THE FOLLOWING ITIL OPERATIONAL SUPPORT AND ANALYSIS CAPABILITY INTERMEDIATE EXAM OBJECTIVES ARE DISCUSSED IN THIS CHAPTER:
Service operation’s main aim is to deliver and manage services at agreed levels to business users and customers. The service operation stage is when the service is actually delivered, and it’s often a much longer stage than the previous stages of strategy, design, and transition. It is the most visible part of the lifecycle to the business. We will cover the purpose, objectives, and scope of the service operation processes and their context within the service lifecycle. We’ll examine the value provided to the business and discuss the fundamental concepts and definitions involved in these processes.
The outputs from service strategy, design, and transition becomes visible in service operation. It is in the operational stage that the service—which was originally considered in strategy, put together in design, and rolled out in transition—actually delivers the benefit that the business requires and the service was designed to deliver. It is also a much longer stage of the lifecycle than the first three stages; the service should continue to meet the defined business requirement for months or even years.
Most IT staff are involved (to a greater or lesser extent) in the service operation stage. They may contribute to other lifecycle stages, but their main focus is the delivery of the operational services.
Service operation is a critical stage of the service lifecycle. After all, the best strategy will fail if the service is badly managed, and good design is of limited value if the service is not run effectively. Transition can be successful only if the environment into which the service is being transitioned is ready to receive it and takes responsibility for managing it. Finally, service improvements will not be possible without reliable metrics from monitoring performance and other data. Service operation gathers the measurements used for baselines and for measuring success of improvements, so consistent, systematic measurements are a key element of service operation.
The staff working in this stage of the service lifecycle need to have processes and support tools in place to enable them to do their job—monitoring tools that allow them to have an overall view of service operation and delivery so they can detect failures and resolve them quickly. They also need service management tools to ensure that the correct workflow takes place for each process and the necessary information is easily accessible. This may entail monitoring elements of the service supplied by external providers.
Because services may be provided, in whole or in part, by one or more partner/supplier organizations, the service operation view of the end-to-end service needs to encompass external aspects of service provision, including managing cross-organizational workflows.
Process A process is defined as “a set of coordinated activities designed to accomplish a specific objective. A process takes one or more defined inputs and turns them into defined outputs.”
The processes included in Operational Support and Analysis are as follows:
Event Management This process is concerned with having useful notifications about the status of the IT infrastructure and services. Event management sets up rules to ensure that events are generated so that they can be monitored, captured, and acted upon if necessary.
Incident Management The purpose of incident management is to return normal IT service to users as quickly as possible. This may prompt the question, how do we define normal service? It is the level of service specified, and agreed to, in the service level agreement (SLA). The goal is to minimize the adverse impact of incidents on the business, and thus on service quality and business productivity. The objective of incident management is to ensure that the best possible levels of business-aligned service quality are maintained.
Problem Management The responsibility of problem management is to manage the lifecycle of problems, which includes monitoring and reviewing the process in addition to managing problems to their conclusion. Problem management is about the prevention and reduction of incidents, solving and removing their root cause. At the very least, if an incident cannot be prevented, then the impact to the business should be reduced through the provision of workarounds provided through the known error database.
Request Fulfillment The objectives of the request fulfillment process are to log and fulfill standard requests for users in a simple, efficient way. For a request to qualify, a predefined approval and qualification process must exist. Request fulfillment also provides information to users about the availability of services and how to obtain them. Users can request and receive the service or the software/hardware they require to use the service. Request fulfillment is also the channel for general information, complaints, and comments.
Access Management Access management is responsible for putting the policies of availability and information security management into day-to-day practice. It is essential to control access to protect an organization’s data and intellectual property while at the same time enabling authorized users to have the access they need. Access management is not responsible for ensuring that this access is available at all agreed times—this responsibility is provided by the availability management process.
The purpose of the service operation stage of the service lifecycle is to deliver the service at the level that was agreed to through the service level management process. This includes performing all the activities required to deliver the service as well as managing the technology used to deliver the service (such as applying updates and backing up data). These are the activities performed by the processes of operational support and analysis.
Service operation must deliver the service effectively but also has to ensure that the cost of that delivery is within the operational costs that formed part of the original business case. Should a service be operating at a higher cost than was originally envisaged, the benefits that were planned, such as cost savings, may never be realized.
Service operation staff members must view the service as a whole and be given the tools they need to evaluate whether the delivery meets the standard required. It is a common error to have staff members concentrate on individual aspects of a service or to ignore those parts of the service provided by third parties, losing sight of the end-to-end service as it appears to the customer. Technology can be used to spot deviations from expected service or response levels very quickly, allowing remedial action to be put in place immediately.
The objectives of service operation and its processes follow on from its purpose. Service operation is what the customer sees and experiences. Their perception of the quality of the service provision is based on their experience, not on the design or implementation of the service, which may or may not have been done well. It is important to remember that service operation is far more than just managing the components that make up the service. It is in service operation that it all comes together … or all falls apart! So the first objective is to maintain business satisfaction and confidence in IT through effective and efficient delivery and support of the service as agreed in the SLA; this ensures that the business receives the level of service it expects. The second objective supports the first; it is to minimize the impact of service outages on day-to-day business activities—by finding, preventing and resolving incidents and problems that could impact the business. Some service outages are inevitable; service operation will work to reduce both the number and impact of outages. The service operation process of problem management aims to reduce the recurrence of incidents that disrupt business activities, whereas incident management aims to resolve those incidents that do occur as quickly as possible.
Service operation is also responsible for controlling access to IT services. The final objective is to protect the services from unauthorized access. The access management process ensures that only authorized users can have access to the services provided.
The scope of service operation, described in the ITIL framework, includes the “processes, functions, organization, and tools” that are used to deliver and support the agreed services. The processes are responsible for performing the critical day-to-day activities that ensure the service meets the business requirement and enables the business to achieve its objectives. They also collect the performance data that will be required by continual service improvement to identify and track improvement opportunities.
The Technology Delivering IT services depends on the use of appropriate technology such as networks, desktops, servers, databases, and monitoring tools. Service operation is responsible for managing the technology that delivers the services.
The People Despite automation, service operation depends on the actions of the support staff members to ensure that the service runs as it should. Their management of the technology and processes is the key to successful service delivery.
Service operation is responsible for running the new service and for fixing any unforeseen flaws. The service must run efficiently if the cost of the service is to be less than the benefit to the business. The ITIL framework offers guidance on the best practices that can be used in the various lifecycle stages, and following this advice can deliver real benefits. In the area of service operation, the following benefits can be achieved from following best practices:
Each stage in the service lifecycle provides value to the business, but as we have said already, it is service operation where the actual value is seen from a customer viewpoint. In addition to the day-to-day running of the services, service operation needs to meet other challenges if it is to continue to deliver business value. These challenges center on the reluctance to invest in this stage of the lifecycle. Service operation needs to deliver the service within the projected cost in order to deliver the return on investment (ROI), but once the project has been delivered, there may be little or no budget allocated for the costs of ongoing management of services, such as to fix design flaws or unforeseen requirements, because this is outside the original project scope.
Most organizations never undertake a formal review of operational services for design and value. Incident and problem management are expected to resolve issues, but if the design is fundamentally flawed, this may not be identified.
Service operation may struggle to be awarded the necessary budget for tools or improvement actions (including training) that would improve efficiency because they are not directly linked to the functionality of a specific service. Attempts to optimize the service or to use new tools to manage it more effectively are seen as successful only if the service has been very problematic in the past; otherwise, any action is perceived as “fixing services that are not broken.”
Service operation needs to be considered within the context of the whole service lifecycle. Each area of the lifecycle addresses a particular set of challenges that need to be addressed for successful service management, and each stage has an impact on all the others. The service lifecycle diagram in Figure 1.1 shows the five areas of the lifecycle.
Stages of the lifecycle work together as an integrated system to support the ultimate objective of service management, which is to deliver business value. Every stage is interdependent, as shown in Figure 1.2. In particular, note the interdependence of service operation to each of the other lifecycle stages.
Service strategy is at the core of the service lifecycle. It is the role of strategy to understand the organizational objectives and customer needs. People, processes, and products should support the strategy. ITIL service strategy asks why something is to be done before thinking of how. It helps service providers to set objectives and to set expectations of performance for serving customers and markets. It also helps to identify, select, and prioritize opportunities. Service strategy ensures that providers understand and can handle the costs and risks associated with their service portfolios.
The complete list of service strategy processes includes strategy management for IT services, service portfolio management, financial management for IT services, demand management, and business relationship management. These processes impact service operation in the following ways:
Service design turns strategic ideas into deliverables. The design must always consider the strategy, to ensure that services are designed with the business objectives in mind. Design considers the whole IT organization and how it will deliver and support the services, turning the service strategy into a plan for delivering the business objectives. Requirements from service operation processes, people, and tools must be taken into account to ensure that the design will work in the operational environment. Remember, design includes changes to existing services.
The complete list of service design processes includes design coordination, service catalog management, service level management, availability management, capacity management, IT service continuity management, information security management, and supplier management. Through these processes, design ensures that both the utility and the warranty of the new or changed service is considered in design, covering the continuity of the service, its achievement of service levels, and conformance to security standards and regulations.
Service transition provides guidance for developing and improving capabilities for introducing new and changed services into supported environments. The value of a service is identified in strategy, and the service is designed to deliver that value. Service transition ensures that the value is realized; it does so by enabling the necessary changes to take place without unacceptable risks to existing services. It enables the implementation of new services, and the modification of existing services, to ensure that the services provided deliver the service strategy of achieving the business objectives and that the benefits of the service design are fully realized. Service transition also introduces the service knowledge management system, which ensures that knowledge is stored and made available to all stages of the service lifecycle and that lessons are learned and decisions are backed with factual data, leading to improved efficiency and effectiveness over time.
The complete list of service transition processes includes transition planning and support, change management, service asset and configuration management, release and deploymentmanagement, service validation and testing, change evaluation, and knowledge management. Each process has a role to play to ensure that beneficial changes can take place and, as a consequence, the service can be introduced and will work as transitioned.
Service operation, the subject of this section, describes best practice for managing services in supported environments. It includes guidance on achieving effectiveness, efficiency, stability, and security in the delivery and support of services to ensure value for the customer, the users, and the service provider. Without this, the services would not deliver the value required, and the achievement of business objectives would become difficult or impossible.
The service operation stage is therefore critical to delivering the design and, in doing so, achieving the service strategy. Service operation provides detailed guidance for delivering the service within the agreed service levels by tackling issues both proactively through problem and event management and reactively through incident management. It provides those delivering the service with guidance on managing the availability of services, controlling demand, optimizing capacity utilization, scheduling operations, and avoiding or resolving service incidents and managing problems. It includes advice on shared services, utility computing, web services, and mobile commerce. By delivering the services to the agreed levels, service operation enables the business to use the services to achieve its business objectives.
Service operation also describes the four service operation functions: the service desk, technical management, IT operations management, and application management. Each function is responsible for managing its own area of delivery across all stages of the lifecycle.
The final stage of the lifecycle is continual service improvement (CSI). CSI ensures that the service provider continues to deliver value to customers by ensuring that the strategy, design, transition, and operation of the services is under constant review. Feedback from any stage of the service lifecycle can be used to identify improvement opportunities for any other stage of the lifecycle. This ensures that opportunities for improvement are recognized, evaluated, and implemented when justified. These may include improvements in the quality of the service or the capabilities of the service provider. It may be developing ways of doing things better, or doing them at the same level but more efficiently. Improvements may be major or small and incremental. CSI enables every new operation to incorporate lessons from previous operations.
CSI ensures that feedback from every lifecycle stage is captured, analyzed, and acted on. Service operation is the source of information regarding the performance of services, and so the service operation lifecycle stage is an important source of information for CSI. Many of the improvement initiatives driven by CSI will directly affect service operation processes, products, and people; improvements to other lifecycle stages may lead indirectly to improved operational performance.
The CSI approach to improvement is based on establishing a baseline and checking to see whether the improvement actions have been effective. It uses the Plan-Do-Check-Act (PDCA) cycle, together with service measurement, demonstrating value with metrics, and conducting maturity assessments. The seven-step improvement process provides a framework for these approaches.
Service operation is optimized in two ways. First, there are the long-term incremental improvements. Service operation processes, technologies, functions, and outputs are analyzed over time and a decision made about whether improvement is needed and, if so, how best to implement it through service design and transition. The improvements are logged in the CSI register and designed and transitioned into service. Typical examples include the deployment of a new set of tools, changes to process designs, and reconfiguration of the infrastructure.
Second, there are the short-term ongoing improvements; these are the improvements made to working practices within the processes, functions, and technologies that underpin service operation. They are generally smaller improvements that are implemented without any change to the fundamental nature of a process or technology. Examples include tuning, workload balancing, personnel redeployment, and training.
There are many different ways to organize an IT department, and no two service providers are identical, so the exact configuration of roles within each organization will differ. Often two or more roles may be combined; in other organizations, a single role may be split. ITIL provides guidelines, not prescriptive rules, so each organization should consider what would best fit their own requirements.
We will first clarify what is meant by the term role. The official glossary defines it as follows:
A set of responsibilities, activities, and authorities assigned to a person or team. A role is defined in a process or function.
Within each of the processes we will cover throughout the service lifecycle, there are a number of roles. The role may be carried out by an individual or a team, and one person may have multiple roles. The person responsible for the availability management of the infrastructure may often also be fulfilling the capacity management role. It may be that capacity management is divided between a number of people, with one considering network capacity, another responsible for storage, and so on.
It is important to remember that although roles may be shared, or combined, there can be only one process owner for each process and one service owner for each service.
Often a job title may be the same as a role description; service level manager is one such example. Job titles are for each organization to decide, and it may be the case that the job of service level manager includes the role of service level manager, along with one or more other roles, such as supplier manager, within that particular organization.
It is also often true that one task carried out by an individual may touch several processes. A technician may submit a request for change to overcome a capacity issue that has been identified by problem management. The action may have been identified as desirable as part of a service improvement plan (SIP), which has been logged on the CSI register. The technician’s action therefore involves several processes: problem, change, capacity, service level management, and continual service improvement.
Every process has its own specific roles. Here we will be looking at the generic roles that appear in all lifecycle stages.
With every service interacting with so many processes, there is a danger that the service itself may no longer receive the required attention. To avoid this, ITIL recommends that each service should have a single service owner. This clarifies who is accountable for the service and ensures that there is a focus on the business processes that the service supports.
Whatever technology is used to deliver the service and regardless of whether aspects of the technology are provided in-house or are outsourced, the service owner remains accountable for delivering the service. This role is responsible to the customer for the service being developed, implemented, and maintained, but it is also accountable to the IT director or service management director for its delivery.
As we will examine, ITIL recommends that each process should have an identifiable owner. Each process may affect many services, and it is the service owner of each who will ensure the service is delivered effectively and efficiently, whatever process is being carried out. Service owners will often own more than one service. For each service, they will carry out the following responsibilities:
As the owner of the service, this role is concerned with the impact of any process affecting the service. This means service owners should be considered stakeholders in these processes, with whatever level of involvement is appropriate.
For example, the service owner plays a crucial part in the major incident process and will attend or possibly run any crisis meetings. They will also be involved in investigating the root cause of problems affecting their service. The service owner will represent the service at CAB meetings and will be involved in discussions regarding if and when a release should go ahead. They will want to ensure that the service portfolio and catalog entries and configuration data held on their service is accurate.
As explained earlier, a close relationship should exist between the service level management process and the service owner who acts as the contact point for the service. The service owner will also liaise with the owners of the more technical processes, such as availability and capacity, to ensure that the data collected by these processes indicates that the performance and reliability of these services meets the agreed standard.
The service owner is responsible for ensuring that the IT service continuity management (ITSCM) plan for their service is practical and that every element of the plan is in place. They will work with the ITSCM manager to make sure that all aspects are considered. They will often attend rehearsals of the plan to observe it in action to confirm that nothing has been forgotten.
The service owner understands the costs involved in delivering the service and will work with the supplier manager and other managers to ensure that costs are controlled and value for money is achieved. In organizations where the business is charged for IT services, they will ensure that the recovery of costs takes place as agreed.
Finally, the service owner ensures that the service follows the information security management policies.
As we have seen, the service owner is the focus for one particular service across all process areas. The process owner, in contrast, is accountable for a single process, whatever the service it affects.
The process owner must ensure that the process works efficiently and effectively. Although the role may often be carried out by the same person who fulfills the process manager role, in larger organizations this is less likely. A global company may have a change management process owner and a number of process managers carrying out the process in different countries, for example. The process owner is accountable for ensuring the process is fit for its purpose and is being carried out correctly by the process managers and practitioners. The role therefore has both a design and an enforcement aspect.
The process owner is accountable for the following:
The process owner role is critical to the success of the process. In organizations where no such single point of ownership exists, those carrying out the process may decide to drop or amend steps in the process, and there is no one with the overall authority to prevent this. In global organizations, this can mean the process may develop regional variations. In addition to the danger of losing focus on the purpose of the process, this may invalidate the reporting from the process, because each area may be inputting data differently.
Without a process owner, there is no one with the responsibility of ensuring consistency in applying the process, and there is no one to ensure that the process output still matches the process objectives. Process documentation may not be updated, because the responsibility for its upkeep would be unclear. Finally, there would be no one to assess the process and identify improvements.
The process owner is accountable for the success of the process but may often not be responsible for actually carrying it out. The responsibility for managing the day-to-day implementation of a process belongs to the process manager. In large or geographically spread-out organizations, there may be several process managers responsible for managing the implementation of the same process, each with a regional or infrastructure responsibility.
The process manager is accountable for the following:
The role of process manager is important, because it is the process manager who ensures that the process is carried out correctly day-to-day. The process owner may be distant from where the process occurs (working in the head office while the process takes place in branch offices, for example). The process manager, or managers, will ensure that the staff members understand what is required of them and have been provided with the right resources and training to carry out the tasks. Because process managers are close to the process execution, they are in an ideal position to identify issues and possible improvements. The success of any improvement initiatives will depend heavily on the enthusiastic involvement of the process manager in ensuring that staff members adopt the improved process.
Depending on the process, there may be one or more people carrying out the process activities. In a small organization or for a simple process, this may be a single person, who is also likely to be the process manager. For a large organization or for a complex process, there may be many people, each carrying out parts of the process. The people involved in carrying out the process activities are the process practitioners.
The process practitioner is usually responsible for the following:
The process practitioner role is responsible for actually delivering the process activities. Under the guidance of the process manager (unless these roles are combined), the practitioner is responsible for carrying out the process as designed, consistently and efficiently. It may be tempting to believe that the practitioner has nothing to contribute other than carrying out the activities; this is far from the truth. As a practitioner, the staff member will experience firsthand any issues with the process, such as tools that do not support the process effectively, bottlenecks in the process flow, or ambiguities in the documentation. The process manager and process owner should therefore seek out the views of practitioners when attempting to identify possible improvements.
Each role has its own purpose. Even where the roles are carried out by the same person, that person should attempt to consider each aspect of the roles. The practitioner has the advantage of daily interaction with the process but may be too close to it to see it objectively; the process manager is judged on the outcome of the process and so has a particular focus on the resources required to deliver these effectively and efficiently. They will monitor the process metrics closely to ensure that the outputs are being delivered on time and within budget. The manager will see only their own part of the process delivery, however. The process owner has the advantage of seeing the overall picture, comparing the delivery of the process in different locations and under different process managers. By understanding the strengths and weaknesses of each perspective, a complete picture of the process delivery can be achieved, and improvement initiatives can be gathered from each level.
This chapter covered the value, purpose, and objectives of the operational support and analysis processes and how they deliver value to the organization. We looked at the processes within the context of the service lifecycle and considered the fundamentals of the operational support and analysis processes. We covered which processes from other lifecycle stages require service operation action. We also considered the generic roles applicable to the processes, including that of service owner, with which the processes have a significant interaction.
It is important to remember that the generic roles will apply across all lifecycle stages and service management processes.
In the following chapters, we will be examining the service operation processes of incident management, problem management, access management, request fulfillment, and event management.
Understand the value of operational support and analysis processes. These processes form the core of the service operational activities and how the service operation lifecycle stage adds value to the business.
Understand the place of operational support and analysis processes in the service lifecycle. Understand the impact each of the other lifecycle stages has on service operation. Know the inputs from these other stages into service operation processes and the outputs from service operation into the rest of the lifecycle.
Understand the responsibility of service operation to deliver the services in line with the SLAs that have agreed with the business. The transition stage should have validated the SLA targets through testing and piloting the service; it is the responsibility of service operation to continue to meet the SLA targets during the operational stage of the service lifecycle.
Understand the role played by operational support and analysis processes in ensuring that the services deliver business value. By delivering the services efficiently and to agreed service targets, service operation ensures that the business benefits from the service as planned.
Understand the key processes of service operation. Be able to name the five service operation processes: incident management, request fulfillment, access management, problem management, and event management.
Understand the generic roles associated with the processes of service operation. Be able to name and explain the significance of the roles associated with all the processes in service operation.
You can find the answers to the review questions in the appendix.
Service operation includes which of the following activities?
Many processes from other lifecycle stages also take place during the service operation stage. Which of the following processes does not fall into this category?
Which of the following is the correct list of service operation functions described in ITIL?
Which of these activities is facilities management not responsible for?
Match the activities to the functions.
The service desk is not responsible for which of the following?
The service desk carries out two processes. What are they?
Which of the following are generic roles for all processes?
Which of these is a correct description of the responsibilities of a service owner?
Which of the following is a responsibility of a process practitioner?