct Availability Management are:
    Fulfilment of the agreed service levels.
    Reduction in the costs associated with a given level of availability.
    The customer perceives a better quality of service.
    The levels of availability progressively increase.
    The number of incidents is reduced.
 The main difficulties in Availability Management are:
    The real availability of the service is not monitored correctly.
    There is no commitment to the process in the IT organisation.
    The appropriate software tools and personnel are not available.
    The availability objectives do not match the customer's needs.
    There is a lack of coordination with other processes.
    Internal and external service providers do not recognise the authority of theAvailability Manager as a result of a lack of support from management.

6)Service Level Management

If IT strategy is to be seamlessly aligned to the organization’s strategy, IT must manage the ongoing delivery and enhancement of its services—this is the goal of Service Level Management. Service Level Management ensures that ongoing requirements, communications, and expectations between business and IT are proactively managed. Service Level Management is also responsible for ensuring that internal IT expectations are being met.
The service catalog sets the standards against which expectations, improvements, and performance metrics are measured. SLAs and operating level agreements (OLAs) ensure that agreements are in place to support the offerings within the service catalog.

STRATEGY - TRANSITION

This is phase of a service that has been designed as a guideline to ensure activation of the service. All elements are required for a service, technical and non-technical, located at Service Transition . The most important phase of Service Lifecycle. In this phase, Service Design Packages are developed and loaded into the system after testing. Service Transition Phase aims to keep risks at minimum level. Also demands of changing are responsed. 
There are some key processes and activities: 
 Service Asset and Configuration Management: Records in service management are kept. System integrity is monitored by performing logical modeling of IT components. Up-to-date and verified information on the status of the service assets and IT infrastructure is also made available to other service management processes. The CMS contains one or more physical configuration management databases. 
 Change Management: Respond to customer changing business
requirements and business/IT requests for change that will align the services with the business needs. There are three types of change ; Normal, Standard, Emergency. 



Release and Deployment Management: To build, test and deliver the
capabilities (or skills) in accordance with the service design specification in such a way that the service meets the requirements demanded by the stakeholders. 
 Knowledge Management: The aim is to make this technical know-how accessible to all participating service employees with the help of a service knowledge management system (SKMS). Knowledge management system consists four layers; Data, Information integration, Knowledge Processing, Presentation. 
 Transition Planning and Support : The service transition planning and support process ensures the orderly transition of a new or modified service into production, together with the necessary adaptations to the service management processes. This process must incorporate the service design and operational requirements within the transition planning. This essentially involves the management and control of the transition plan. Effective Transition Planning and Support can significantly improve a service provider’s ability to handle high volumes of change and releases across its customer base. 
 Service Validation and Testing:Successful testing depends on understanding the service holistically. The key purpose of service validation and testing is to provide objective evidence that the new/changed service supports the business requirements. The service is tested explicitly against the utilities and warranties set out in the service design package, including business functionality, availability, continuity, security, usability and regression testing. 
 Evaluation:Evaluation is a generic process designed to verify whether or not a specific service is acceptable. Evaluation considers the input to Service Transition, addressing the relevance of the service design, the transition approach itself, and the suitability of the new or changed service for the actual operational and business environments encountered and expected. 
ITIL service transition helps plan and manage the change of state of a service in its lifecycle. Managing risk for new, changed and retired services protects the product environment. This helps the business deliver value to itself and its customers. 
Curating service knowledge helps all stakeholders make informed, reliable decisions and support challenges with service delivery. Both managing service risk and curating service knowledge are integral to service transition. During service transition, the following organizational elements need support: 



    Service Strategy 
    People 
    Process 
    Technology 
    Suppliers of the service 
    Organizational culture 
    Governance
    Risk 
No change is without risk. In fact, change can create extra risk. When transitioning services, focus on communication planning for awareness and compliance. One of the biggest challenges in service transition is changing people’s behavior to accommodate a new or different service. People have a psychological need to
feel safe and comfortable with changes to them and around them.

STRATEGY - OPERATION

Strategy and Operations area focuses primarily on improved alignment between business strategy and operations management, thus enabling significant improvements in both business performance of our customers, whether the perceived quality of services/products to their end customers, including development of business and marketing strategies, strategies of governance and management organizational and process models and information systems, among others.

IT Strategy & Operations Service Offerings

    Business/Technology Strategy
    IT Service Delivery Model
    Application Strategy & Deployment
    Information Management
    Infrastructure Optimization
    IT Outsourcing, Sourcing, & Supplier Relationship Management
    IT Benchmarking & Performance Improvement


REFERENCES









http://www.isaca.org/Groups/Professional-English/information-secuirty-management/ Pages/Overview.aspx 
 http://atilgurcan.com.tr/information-security-management-bilgi-guvenligi-yonetimi-nedir/