slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
North Coast HDI Audit Proof Your ITIL Processes John Livingston February 2011 PowerPoint Presentation
Download Presentation
North Coast HDI Audit Proof Your ITIL Processes John Livingston February 2011

Loading in 2 Seconds...

play fullscreen
1 / 48

North Coast HDI Audit Proof Your ITIL Processes John Livingston February 2011 - PowerPoint PPT Presentation


  • 168 Views
  • Uploaded on

North Coast HDI Audit Proof Your ITIL Processes John Livingston February 2011. Agenda. Introduction Why learn how to Audit Proof your ITIL Processes? Audit Tools and Techniques ITIL Processes – Incident, Problem, Configuration Mgmt (CMDB) and Change Mgmt Other Resources

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'North Coast HDI Audit Proof Your ITIL Processes John Livingston February 2011' - allayna


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

North Coast HDI

Audit Proof Your ITIL Processes

John Livingston

February 2011

agenda
Agenda
  • Introduction
  • Why learn how to Audit Proof your ITIL Processes?
  • Audit Tools and Techniques
  • ITIL Processes – Incident, Problem, Configuration Mgmt (CMDB) and Change Mgmt
  • Other Resources
  • Recap what we covered today
  • Questions
introduction
Introduction
  • University Hospitals
    • Mission: To Heal. To Teach. To Discover.
    • 17,000 physicians and employees; 4.8 million outpatient procedures; 63,000 inpatient discharges; $1.9 billion revenue annually
    • Rainbow Babies ranked top 5 nationally for neonatal care
    • Vision 2010
introduction4
Introduction
  • Instructor
    • IT Auditor for University Hospitals, prior experience 8 years in IT Operations for Fortune 500 company
    • 7-person ITIL department responsible for Change, Problem, Incident and Configuration Management
    • Certified Information Systems Auditor, Lean Six Sigma Black Belt, ITIL and COBIT certifications
why learn how to audit proof your itil processes
Why learn how to Audit Proof your ITIL Processes?
  • Benefits
    • More prepared for audits
    • Input into the direction of the audit
    • Better manage your ITIL process
    • Understand organization’s risks and controls
    • Career opportunities
audit tools techniques audit process
Audit Tools & Techniques – Audit Process
  • Audit Dept. reports to Board of Directors
  • Independent activity
  • Audit Committee determines the audit plan
audit tools techniques frameworks
Audit Tools & Techniques – Frameworks

COSO

ISO9000

IT

Governance

Fiduciary

Governance

Other

Governance

COBIT

ISO 27000

ISO 20000

CMM

ISO 9126

ITIL

ISO 15504

ISO 12207

Security

Management

TickIT

Source: Peter Davis + Associates

audit tools techniques itil
Audit Tools & Techniques – ITIL

Service Strategy

Service Design

Service Operation

Service Improvement

Service Transition

Process Relationships – 29 Total

incident management introduction
Incident Management - Introduction
  • Goals:
    • restore normal service operation ASAP
    • minimize the adverse impact on business operations.
incident management introduction14
Incident Management - Introduction
  • Incident - unplanned interruption to or reduction in the quality of an IT service.
  • Failure of a Configuration Item (CI) that has not yet affected service.
incident management basic concepts
Incident Management – Basic Concepts
  • Incident management should consider the following elements:
    • Time limits – agree on time limits for all phases and use them as targets in Operational Level Agreements (OLAs) and Underpinning Contracts (UCs)
    • Incident models – a way to determine the steps necessary to execute a process correctly.
incident management activities
Incident Management - Activities
  • Key Challenges
    • Detection of incidents, especially prior to user impacts
    • Logging of incidents – getting all incidents logged by all IT staff
    • Ability to identify recent problems and changes
    • Clear understanding (coming from service level mgmt) of the user impact and associated priority allocation for incidents
    • Well-functioning Configuration Management Database (CMDB) with relationships between CIs.
incident management metrics
Incident Management – Metrics
  • Total number of incidents
  • Number and percentage of incidents by priority
  • Average cost per incident (Level 0, 1, 2, 3)
  • The number and percentage of incorrectly routed incidents
  • The percentage of incidents handled within the agreed timeframe
  • Number and percentage of incidents processed per service desk agent
problem management introduction
Problem Management - Introduction
  • Goals:
    • Find and resolve the root cause of a problem and prevent additional incidents
    • Return the service to normal level as soon as possible, with smallest possible business impact.
problem management introduction19
Problem Management - Introduction
  • Incident - unplanned interruption to an IT service or reduction in the quality of an IT service. Failure of a CI that has not yet affected service is also an incident.
  • Problem - cause of one or more incidents.
      • A problem can be identified from:
        • Multiple incidents exhibiting common symptoms
        • A single significant incident indicative of a single error, for which the cause is unknown.
problem management introduction20
Problem Management - Introduction

High-performing IT organizations spend less than 5% of their time on unplanned and urgent work (“firefighting”). In contrast, typical IT organizations spend between 35-45% of their time on unplanned and unscheduled work.

source: The Visible Ops Handbook

problem management basic concepts
Problem Management – Basic Concepts
  • Incident management should stop working on an incident when the service to the user(s) has been restored.
  • It’s the responsibility of Problem Management to permanently “fix” the issue
problem management activities
Problem Management - Activities
  • Problem management consists of two important processes:
    • Reactive problem management
    • Proactive problem management
problem management activities23
Problem Management - Activities
  • Problem Process
    • Problem detection
    • Problem logging
    • Categorization
    • Prioritization
    • Investigation and diagnosis
    • Resolution
    • Closure
problem management activities24
Problem Management - Activities
  • Techniques for investigation and diagnosis
    • 5-why analysis
    • Ishikawa (fishbone) diagram
configuration management introduction
Configuration Management - Introduction
  • Goals:
    • Provide accurate configuration information to enable people to make the right decisions at the right time
    • Minimize the number of quality and compliance issues caused by improper configuration of services and assets.
configuration management basic concepts
Configuration Management– Basic Concepts
  • A configuration item (CI) is an asset, service component or other item that needs to be managed in order to deliver an IT Service.
configuration management basic concepts28
Configuration Management – Basic Concepts
  • Configuration management database (CMDB) - contains details about configuration items throughout their lifecycle.
  • A federated CMDB pulls the CI information from many different sources.
configuration management basic concepts29
Configuration Management– Basic Concepts
  • CMDB design encompasses four dimensions:
    • Scope – which components to include
    • Level of detail – how much detail to break a CI into
    • Relationship – between CIs
    • Attribute – a piece of information about a CI
change management introduction
Change Management - Introduction
  • Goals:
    • Reduce incidents, disruptions and rework
    • Respond to customer’s changing business requirements

“80% of unplanned downtime is caused by people and process issues, including poor change management practices, while the remainder is caused by technology failures and disasters.”

Donna Scott

VP & Research Director

Gartner

change management introduction31
Change Management - Introduction
  • Objective: ensure that changes are recorded, assessed, prioritized, planned, tested, implemented, and documented in a controlled manner.
  • Change - addition, modification, or elimination of a CI and its related documentation.
change management introduction32
Change Management - Introduction
  • Every organization must itself define which changes its change management process does and does not cover.
  • Examples include:
    • Changes to PCs
    • Changes to user accounts
    • Other examples?
change management basic concepts
Change Management – Basic Concepts
  • Change Advisory Board (CAB:) Consultation Body that meets at fixed intervals to assess changes and help change management prioritize the changes. It may include representatives from all important IT departments, as well as:
    • Customers
    • End users
    • Application developers
    • System administrators
    • Service desk representatives
    • Supplier representatives
change management activities
Change Management - Activities
  • 1. Create and record
    • An individual or department may submit an RFC
    • All RFCs are registered and it must be possible to identify them.
change management activities35
Change Management - Activities
  • 2. Review the RFC
    • Does it make good business sense?
    • Is it technically feasible?
change management activities36
Change Management - Activities
  • 3. Assess and evaluate changes
    • Impact x Probability = Risk Category
change management activities37
Change Management - Activities
  • 3. Assess and evaluate changes (cont.)
    • Examples of priority codes are:
      • Standard
      • Urgent
      • Emergency
change management activities38
Change Management - Activities
  • 3. Assess and evaluate changes (cont.)
    • Schedule of Change (SC). Calendar which contains the details for all approved changes.
change management activities39
Change Management - Activities
  • 6. Evaluate and Close (Cont.)
    • Post Implementation Review (PIR)
change management relation to other itil processes
Change Management – Relation to other ITIL Processes
  • Incident Management
    • Help Desk/IT Operations attends CAB meeting
    • Once an outage in the IT Environment is identified, Help Desk/IT Operations reviews change records for possible root causes.
change management relation to other itil processes41
Change Management – Relation to other ITIL Processes
  • Problem Management
    • Frequently submits RFCs and makes an important contribution to CAB discussions
    • Reviews implemented changes for possible root causes of Problems.
change management relation to other itil processes42
Change Management – Relation to other ITIL Processes
  • Configuration Management (CMDB)
    • RFC will include CIs to be able to assess potential impact of change on the IT environment. Also related CIs (not included in RFC) are reviewed for possible upstream and downstream impact.
    • CIs will have a record of implemented changes and success rate of those changes (CI fragility.)
  • Release Management
    • The Release process is triggered by an approved RFC.
    • Change management will conduct a Post Implementation Review (PIR) after the release is deployed.
change management metrics
Change Management – Metrics
  • Metrics
    • Number of RFCs implemented per month
    • % of RFCs per category (Risk and Impact, Priority, Emergency, etc.)
    • % of RFCs which were unsuccessful
    • Average amount of time from submission to implementation of RFC
    • Cost to process each RFC (Quality Review of RFC Implementation, Testing and Backout Plans)
other resources
Other Resources
  • Appendix on Preparing for IT Audits
  • How to become a High-Performing IT Organization
  • Four Phases of Visible Ops
    • Phase 1: “Stabilize the patient”
    • Phase 2: “Catch & Release” and “Find Fragile Artifacts”
    • Phase 3: Establish Repeatable Build Library
    • Phase 4: Enable Continuous Improvement

http://www.itpi.org

other resources46
Other Resources
  • COBIT
    • http://www.isaca.org
    • Click on Knowledge Center, then COBIT
  • National Institute of Standards and Technology
    • http://www.nist.gov
what we learned today
What we learned today
  • Why learn how to Audit Proof your ITIL Processes?
  • Audit Tools and Techniques
  • ITIL Processes – Incident, Problem, Configuration Mgmt (CMDB) and Change Mgmt
  • Additional resources for learning more about ITIL
questions
Questions

?

john.livingston@uhhospitals.org

LinkedIn