1 / 27

Managing Information Technology Service Delivery

Managing Information Technology Service Delivery . Greg Charles, Ph.D. Principal Consultant Computer Associates June 2005. Today’s Objective. To provide information on the latest trends in service management as seen in government data centers around the country .

ruggiero
Download Presentation

Managing Information Technology Service Delivery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Information Technology Service Delivery Greg Charles, Ph.D. Principal Consultant Computer Associates June 2005

  2. Today’s Objective • To provide information on the latest trends in service management as seen in government data centers around the country

  3. Ever-Increasing Complexity

  4. Approaches Currently In Use • Business As Usual - “Firefighting” • Legislation - “Forced” • Best Practice Focused

  5. Privacy & Security Personal Information Protection Electronic Document Act (PIPEDA) US Patriot Act \ Homeland Security (Critical Infrastructure) Personal Health Information Protection Act (PHIPA) Health Insurance Portability and Accountability Act (HIPAA) SEC Rules 17a-3 & 17a-4 re: Securities Transaction Retention Gramm-Leach Bliley Act (GLBA) privacy of financial information Children’s Online Privacy Protection Act Clinger-Cohen Act (US Gov.) Federal Information Security Mgmt. Act (FISMA) Freedom of Information & Protection of Privacy (FOIPOP) BC Gov FDA Regulated IT Systems Freedom Of Information Act Americans with Disabilities Act, Sec. 508 (website accessibility) Finance Sarbanes Oxley (US) FFIEC US Banking Standards Basel II (World Bank) Turnbull Report (UK) Canadian Bill 198 (MI 52-109 & 52-111) Washington State Laws relating to IT Policy 403-R1, 400-P1, 401-S1, 402-G1; Executive Order 00-03; RCW 9A.52.110,120,130; RCW 9A.48.070, 080, 090; RCW 9A.105.041 and many more Other International IT Models Corporate Governance for ICT DR 04198 (Australia) Intragob Quality Effort (Mexico) Medical Information System Development (Medis-DC) (Japan) Authority for IT in the Public Administration (AIPA) (Italy) Principles of accurate data processing supported accounting systems (GDPdu & GoBS) (Germany) European Privacy Directive (Safe Harbor Framework) The Legislation Minefield

  6. Best Practices • Process Frameworks • IT Infrastructure Library • Application Service Library • Gartner CSD • IBM Processes • EDS Digital Workflow • Microsoft MOF • Telecom Ops Map • etc.. • Quality & Control Models • ISO 900x • COBIT • TQM • EFQM • Six Sigma • COSO • Deming • etc.. •What is not defined cannot be controlled •What is not controlled cannot be measured •What is not measured cannot be improved • Define -- Improve • Measure -- Control And Stabilize

  7. What Is ITIL? • ITIL is a sevenbook series that guides business users through the planning, delivery and management of quality IT services Information Technology Infrastructure Library

  8. The ITIL Books T h e Technology Planning To Implement Service Management T h e B u s i n e s s Service Management Service Support The Business Perspective ICTInfrastructureManagement Service Delivery Security Management Application Management

  9. Complete ITIL Process Model

  10. ITIL Service SupportModel The Business, Customers or Users Monitoring Tools Difficulties Queries Enquiries Communications Updates Work-arounds Incidents Customer Survey reports Service Desk Incidents Changes Incident Management Customer Survey reports Problem Management Releases Service reports Incident statistics Audit reports Change Management Problem statistics Problem reports Problem reviews Diagnostic aids Audit reports Release Management Change schedule CAB minutes Change statistics Change reviews Audit reports Release schedule Release statistics Release reviews Secure library’ Testing standards Audit reports Configuration Management CMDB reports CMDB statistics Policy standards Audit reports Cls Relationships Problems Known Errors Incidents Changes Releases CMDB

  11. ITIL Service Delivery Model Business, Customers and Users Communications Updates Reports Queries Enquiries Availability Management Service Level Management Availability plan AMDB Design criteria Targets/Thresholds Reports Audit reports Capacity Management SLAs, SLRs OLAs Service reports Service catalogue SIP Exception reports Audit reports Requirements Targets Achievements Capacity plan CDV Targets/thresholds Capacity reports Schedules Audit reports Financial Management For IT Services Financial plan Types and models Costs and charges Reports Budgets and forecasts Audit reports IT Service Continuity Management IT continuity plans BIS and risk analysis Requirements def’n Control centers DR contracts Reports Audit reports Alerts and Exceptions Changes Management Tools

  12. What Is ITIL All About? • AligningIT services with business requirements • A set of best practices, not a methodology • Providing guidance, not a step-by-step, how-to manual; the implementation of ITIL processes will vary from organization to organization • Providing optimal service provision at a justifiable cost • A non-proprietary, vendor-neutral, technology-agnostic set of best practices.

  13. Sarbanes- Oxley US Securities & Exchange Commission COSO CobIT Service Mgmt. App. Dev. (SDLC) Project Mgmt. IT Planning IT Security Quality System ISO CMM Six Sigma ITIL ASL BS 15000 AS 8018 ISO 17799 PMI TSO IS Strategy IT Governance Model Audit Models Quality Systems & Mgmt. Frameworks IT OPERATIONS

  14. CobIT • CobIT is an open standard control framework for IT Governance with a focus on IT Standards and Audit • Based on over 40 International standards and is supported by a network of 150 IT Governance Chapters operating in over 100 countries • CobIT describes standards, controls and maturity guidelines for four domains, and 34 control processes

  15. The CobiT Cube (Business Requirements) 4 Domains 34 Processes 318 Control Objectives

  16. CobiT Domains Acquire & Implement (AI Process Domain) Plan & Organize (PO Process Domain) Monitor (M Process Domain) Deliver & Support (DS Process Domain)

  17. Define Strategic IT Plan Determine Technological Direction Define Information Architecture Identify Automated Solutions Install & Accredit Systems Manage Change Acquire & Maintain Technology Infrastructure Develop & Maintain IT Procedures Define IT Organization & Relationships Manage IT Investment Communicate Aims & Direction Manage Human Resource Ensure Compliance With External Standards Assess Risks Manage Projects Manage Quality Assess Internal Control Adequacy Monitor The Process Define & Manage Service Levels Manage Third-Party Services Manage Performance & Capacity Ensure Continuous Service Ensure System Security Identify & Allocate Costs Manage Operations Obtain Independent Assurance Educate & Train Users Assist & Advise IT Customers Manage Configuration Manage Problems & Incidents Manage Data Manage Facilities Provide Independent Audit Plan & Organize Planning & Organization Acquire & Implement Acquire & Maintain Application Software Monitor Deliver & Support

  18. COSO Components • Control Activities • Policies that ensure management directives are carried out • Approval and authorizations, verifications, evaluations, safeguarding assets security and segregation of duties • Monitoring • Assess control system performance over time • Ongoing and separate evaluations • Management and supervisory activities • Information and Communication • Relevant information identified, captured and communicated timely • Access to internal and externally generated information • Information flow allows for management action • Risk Assessment • Identify and analyze relevant risks to achieving the entity’s objectives • Control Environment • Sets “tone at the top” • Foundation for all other components of control • Integrity, ethical values, competence, authority, responsibility

  19. COSO, CobiT & SOX Components

  20. Putting COSO, CobiT, and ITIL together • COSO defines the high level policies of a well governed IT organization • CobiT defines the control structures for evaluating the organization conforms to COSO policies. • ITIL defines the practices that will satisfy the CobiT controls.

  21. How to Make it a Reality? Key Success Factors Theory – CobIT/ITIL/COSO Process • Guidelines for Best Practices • Provides the theory but not the process • Education is an important component • Convert theory to process that is applicable to the unique needs of the organization • Training & Education • Tool configuration Technology – CA and others • Provide the technology that enables and automates the process • Repeatability, compliance and notifications • Implement processes impossible without technology

  22. Making IT Easier Customer maturity isolates appropriate transition point, blueprint & ROI

  23. Next Steps - Focus on Customer Needs EIM • Complete • Integrated • Open • • People • Process • • Technology • • Partners • Proven Best Practices • High Quality • Comprehensive Business Flows Solutions • Enabling • Evolutionary • Efficient

  24. Respondent Scoring Proven Practice “Statements” Typical Survey Section features…

  25. Industry Comparison Role Comparison Overall Comparison Your Score Comparison Charts 3 Sets of Scores

  26. Best Practices Best Practices: Industry and CA best practices are applied to all of our solutions to maximize standardization and quality Meeting Customer Needs – Best Practices

  27. Questions? Thank Yougregory.charles@ca.com

More Related