You are on page 1of 75

Service Design: Principles,

Processes, Functions

ISH3I3 SERVICE MANAGEMENT

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017
ISH3I3 - Service Management - Service Design

Objectives
Understanding the basic concept of service design
Understanding service strategy processes
Service Catalog Management
Service Level Management
Capacity Management
Information Security Management
Supplier Management
Continuity Management
Availability Management

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 2
ISH3I3 - Service Management - Service Design

ITIL Lifecycle

Problem management
Incident management
Event m.
Request ful.
Access m.
Valid & Testing Operation m.
Release and Deployment mgmt
Knowledge management
Service asset and configuration management
Change management
Supplier management
Information security management
Service continuity mgmt
Availability mgmt
Service level mgmt
Service portf.mgmt Capacity management
Strategy gen Service catalogue mgmt Service reporting
IT Financial management Service measure
Demand management Service improv.

Service Service Service Service Continual service


strategy design transition operation improvement

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 3
ISH3I3 - Service Management - Service Design

ITIL Processes

Availability mgmt Knowledge mgmt

Service cont mgmt Evaluation

Supplier mgmt Validation & Testing Access mgmt

Release & Deploy


Financial mgmt Info security mgmt Problem mgmt
mgmt

Demand mgmt Capacity mgmt Asset & Config mgmt Request Fulfillment Service measurement

Service portfolio Service level mgmt Change mgmt Incident mgmt Service reporting
mgmt

Service catalogue
Strategy Generation mgmt Transition Pl & Sup Event mgmt 7-Steps improvement

Continual
Service Service Service Service
Service
strategy design transition operation
Improvement

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 4
ISH3I3 - Service Management - Service Design

Direct Carrier Billing

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 5
ISH3I3 - Service Management - Service Design

Service Design

Service Catalog Management


Service Level Management
Capacity Management
Information Security Management
Supplier Management
Continuity Management
Availability Management

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 6
ISH3I3 - Service Management - Service Design

Service Design Big Picture

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 7
ISH3I3 - Service Management - Service Design

Design Coordination

Process Objective: To coordinate all service design activities, processes and


resources. Design coordination ensures the consistent and effective design of
new or changed IT services, service management information systems,
architectures, technology, processes, information and metrics.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 8
ISH3I3 - Service Management - Service Design

Objectives
to ensure the goals and
objectives of the service
design stage are met by
providing and maintaining
a single point of
coordination and control
for all activities and
processes within this stage
of the service lifecycle.

Design Coordination Activities

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 9
ISH3I3 - Service Management - Service Design

Sub-processes
Design Coordination Support
Process Objective: To coordinate and develop Service Design resources and capabilities, and to ensure that
a consistent approach to designing new or changed services is adopted across all service transition projects

Service Design Planning


Process Objective: To plan design activities in detail, making sure that all relevant aspects are considered
during service design.

Service Design Coordination and Monitoring


Process Objective: To coordinate the design activities performed by various Service Design processes, and
to determine if the new or changed service can be provided economically. This process is also responsible
for deciding if the clients' requirements can be fulfilled or must be renegotiated.

Technical and Organizational Service Design


Process Objective: To determine how a new service will be provided from an IT perspective. In particular,
this means to specify any technical infrastructure to be created, as well as required organizational changes.
The resulting Service Design Package contains all relevant information for Service Transition.

Service Design Review and RFC Submission


Process Objective: To submit the Service Design Package to a final review and initiate the implementation
of the service by submitting a formal Request for Change.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 10
ISH3I3 - Service Management - Service Design

Service Design Package (SDP)


SDP is the main output of Service Design.
The Service Design Package (SDP) builds upon
the Service Level Requirements. It further
specifies the requirements from the viewpoint
of the client and defines how these are actually
fulfilled from a technical and organizational
point of view. It is assumed that a bundle of
supporting services is combined in order to
deliver a business service for the client. In this
context, the IT organization may opt to supply
the supporting service with its own resources, or
to use an external service supplier.

The Service Design Package is passed


from Service Design to the Service
Transition process and details all information
required in order to develop the service solution,
including a preliminary (intended) time-schedule
for the Service Transition phase.

https://wiki.en.it-
processmaps.com/index.php/Checklist_Service_Design_Package_SDP

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 11
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 12
ISH3I3 - Service Management - Service Design

Service Catalog Management

Process Objective: to ensure that a Service Catalogue is produced and


maintained, containing accurate information on all operational services and
those being prepared to be run operationally. This process provides vital
information for all other ITIL service management processes: service details,
current status and the services' interdependencies.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 13
ISH3I3 - Service Management - Service Design

Objectives
to provide and maintain a single source of consistent information on all operational
services and those being prepared to be run operationally, and to ensure that it is
widely available to those who are authorized to access it.

Types of service in a service catalogue


TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 14
ISH3I3 - Service Management - Service Design

Two view of Service Catalog

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 15
ISH3I3 - Service Management - Service Design

Two view of Service Catalog

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 16
ISH3I3 - Service Management - Service Design

Service Catalog Template


The Service Catalogue contains summarizing information about existing or planned external
IT Services:
Index of IT Services
Name
Client
Current status (e.g. In planning, In implementation, Active, Outphased)
For each IT Service:
Name
Description
Client(s)
Internal Service components on which the external Service is based
Relationship to other IT Services
Time schedule
Planned Service start
Next planned change
Planned completion
Reference to further documents
SLR
Service Specification Sheet
SLA

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 17
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 18
ISH3I3 - Service Management - Service Design

Service Level Management

Process Objective: To negotiate Service Level Agreements with the customers


and to design services in accordance with the agreed service level targets.
Service Level Management is also responsible for ensuring that all
Operational Level Agreements and Underpinning Contracts are appropriate,
and to monitor and report on service levels..

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 19
ISH3I3 - Service Management - Service Design

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 20
ISH3I3 - Service Management - Service Design

Sub-processes
Maintenance of the SLM Framework
Process Objective: To design and maintain the underlying structure of the Customer
Agreement Portfolio, and to provide templates for the various SLM documents.
Identification of Service Requirements
Process Objective: To capture desired outcomes (requirements from the customer
viewpoint) for new services or major service modifications. The service requirements are
to be documented and submitted to an initial evaluation, so that alternatives may be
sought at an early stage for requirements which are not technically or economically
feasible.
Agreements Sign-Off and Service Activation
Process Objective: To have all relevant contracts signed off after completion of Service
Transition, and to check if Service Acceptance Criteria are fulfilled. In particular, this
process makes sure that all relevant OLAs are signed off by their Service Owners, and that
the SLA is signed off by the customer.
Service Level Monitoring and Reporting
Process Objective: To monitor achieved service levels and compare them with agreed
service level targets ("Service Level Report"). This information is circulated to customers
and all other relevant parties, as a basis for measures to improve service quality

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 21
ISH3I3 - Service Management - Service Design

Additional notes of terminologies in SLM


Customer Agreement Portfolio - While the Service Catalogue holds a complete list of the services managed by the service
provider, the Customer Agreement Portfolio contains all Service Agreements which provide the framework for delivering services
to specific customers.
Operational Level Agreement (OLA) - An agreement between an IT service provider and another part of the same organization.
An OLA supports the IT service provider's delivery of services to customers. The OLA defines the goods or services to be provided
and the responsibilities of both parties. For example there could be an OLA - between the IT service provider and a procurement
department to obtain hardware in agreed times - between the Service Desk and a support group to provide Incident resolution in
agreed times (see also: ITIL Checklist SLA - OLA).
Outline of Service Requirements - The desired outcome of a service, stated in terms of required service functionality (utility) and
service levels (warranty). Based on this information, detailed service requirements are specified during the Service Design stage.
Service Acceptance Criteria (SAC) - A set of criteria used for service acceptance testing to ensure that an IT service meets its
functionality and quality requirements and that the service provider is ready to operate the new service when it has been
deployed.
Service Level Agreement (SLA) - An agreement between an IT service provider and a customer. The SLA describes the IT service,
documents service level targets, and specifies the responsibilities of the IT service provider and the customer. A single SLA may
cover multiple services or multiple customers (see also: ITIL Checklist SLA - OLA).
Service Level Report - The Service Level Report gives insight into a service provider's ability to deliver the agreed service quality.
To this purpose, it compares the agreed and actually achieved service levels, and also includes information on the usage of
services, ongoing measures for service improvement, and any exceptional events. A Service Level Report is issued by the service
provider for its customers, IT management and other Service Management processes. A similar report is also created by an
external service supplier to document its achieved service performance.
Service Level Requirements (SLR) - The Service Level Requirements document contains the requirements for a service from the
client viewpoint, defining detailed service level targets, mutual responsibilities, and other requirements specific to a certain
(group of) customers. As the service enters new stages of its life cycle, the SLR document evolves into a draft Service Level
Agreement.
SLM Document Templates - Templates for the various documents used within Service Level Management, e.g. Service Level
Requirements, Service Level Agreements, Operational Level Agreements, Underpinning Contracts, Service Acceptance Criteria, ...

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 22
ISH3I3 - Service Management - Service Design

SLA/OLA Template
Content:
Service name
Clearance information (with location and date)
Contract duration
Description/ desired customer outcome
Communication between customer and service provider
Service and asset criticality
Service times
Required types and levels of support
Service level requirements/ targets
Technical standards/ specification of the service interface
Responsibilities
Pricing model
Change history
List of annexes and references
Reff: https://wiki.en.it-processmaps.com/index.php/Checklist_SLA_OLA

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 23
ISH3I3 - Service Management - Service Design

SLR Template
Name of the Service
Clearance information (with location and date)
Service Level Manager
Client
Service description
Short description of Service
Users of the IT Service on the client-side
Breakdown of the offered Service into Service groups, e.g. along Infrastructure Components or IT Applications
For each Service group:
Which Services are offered, e.g.
Handling of Service interruptions (by telephone, by remote access, on site?)
User Services (user administration, installation, )
What quality is required of the offered Services, e.g.
Service times
Availability requirements
Number of interruptions allowed
Availability thresholds (xx,xx %)
Downtimes for maintenance (number of allowed downtimes, pre-notification periods)
Procedure for announcing interruptions to the Service (planned/ unplanned)
Performance requirements
Required capacity (lower/upper limit) for the Service
Allowed workload/ usage of the Service
Response times from applications
Reaction and resolution times (according to priorities, definition of priorities e.g. for the classification
of Incidents)
Requirements for the maintenance of the Service in the event of a disaster

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 24
ISH3I3 - Service Management - Service Design

KPI

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 25
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 26
ISH3I3 - Service Management - Service Design

Availability Management

Process Objective: To define, analyze, plan, measure and improve all aspects
of the availability of IT services. Availability Management is responsible for
ensuring that all IT infrastructure, processes, tools, roles etc. are appropriate
for the agreed availability targets.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 27
ISH3I3 - Service Management - Service Design

Objectives
The purpose of the
availability management
process is to ensure that the
level of availability
delivered in all IT services
meets the agreed
availability needs and/or
service level targets in a
cost-effective and timely
manner.
Availability management is
concerned with meeting
both the current and future
availability needs of the
business.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 28
ISH3I3 - Service Management - Service Design

Availability, Reliability, Maintanability

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 29
ISH3I3 - Service Management - Service Design

Case Study

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 30
ISH3I3 - Service Management - Service Design

Expanded Incident Lifecycle

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 31
ISH3I3 - Service Management - Service Design

Availability Terms & Measurements

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 32
ISH3I3 - Service Management - Service Design

Process Overview

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 33
ISH3I3 - Service Management - Service Design

Sub-processes
Design Services for Availability
Process Objective: To design the procedures and technical features required to fulfill the
agreed availability levels.

Availability Testing
Process Objective: To make sure that all availability, resilience and recovery mechanisms
are subject to regular testing.

Availability Monitoring and Reporting


Process Objective: To provide other Service Management processes and IT Management
with information related to service and component availability. This includes comparing
achieved vs. agreed availability and the identification of areas where availability must be
improved.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 34
ISH3I3 - Service Management - Service Design

Template
Availability Improvement Plan Availability Report:
Running and planned measures for For all IT Services
Availability improvementService name Details of the Availability
Agreed Availability
Person in Charge of the Service Attained/ measured Availability
Person on charge of the measure to Trend analyses
improve the Availability
Incidents leading to reduced Service
Description of the measure Availability
Reason for the measure (e.g. recognized In the past (prolonged Service failures
vulnerabilities with a potential influence etc.)
on Service Availability) Type of the incident
Target values for the Availability to be Causes
achieved Counter-measures for the elimination of
the failure
Target date Measures for the future avoidance of
Status similar failures
In the future (e.g. planned prolonged
downtimes to IT Services)
Running and planned measures for
Availability improvement

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 35
ISH3I3 - Service Management - Service Design

KPI

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 36
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 37
ISH3I3 - Service Management - Service Design

Capacity Management

Process Objective: ITIL Capacity Management aims to ensure that the


capacity of IT services and the IT infrastructure is able to deliver the agreed
service level targets in a cost effective and timely manner. The Capacity
Management process considers all resources required to deliver the IT
service, and plans for short, medium and long term business requirements

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 38
ISH3I3 - Service Management - Service Design
Process Overview

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 39
ISH3I3 - Service Management - Service Design

Remember its relationship with


TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING Demand Management
INFORMATION SYSTEM 2017 40
ISH3I3 - Service Management - Service Design

Sub-Processes
Business Capacity Management
Process Objective: To translate business needs and plans into capacity and performance
requirements for services and IT infrastructure, and to ensure that future capacity and
performance needs can be fulfilled.

Service Capacity Management


Process Objective: To manage, control and predict the performance and capacity of
operational services. This includes initiating proactive and reactive action to ensure that the
performances and capacities of services meet their agreed targets.

Component Capacity Management


Process Objective: To manage, control and predict the performance, utilization and capacity of
IT resources and individual IT components.

Capacity Management Reporting


Process Objective: To provide other Service Management processes and IT Management with
information related to service and resource capacity, utilization and performance (see
"Capacity Report").

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 41
ISH3I3 - Service Management - Service Design

Ongoing iterative activities

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 42
ISH3I3 - Service Management - Service Design

Typical parameters
Processor utilization
Memory utilization
Per cent processor per transaction type
I/O rates (physical and buffer) and device utilization
Queue lengths
Disk utilization
Transaction rates
Response times
Batch duration
Database usage
Index usage
Hit rates
Concurrent user numbers
Network traffic rates

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 43
ISH3I3 - Service Management - Service Design

KPI

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 44
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 45
ISH3I3 - Service Management - Service Design

IT Service Continuity Management

Process Objective: IT Service Continuity Management (ITSCM) aims to manage


risks that could seriously impact IT services. This ITIL process ensures that the
IT service provider can always provide minimum agreed Service Levels, by
reducing the risk from disaster events to an acceptable level and planning for
the recovery of IT services. ITSCM should be designed to support Business
Continuity Management.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 46
ISH3I3 - Service Management - Service Design

Sub-processes
ITSCM Support
Process Objective: To make sure that all members of IT staff with responsibilities for
fighting disasters are aware of their exact duties, and to make sure that all relevant
information is readily available when a disaster occurs.

Design Services for Continuity


Process Objective: To design appropriate and cost-justifiable continuity mechanisms and
procedures to meet the agreed business continuity targets. This includes the design of
risk reduction measures and recovery plans.

ITSCM Training and Testing


Process Objective: To make sure that all preventive measures and recovery mechanisms
for the case of disaster events are subject to regular testing.

ITSCM Review
Process Objective: To review if disaster prevention measures are still in line with risk
perceptions from the business side, and to verify if continuity measures and procedures
are regularly maintained and tested.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 47
ISH3I3 - Service Management - Service Design

ITSCM Lifecycle

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 48
ISH3I3 - Service Management - Service Design

Business Impact Analysis, identifies:


The form that the damage or loss may How the degree of damage or loss is likely
take for example: to escalate after a service disruption, and
the times of the day, week, month or year
Lost income when disruption will be most severe
Additional costs
The staffing, skills, facilities and services
Damaged reputation (including the IT services) necessary to
Loss of goodwill enable critical and essential business
Loss of competitive advantage
processes to continue operating at a
minimum acceptable level
Breach of law, health and safety
regulations The time within which minimum levels of
staffing, facilities and services should be
Risk to personal safety recovered
Immediate and long-term loss of
The time within which all required
market share business processes and supporting staff,
Political, corporate or personal facilities and services should be fully
embarrassment recovered
Loss of operational capability, for The relative business recovery priority for
example, in a command and control each of the IT services.
environment

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 49
ISH3I3 - Service Management - Service Design

Business Impact Analysis, identifies:


In BIA phase, we have to determine RTO and RPO for every services

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 50
ISH3I3 - Service Management - Service Design

Template Risk Analysis (1)


Critical business processes
Name
Purpose and objectives of the process
Classification of the processes into criticality categories (e.g. Marginal, Normal, Critical, Highly
Critical)
Critical business data
Name
Type of information and usage of the data
Classification of the data into criticality categories (e.g. Marginal, Normal, Critical, Highly Critical)
Critical IT Services
Name
Dependencies of the critical business processes and data upon the IT Service (relationships between
processes/ data and IT Services)
Classification of the IT Service into criticality categories (e.g. Marginal, Normal, Critical, Highly
Critical)
Critical IT infrastructure components
Name
Dependencies of the critical IT Services upon the IT infrastructure components (relationships between IT
Services and IT infrastructure components)
Classification of the IT infrastructure components into criticality categories (e.g. Marginal, Normal,
Critical, Highly Critical)

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 51
ISH3I3 - Service Management - Service Design

Template Risk Analysis (2)


Threat analysis
For all critical infrastructure components:
Which threats/ disaster scenarios are imaginable?
Which consequences does the occurrence of a scenario carry?
Which level of damage would be expected?
How likely is the occurrence? (e.g. Highly Improbable, Improbable, Relatively Improbable,
Rather Improbable, Highly Probable
Analysis of vulnerabilities
For all critical infrastructure components:
Which vulnerabilities, impairing the critical infrastructure components in the event of a disaster, are
imaginable?
Which consequences would a failure carry?
Which level of damage would be expected?
How great is the probability of occurrence? (e.g. Highly Improbable, Improbable, Relatively
Improbable, Rather Improbable, Highly Probable
Priorised list of the risks (risk = occurrence probability x level of damage)
Type of risk
Based on which threat or vulnerability
Risk classification, e.g. Negligible, Marginal risk, temporarily tolerable, Increased, still
temporarily tolerable risk, High risk, not tolerable without precautionary measures,
Extreme risk, to be ruled out by all means

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 52
ISH3I3 - Service Management - Service Design

Template Service Continuity Plan


Running and planned measures aimed at the preparation for disaster events
For all identified non-tolerable risks:
Name of the risk
Affected business processes
Affected business data
Affected IT Services
Affected infrastructure components
Measure for reducing/ eliminating the risk
Description
Costs and resources
Person in charge of the measure
Target date
Status

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 53
ISH3I3 - Service Management - Service Design

Template Emergency Plan


Index of emergency-relevant documents and information
Checklists for fault-analyses
Possible modes of operation in an emergency (e.g. use of standby systems)
Possible Workarounds
Recovery procedures
Further documentation useful in an emergency
Emergency roles and contact lists
Alarm plan
Index of emergency-relevant access information (passwords, locations/ depositories
for keys etc.)
Emergency-relevant contract data

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 54
ISH3I3 - Service Management - Service Design

KPI

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 55
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 56
ISH3I3 - Service Management - Service Design

Information Security Management

Process Objective: Information Security Management aims to ensure the


confidentiality, integrity and availability of an organization's information, data
and IT services. ITIL Security Management usually forms part of an
organizational approach to security management which has a wider scope
than the IT Service Provider.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 57
ISH3I3 - Service Management - Service Design

Elements of an ISMS for Managing IT Security

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 58
ISH3I3 - Service Management - Service Design

Sub-processes
Design of Security Controls
Process Objective: To design appropriate technical and organizational measures in order
to ensure the confidentiality, integrity, security and availability of an organization's
assets, information, data and services.

Security Testing
Process Objective: To make sure that all security mechanisms are subject to
regular testing.

Management of Security Incidents


Process Objective: To detect and fight attacks and intrusions, and to minimize the
damage incurred by security breaches.

Security Review
Process Objective: To review if security measures and procedures are still in line with risk
perceptions from the business side, and to verify if those measures and procedures are
regularly maintained and tested.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 59
ISH3I3 - Service Management - Service Design

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 60
ISH3I3 - Service Management - Service Design

The scope of security controls

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 61
ISH3I3 - Service Management - Service Design

KPI

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 62
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 63
ISH3I3 - Service Management - Service Design

Supplier Management

Process Objective: The objective of Supplier Management is to ensure that all


contracts with suppliers support the needs of the business. This ITIL process is
also responsible for making sure that all suppliers meet their contractual
commitments

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 64
ISH3I3 - Service Management - Service Design

Roles & Interfaces

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 65
ISH3I3 - Service Management - Service Design

The process overview

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 66
ISH3I3 - Service Management - Service Design

Sub-processes
Providing the Supplier Management Framework
Process Objective: To provide guidance and standards for the procurement of services and
products. This includes the provision of the Supplier Strategy and the preparation of standard
Terms and Conditions.
Evaluation of new Suppliers and Contracts
Process Objective: To evaluate prospective suppliers in accordance with the Supplier Strategy,
and to select the most suitable supplier.
Establishing new Suppliers and Contracts
Process Objective: To negotiate and sign a binding contract with a supplier. This process is
mainly applied for significant investments, either in externally provided services or in
technology.
Processing of Standard Orders
Process Objective: To process orders for commodity products and services, and to order pre-
defined items within the boundaries of existing contract frameworks.
Supplier and Contract Review
Process Objective: To verify if the contractually agreed performance is actually delivered, and
to define improvement measures if required (see "Supplier and Contract Review")
Contract Renewal or Termination
Process Objective: To carry out regular renewals of contracts, to assess if those contracts are
still relevant, and to terminate contracts which are no longer needed.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 67
ISH3I3 - Service Management - Service Design

Supplier Categorization

What are the benefits?

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 68
ISH3I3 - Service Management - Service Design

What is/are the relationship(s) with other service design processes?

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 69
ISH3I3 - Service Management - Service Design

KPI

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 70
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 71
ISH3I3 - Service Management - Service Design

Architecture Management

Process Objective: According to ITIL the IT Architecture Management process


aims to define a blueprint for the future development of the technological
landscape, taking into account the service strategy and newly available
technologies.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 72
ISH3I3 - Service Management - Service Design

Sub-processes
Application Framework
Application Frameworks aim to promote the re-use of components and the standardizing
of technologies on which applications are based. For this reason, they have to be planned
and managed separately from software development projects but must be carefully
aligned with the needs of software developers. Application Frameworks define classes of
applications, typically with common non-functional requirements.

Change Request to Enterprise Architecture


A request to change or extend the Enterprise Architecture, usually issued from the
Service Design process when the introduction or modification of a service is not possible
within the constraints of the existing application, infrastructure and information/ data
architectures.

Enterprise Architecture (EA)


An Enterprise Architecture (EA) is a description of the essential components of a
business, including their interrelationships. In most cases, an EA covers the following
domains: Business, Information, Applications and Technology.

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 73
ISH3I3 - Service Management - Service Design

RACI Chart

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 74
ISH3I3 - Service Management - Service Design

Terima Kasih

TELKOM UNIVERSITY SCHOOL OF INDUSTRIAL AND SYSTEM ENGINEERING INFORMATION SYSTEM 2017 75

You might also like