Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 3
Event Management, Request Fulfillment, and Access Management

THE FOLLOWING ITIL OPERATIONAL SUPPORT AND ANALYSIS CAPABILITY INTERMEDIATE EXAM OBJECTIVES ARE DISCUSSED IN THIS CHAPTER:

Event management, request fulfillment, and access management are discussed in terms of their
- Purpose
- Objectives
- Scope
- Value
- Policies
- Principles and basic concepts
- Process activities, methods, and techniques
- Triggers, inputs, outputs, and interfaces
- Information management
- Process roles
- Critical success factors and key performance indicators
- Challenges
- Risks

Event management is the process that deals with modern infrastructure management’s requirement for the use of event monitoring tools. These tools are able to monitor large numbers of configuration items simultaneously, identifying any issues as soon as they arise and notifying the appropriate tool or team. The process of event management is responsible for managing events throughout their lifecycle. Event management is one of the main activities of IT operations.

Request fulfillment is the process for handling requests for standard services, equipment, or information. ITIL uses the expression service request to describe all those repeat, low-risk change/information requests that occur in any environment.

Access management is the process of granting authorized users the right to use a service while preventing nonauthorized users from gaining access. It is also sometimes referred to as rights management or identity management. Access requirements can change frequently, and service operation is responsible for granting access quickly, in line with the needs of the business, while ensuring that all requests are properly authorized.

Event Management

To begin, let’s consider some definitions from the ITIL Service Operation publication. These should be familiar from ITIL Foundation Exam Study Guide (Sybex, 2012).

An event can be defined as any change of state that has significance for the management of a configuration item (CI) or IT service. Remember, an event is not necessarily an indication that something is wrong; it can merely be a confirmation that the system is working correctly. Many events are purely informational. Informational events could include notification of a user logging onto an application (significant because the use of the application may be metered) or a transaction completing successfully (significant because the notification of the successful completion may trigger the start of the next transaction).

An event that notifies staff of a failure or that a threshold has been breached is called an alert. An alert could be, for example, notification that a server has failed or a warning that the memory or disk usage on a device has exceeded 75 percent. If you consider these concepts in a non-IT environment, a car console may issue an event to say that the system has successfully connected to a Bluetooth device, or it might raise an alert (together with a beep or flashing light) to warn that a threshold has been breached and the car is now low on gas.

Effective service operation is dependent on knowing the status of the infrastructure and detecting any deviation from normal or expected operation. Event management monitors services for any occurrences that could affect their performance. It also provides information to other processes, including incident, problem, and change management.

There are two types of event monitoring tools:

Active monitoring tools monitor configuration items or IT services by automated regular checks to discover the current status. The tool sends a message and expects a positive response within a defined time, such as sending a ping to a device. This is called polling of devices, and it is done to check that they are working correctly. Support staff will be notified of a failure to respond. Some tools will have automated responses to such situations, perhaps automatically restarting a device or rerouting data to avoid the faulty CI so that the service is not affected.
Passive monitoring tools do not send out polling messages. They detect events generated by CIs and correlate them; that is, they identify related events. They rely on an alert or notification to discover the current status. Such notifications could include error messages.

Purpose

The purpose of event management is to detect events, understand what they mean, and take action if necessary.

Many devices are designed to communicate their status, and event monitoring will gather these communications and act on any that need action. Some communications report operational information, such as “backup of file complete,” “print complete,” and so on. These events show that the service is operating correctly. They can be used to automate routine activities such as submitting the next file to be backed up or the next document to be printed. They may also be used to monitor the load across several devices, issuing automated instructions to balance the load depending on the events received. If the event is an alert, such as “backup failed,” “printer jam,” or “disk full,” the necessary corrective steps will be taken. An incident should be logged in the case of a failure.

Objectives

Event management has the following objectives:

It enables all significant changes of state for a CI or service to be detected. Event management should determine the appropriate control actions for each event and ensure that they are communicated as necessary.
The process provides the trigger for the automatic execution of many service operation processes and operations management activities. For example, a notification of a failure in the infrastructure would trigger the incident management process. By providing information when thresholds have been breached (for example, when a service has failed to respond within the agreed time), an event enables service level management to compare the actual operating performance against the SLA. The actual performance can also be compared to what was expected and planned for during the design stage.
It triggers automated processes or activities in response to certain events. This may include automatically logging an incident in the service management tool in the event of a failure.
Finally, the data gathered by event management forms the basis for service assurance and reporting and for comparing performance before and after a service improvement has been implemented.

Scope

Event management can be applied to any aspects of service management that need to be controlled and that could benefit from being automated. For example, the service management toolset automatically logs incidents in response to emails or events being received, escalates incidents when thresholds have been reached, and notifies staff of certain conditions (for example, a priority one incident being logged).

Configuration items can be monitored by event management tools. This monitoring can be for two different reasons:

Some CIs will be monitored to make sure they are constantly available. An example of this is where action needs to be taken as soon as a CI such as a network device fails to respond to a ping.
Other CIs may need to be updated frequently. This updating can be automated using event management, and the CMS can be automatically updated to show the new state.

Tracking licenses is another possible use for event management tools; licenses can be tracked to make sure there is no illegal use of an application by checking to see that the number of people using the software does not exceed the licenses held. This may also save money; if IT can show that there is less demand for concurrent use than was thought, the number of licenses can be reduced.

Monitoring for and responding to security events, such as detecting intruders, is another use; the tools can also be used to detect a denial-of-service attack or similar event.

Another use is the monitoring of environmental conditions. This might be for detecting a sudden increase in temperature in the server room or for other environmental changes.

Using Event Management to Preempt a Major Incident

A large transport organization installed event monitoring across its infrastructure, including monitoring the server room environments. A screen showing current events was installed at the service desk. On the second day after this was implemented, its value was proved. The service desk called the head office 150 miles away to ask the staff there to check the server room, because there were environmental alerts showing on the screen. The head office staff entered the server room to find that the air conditioning had failed and the room was extremely warm. Had the temperature increased much more, the servers would have failed, causing major disruption to the services. The head office staff members were able to avert the incident by using fans to lower the temperature until the air-conditioning engineer arrived to fix the fault.

Value

Event management offers many benefits to a business:

Organizations can carry out extensive monitoring without requiring a lot of staff. Using staff to monitor when errors may occur only occasionally would not be making best use of their skills.
Errors would be identified faster, enabling an automated response, which would reduce downtime and its resultant costs to the business.
Near-capacity situations would be identified before it is too late, allowing time to take action.
Event monitoring removes the need for repeated checks to be carried out on devices; it reduces effort by requiring responses only to exceptions.
Event management, like other automation, takes place constantly, whereas staff may have other duties and may therefore miss something. It is also less error prone.
Event management provides historical data to enable the identification of trends and potential problems.

Policies

Next, let’s consider suggested policies for event management.

The first policy states that event notifications should go to only those who have responsibility for acting on them. This means that a target audience must be identified for every event that we have chosen to handle—it is not acceptable to send a notification to everyone and hope that someone will do something.

The second policy relates to the centralization of event management. This ensures that notifications are handled consistently, that none are missed, and that none are handled by more than one person or team. It implies that a single rules engine will be used to process notifications, and of course that set of rules should be subject to change management.

The third policy provides guidance and constraints for the designers of new applications. There should be a common set of standards for events generated by applications. This will ensure consistency across applications and, of course, reduce the time to engineer event handling in new applications.

The fourth policy is that the handling of events should be automated as much as possible. The advantages of automation in general are well known: reduced costs and fewer errors, among others.

The fifth policy mandates the use of a standard classification scheme for events to ensure that similar types of events are handled in a consistent way.

The last policy states that all recognized events should, at the very least, be logged. This will provide a source of valuable information that might have a number of uses, for example, in problem investigation. A more sophisticated analysis of logged events might identify patterns of events that can be used to predict failures before they actually occur.

Principles and Basic Concepts

It is important to understand the difference between the two similar activities of monitoring and managing events. These are similar processes, but with specifically different emphasis.

Monitoring and Event Management

We need to monitor events, but monitoring covers more than events. Monitoring can be used, for example, to make sure devices are operating correctly, even without any events being generated. Monitoring actually looks for conditions that do not generate events.

Event management is about having useful notifications about the status of the IT infrastructure and services. Event management sets up rules to ensure that events are generated so they can be monitored, captured, and acted on if necessary. Action is the key to event management.

The particular notifications themselves may be vendor specific. However, they are likely to use Simple Network Management Protocol (SNMP), an Internet standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. Because SNMP is an open standard, it makes interaction between different products simpler. Events must generate useful notifications. The time taken to create meaningful descriptions, with suggested actions, will save effort later.

Event management can be enormously useful in managing large and complex infrastructures. It is often the case, however, that the full value of these tools is not realized. This is usually because there has been insufficient time spent making sure they are configured correctly to only notify staff of events for which they actually need notification. Failing to specify the correct thresholds, for example, will mean that far too many breaches are reported, causing staff to ignore them because they are seldom significant. Of course, this means that significant events may be missed. If events are not filtered properly, the service management tool would be flooded with multiple spurious events, which would make it difficult to use its ability to automatically raise incidents.

Another important definition is that of an alert: An alert is a warning that a threshold has been reached, something has changed, or a failure has occurred. Alerts are often created and managed by system management tools and the event management process. Creating an alert when a disk or mailbox is nearly full is one such example.

Informational, Warning, and Exception Events

Some events indicate a failure that must be fixed, whereas others simply flag that something has happened and should be recorded. These are two types of event: the first is an exception and the second informational. There is a third type—a warning event. A warning event signifies unusual but not necessarily exceptional behavior. Warning events require further analysis to determine whether any action is required. Events will be handled according to their type.

Here are some examples of each type of event:

Informational
- A scheduled workload has completed.
- A user has logged in to use an application.
- An email has reached its intended recipient.
Warning
- A server’s memory utilization reaches within 5 percent of its highest acceptable performance level.
- The completion time of a transaction is 10 percent longer than normal.
Exception
- A user attempts to log on to an application with an incorrect password.

Notice that not all of these examples relate to a failure. (Failures would be alerts.) Some simply contain information, but information that for some reason it is important to record. For example, the business might want to maintain a record of who is using an application for audit purposes.

There are no definitive criteria for determining the type of an event; it depends very much on the specific situation of the organization. For example, an event might be that a previously unknown device has been detected on the network. Some organizations allow their staff to attach their own laptops to the corporate network, in which case the event would be informational. In a highly secure organization, it would almost certainly be treated as an exception.

Filtering

The next topic we’ll examine is event filtering. We don’t have complete control over the notifications that are generated by the configuration items. Hardware manufacturers determine which notifications will be generated, and they may not have provided their customers with the ability to switch them off. A common experience when first beginning to monitor networks is that the monitoring tool is swamped by unrecognized and therefore unneeded notifications.

Filtering prevents the event management system from being overwhelmed by discarding notifications of events that have no significance to the organization.

There are four possible approaches to the problem:

The first approach is to integrate event management into each service management process. What this means is that each process will identify the events that it is interested in.
The second approach is to include event management requirements into the design of new services.
A third approach is to use trial and error—evaluate notifications on a case-by-case basis and adjust the filtering accordingly.
The final approach is to plan the introduction of event management within a formal project.

These approaches are not mutually exclusive; many organizations will adopt some hybrid of them.

Designing for Event Management

Successful event management in service operation requires analyzing and planning for what will be required. This should happen in the service design phase, although it will continue to be adjusted in service operation. Many organizations attempt and abandon event management, or they fail to achieve real value from it because this crucial design phase has been neglected.

The following questions should be asked when designing a service or planning the introduction of new technology:

What needs to be monitored?
What type of monitoring is needed?
Why are we monitoring?
When should events be generated?
What information should be communicated?
Who are messages intended for?
Who will respond to the event?

When event management is first established, these questions should be asked about the existing services and infrastructure. Stakeholders who must be consulted include the business, process owners, and operations management staff. Each of these groups will have monitoring requirements, and each could be involved in handling events when they occur.

Instrumentation

Instrumentation refers to specific ways to monitor and control the infrastructure and services. A number of practical issues need to be addressed when designing an event management system:

How will events be generated? In the case of bought-in components, of course, this question is really, How are events generated?
How will they be classified? This is not straightforward, and classifications can change over time.
How will they be communicated and escalated? How exactly will the events get to the appropriate function? For example, how will an exception event trigger the incident management process? Ideally, this will be automated by integrating the event and incident management tools so that an incident will be logged automatically. Of course, this can only happen if the two tools have the necessary functionality.
What data must be included in the event notification? What data will be needed for the event management system itself to interpret and make sense of the event, and what data will be needed by the function that will respond to the event? If the event relates to an error, then it should include necessary diagnostic information such as error messages and codes. Again, for bought-in software, this question is really, What data is included?
Another question to be asked relates to the type of monitoring to use. Should it be active or passive?
Where will event data be stored? There is likely to be a significant amount of event data, so the question of storage is important. Associated with this is the question of how long the data should be retained. This decision must be made on a case-by-case basis in consultation with the relevant stakeholders. Policies relating to retention may also be developed where there are specific requirements from the business, for example, financial sector regulatory requirements.
How will supplementary data be gathered? In some cases, the event data alone will not be sufficient to evaluate the event. For example, it might be necessary to integrate the event management system with a configuration management database (CMDB).

Correlation Engine

As events are detected, the event management system must interpret and make decisions about how to handle them. This is done by software known as a correlation engine. The correlation engine allows the creation of rule sets that it will use to process events.

Using a correlation engine will enable the system to determine the significance of each event and whether there is any predefined response to an event. Patterns of events are defined and programmed into correlation tools for future recognition. The correlation engine can translate component-level events into service impacts and business impacts, as shown in Figure 3.1.

Image shows correlation engine with components for logical layer (business process, correlated business events, rule set, service 1 and 2, etc.) and physical layer (application, mainframe, router, server, etc.) connected from bottom towards top. — **FIGURE 3.1** Correlation engine

Copyright © AXELOS Limited 2010. All rights reserved. Material is reproduced under license from AXELOS.

Process Activities, Methods, and Techniques

Next, we’ll take a look at the event management process. The process steps are shown in Figure 3.2.

Image shows event management process flow with event occurs, notification, detection, logged, first-level event correlation and filtering, significance (informational or exception), incident/problem/change, response selection and so on. — **FIGURE 3.2** Event management process flow

Copyright © AXELOS Limited 2010. All rights reserved. Material is reproduced under license from AXELOS.

The initial sequence of activities in the event management process is as follows:

An event occurs.
The event notification is sent.
The event is detected by the event management system and logged.
First-level correlation and filtering takes place.

At this point, the event type (exception, warning, or informational) has been identified. No further processing is required for informational events. For exception events, one or more of the service management processes will be triggered. If the event concerns something that has broken and requires restoring to normal service levels, an incident should be raised. A problem record may be updated if another example of a fault under investigation occurs. The automated response to an event may include raising a change. Some events, such as a “toner low” message, may require a service request to be handled by the request fulfillment process.

Warning events will then enter second-level correlation, which identifies how to proceed. In some cases, the event will be treated as informational or as an exception. Other cases will trigger either an automated response or an alert for human intervention, as detailed in the following section.

Event Notification

Let’s look at the initial process activities in a little more detail. Event notification refers to the communication of information about an event. You’ve already seen that some components will generate notifications independently, whereas others have to be prompted by polling.

Event Detection and Logging

Some events will be detected directly by the event management tool. Other events will be detected by a software agent running on the device being monitored. This agent then generates a notification that can be detected by the event management tool. All events are logged.

Correlation and Filtering

In first-level correlation, a decision about whether any further action is required is made, including whether the event has any significance to the organization. Correlation will determine whether an event is informational, a warning, or an exception. We discussed filtering earlier; this is necessary to stop staff from being overwhelmed with events that do not require any action, or multiple reports of the same fault.

Informational events are closed at this point. Exception events will trigger one of the other service management processes. Warning events will go forward to second-level correlation.

Next, we consider the criteria that might be used by the second-level correlation engine to interpret an event:

The number of similar events might be significant. For example, an event might notify us of an unsuccessful attempt to access our network. If this is just a single instance, we might treat it as informational, but if there have been 500 such attempts in the last 5 minutes, we might judge that we are the target of an organized attempt to break in.
The number of devices generating similar events might be significant. It might indicate a widespread virus infection, for example.
The data supplied with the event might indicate its significance.
Events related to device utilization might be compared with a defined threshold.

The correlation engine determines whether the event requires some action or whether it can be treated as informational and closed.

Actions Taken

Response selection covers a number of possible options. These include the following:

Automation Some events indicate conditions that can be resolved automatically without human intervention. For example, if a file server is detected to be nearly full, then a script could be run that would free up space by archiving old data.

Human Intervention Some events will require human intervention—an alert from a smoke detector, for example. It’s important that the alert be directed to the right person and that the individual knows what to do.

Incident Exception events will normally trigger the incident management process. Ideally, the event and incident management systems will be integrated so that an incident record can be raised automatically. A word of warning, however: this should be implemented only when you are happy that the filtering of events is working correctly. If this is not the case, your incident management system will be flooded with thousands of spurious incidents!

Problem The problem management process might be triggered if the organization has a policy of always investigating the root causes of incidents that impact key services. Event management can support such a policy by automatically raising a problem record when it detects such an incident.

Change Change management can be triggered in two circumstances:

First, if a previously unknown device is detected, an RFC should be raised, which can be progressed as appropriate by change management to have the device either added to the CMS or removed if required.
The second circumstance is if a change is needed. For example, a server might need to be allocated more storage from a storage area network (SAN).

Remember, sometimes it will be necessary to trigger a combination of these responses.

Review and Closure

There could be thousands of events each day, so it’s unlikely that every one of them could be reviewed. It’s sensible to review only what the service provider considers to be significant events. It is probably unnecessary to review events that have triggered other service management processes except to ensure that the triggers were effective.

Most events are neither opened nor closed but just logged in management systems or system logs. Many others can be closed automatically. For example, when a script is triggered to respond to an issue, the script itself could check that the corrective action has worked and generate an event to that effect.

Triggers, Inputs, Outputs, and Interfaces

We’ll now consider the event management process triggers, inputs, outputs, and interfaces.

Triggers

Any type of change in state can trigger event management, and an organization should define which of these state changes need to be acted on. Some examples are shown here:

Exceptions to any level of CI performance defined in the design specifications or standard operating procedures.
A breach of a threshold in an OLA could also generate an event.
Any exceptions to a process, such as a failure to complete a process within the target time. An exception could also be a routine change that has been assigned to a build team or a business process that is being monitored by event management.
The completion of an automated task or job could trigger the issuing of an event, as could a status change in a server or database CI.
A user accessing a particular application or database could also cause an event to be issued if this is information that the business or the IT department wanted to know about. For example, IT may wish to track how often a service is being used to decide on the number of licenses required, or the business may wish to know how often a customer service representative needs to refer to the knowledge base to answer a query, as this might indicate a training requirement.
The more usual trigger for an event, such as a situation in which a device, database, or application has reached a predefined threshold of performance.

Inputs

Inputs to event management usually come from service design and service transition. They include the examples listed here:

Operational and service level requirements associated with events and their actions.
Alarms, alerts, and thresholds for recognizing events.
Event correlation tables, rules, event codes, and automated response solutions that will support event management activities.
Roles and responsibilities for recognizing events and communicating them to those who need to handle them.
Operational procedures for recognizing, logging, escalating, and communicating events.
SLAs, which can be used by the correlation engine to determine the significance of an event or to identify a performance threshold.
Rule sets that are provided by technical or application management staff based on the monitoring and management requirements. For example, the capacity management process would define the capacity thresholds that should generate an event.
The roles and responsibilities of all those involved.
Procedures for logging and escalating events as required.

Outputs

Outputs from event management are usually passed to other service management processes, such as incident management, change management, and request fulfillment. They include the examples listed here:

Events that have been communicated and escalated to those responsible for further action
Incident, problem, change, or request records required as a result of an event
Event logs describing what events took place and any escalation and communication activities taken to support forensic, diagnosis, or further CSI activities
Events that indicate an incident has occurred
Events that indicate the potential breach of an SLA or OLA objective
Events and alerts that indicate completion status of deployment, operational, or other support activities
Populated service knowledge management system (SKMS) with event information and history

The most obvious output of the process is the events themselves. These should have been communicated and escalated to the appropriate people. Another output is a chronological event log describing what events took place and any escalation and communication activities taken. This may be useful information if further investigation is required or to spot possible improvement opportunities.

Some events output by event management will indicate that an incident has occurred, and others will warn of the potential breach of an SLA or OLA objective. Of course, as we have said, not all events show that something is wrong, and many events will just indicate successful completion of deployment or operational activities. The data output from event management can be used to populate the SKMS with the event information and history.

Interfaces between Event Management and the Lifecycle Stages

Finally, let’s consider the interfaces event management has with the other lifecycle stages and their associated processes. Event management can interface with any process that requires monitoring and control, especially those that don’t require real-time monitoring but do require some form of intervention following an event or group of events. First we’ll consider how the process can even help the business directly.

Business Processes

The information provided by event monitoring may be used to help manage unusual occurrences with business processes.

Using Event Management to Preempt a Major Incident

Some years ago, a camera was mistakenly priced on a website at $59.99, when it should have been $599.99. Word spread through social media and thousands of orders were placed, which the company had to honor to avoid bad publicity. It took some time before anyone noticed, and then it was only when a staff member received an email from a friend. Event monitoring could have alerted the company to the unusual sales pattern very quickly, thus limiting the financial damage. Another similar example was an ATM that was filled with $20 notes in the $5 note holder. Queues formed as people withdrew cash from the machine, which was delivering four times the amount requested. In that situation, event management was in place, and the unusual pattern of multiple $5 withdrawals was spotted, and the machine was remotely closed down.

Service Design

Event management interfaces with a number of service design processes. Examples include the following:

Service level management is the first such interface. Event management can be used to detect any potential impact on SLAs early so that action can be taken to resolve the fault to minimize that impact.
Information security management may use event monitoring to monitor for unusual activity. This may be multiple login attempts or unusual activity for a business process, such as unusual spending on a credit card, which alerts the bank to a possible stolen card.
Capacity and availability management define what events are significant, what the thresholds should be, and how to respond to them. Event management then responds to these events, improving the performance and availability of services.

Service Transition

Event management tools may also be used to support service transition processes:

The service asset and configuration management process uses events to determine the current status of any CI. A discrepancy with the authorized baselines in the CMS will highlight a potential unauthorized change.
Event management can determine the lifecycle status of assets. For example, an event could signal that a new asset has been successfully configured and is now operational.
Knowledge management stores information obtained by event management in knowledge management systems. For example, patterns of performance information correlated with business activity is input into future design and strategy decisions.
Event management interfaces with change management to identify conditions that may require a response or action.

Service Operation

Event management is a service operation process, and it interfaces with the other processes in that lifecycle stage:

There is an obvious interface with incident and problem management because many alerts are results of failures and require an incident to be raised.
By catching and logging each such occurrence, event management provides vital information to problem management about when and where the incidents are occurring.
Finally, event management can be used by access management to detect unauthorized access attempts and security breaches.

Information Management

There are several elements that should be considered as key in the management of information for event management:

Messages (Simple Network Management Protocol [SNMP] messages) are a standard way of communicating technical information on the status of an individual component or set of components of IT infrastructure.

Databases that form the basis of information about an IT device (for example, information about the operating system; the basic input/output [BIOS] version; configuration parameters) are useful sources of information for event management. But the systems in place must be able to interrogate these databases and then compare them to a norm, which is crucial to the success of the process in generating events.

Vendors’ own monitoring systems are often key sources for information.

Correlation engines provide considerable information, as described earlier in this chapter.

There is no standard event record for all types of event. It can cover many areas, but there is normally a requirement for the following data sets:

Device
Component
Type of failure
Date/time
Parameters in exception
Unique identifier to allow for tracking of the event across the event management infrastructure and correlation into the other ITSM processes like incident, problem, and change
Value

Process Roles

In Chapter 1, “Introduction to Operational Support and Analysis,” we explored the generic roles applicable to all processes throughout the service lifecycle. These are relevant to the event management process, but specific additional requirements also apply. Remember that these are not “job titles”; they are guidance on the roles that may be needed to successfully run the process.

It is unusual to find a specific “event manager” role in an organization, as events are often managed in a number of different areas in the IT environment. But it is important to ensure that there is a consistent approach to the management of events across the organization, as well as coordination of the tools and effort, to avoid duplication.

Event Management Process Owner

The event management process owner’s responsibilities may include

Carrying out the generic process owner role for the event management process (see Chapter 1)
Planning and managing support for event management tools
Ensuring the integration of this process with other processes in the operational lifecycle stage by working with other process owners

Event Management Process Manager

The event management process manager’s responsibilities may include

Carrying out the generic process manager role for the event management process (see Chapter 1)
Planning and managing support for event management tools
Coordinating the interfaces between this and other service management processes

Event Management Process Practitioner: Other Roles

There may not be a specific identification of a “practitioner” role in the event management process, but the activities are carried out by a number of other roles.

The Role of Service Desk Staff

The service desk may not be involved unless the event requires action that falls within the scope of service desk duties—for example, notifying the user of a completed action. Event management is normally carried out by the operations bridge, if this exists, but in some organizations the service desk and the operations bridge may have been combined.

If an event has been identified as an incident, then this may be handled through the service desk in the normal course of the process. This will include communication to the user, and support teams, of progress.

The Role of Technical and Application Management Staff

Technical and application management may play several important roles, as follows:

During service design, they will participate in the design of the tools, configuration of the correlation engines, and classification of events. If automation is required, this will also be developed during design.
During service transition, they will be involved in testing to ensure events are being generated and that the responses are appropriate.
During service operation, these teams will provide the expert knowledge and support for the systems under their control. It is important to ensure that the appropriate procedures are executed and defined.
Technical and application management may also be involved in resolution if an event is classified as an incident.
There is also a responsibility for these teams to provide expertise and training to the appropriate level for the service desk and operations management to support the process.

The Role of IT Operations Management Staff

If IT operations management is separate from the service desk and technical or application management functions, it is common for event management to be carried out by this group. They will carry out monitoring and first-line support activity for events.

If there is an operations bridge, then this is the area that will carry out the monitoring of the alerts set up by the event management process. The operations bridge can initiate and coordinate, or even perform, the responses required.

Critical Success Factors and Key Performance Indicators

The next topics for discussion are critical success factors (CSFs) and key performance indicators (KPIs). Before we look at the CSFs and KPIs relevant to event management, let’s take a minute to understand what these terms mean.

A CSF is a high-level statement of what a process must achieve if it is to be judged a success. Normally, a process would have only three or four CSFs. A CSF cannot be measured directly—that’s what KPIs are for.
A KPI is a metric that measures some aspect of a CSF. Each CSF will have three or four associated KPIs.

Here are some examples of CSFs and KPIs for event management:

Critical success factor: “Detect all changes of state that have significance for the management of CIs and IT services.” Possible associated KPIs for this CSF include the following (notice that the first KPI is trying to gauge the success in detecting faults while the second is trying to measure the scope of the event management implementation):
- Number and ratio of events compared with the number of incidents
- Number and percentage of each type of event per platform or application versus total number of platforms and applications underpinning live IT services
Critical success factor: “Ensure that all events are communicated to the appropriate functions that need to be informed or take further control actions.” Associated KPIs might be as follows:
- Number and percentage of events that required human intervention and whether this was performed
- Number of incidents that occurred and percentage of them that were triggered without a corresponding event
Critical success factor: “Provide the means to compare actual operating performance and behavior against design standards and SLAs.”
The following KPIs would enable the CSF to be assessed:
- Number and percentage of incidents that were resolved without impact to the business (indicates the overall effectiveness of the event management process and underpinning solutions)
- Number and percentage of events that resulted in incidents or changes
- Number and percentage of events caused by existing problems or known errors (this may result in a change to the priority of work on that problem or known error)

Challenges

The following challenges could be encountered in event management:

Lack of funding for tools and the effort needed to implement them successfully
Establishing the correct level of filtering to avoid being flooded by events or having insufficient useful information
Installing monitoring agents across the entire infrastructure
Lack of time and funding for training to acquire the necessary skills to design and interpret events

Risks

The following risks are associated with event management; in many cases the risks are the result of failing to meet the challenges listed earlier.

Failing to obtain adequate funding
Failing to apply the correct level of filtering
Failing to maintain momentum in deploying the necessary monitoring agents across the IT infrastructure

If any of these risks are not addressed, they could adversely impact the success of event management.

Request Fulfillment

There is no absolute definition as to what will be classed as a request because this may vary from organization to organization. Many may, in fact, be small changes, falling under the definition of standard changes because they require a change to the configuration management system, such as equipment relocation or the installation of additional software. Service requests occur frequently, at a low cost, with an understood and acceptable low risk. Examples of service requests that are not standard changes could include a password reset or information requests. Service requests are usually handled by a service desk, without a requirement for an RFC to be submitted.

The definition used by ITIL is “a formal request from a user for something to be provided—for example, a request for information or advice, to reset a password or to install a workstation for a new user.”

Service requests relate to small-scale, clearly defined, and acceptable low-risk activities, such as the provision of a single workstation or supply of a toner cartridge. An important feature of what ITIL calls service requests is that they represent things that the service provider will be asked for repeatedly. They are all opportunities to provide the user with something they have asked for, and the request fulfillment process is used to handle them.

Many service requests require a change—the installation of a workstation, for example. If you think back to your Foundation studies, you may remember standard changes, which are low-risk, simple, preauthorized changes. The only changes that can be handled by the request fulfillment process are those for which a standard change exists. Be careful here, though—not all standard changes are implemented through request fulfillment, and not all service requests involve standard changes. Requests for information or advice also fall within the scope of request fulfillment.

Purpose and Objectives

Request fulfillment is the process responsible for managing the lifecycle of all service requests from the users. The process has five objectives:

To maintain customer and user satisfaction through efficient and professional handling of all service requests. You’ve learned that ensuring satisfaction involves meeting not only objective targets, but also the human aspects—treating requesters with respect, keeping them informed of progress, and so on.
To provide a way for the user to make a request. This is normally through a web portal but the service desk could be used.
To provide a way for users to find out what standard services are available to them and how they can request them. It can be surprising that, particularly in a large organization, users aren’t aware of everything the service provider can do for them.
To source and deliver the tangible components of service—hardware, software, licenses, and so on.
To assist with general information, complaints, or comments. The process should not only provide a means to submit a question, it should also ensure that the user gets a satisfactory response.

Request fulfillment provides an efficient way to supply standard equipment to users once an item has been assessed and accepted as compatible with the infrastructure. The provision of such equipment can be preapproved and handled as a standard change. It can be added as a service within the service catalog, and all future requests of this type can be handled through this process. This encourages users to request the standard equipment and software because it is the easiest and fastest to obtain. This is beneficial to IT because the equipment has been assessed as supportable and compatible with the infrastructure.

Improving Efficiency by Providing a Standard Request Fulfillment Process

A hospital IT department handled requests for hardware and software from the hospital staff. Users would ask for equipment or software that they had seen advertised in magazines or at their local PC store. Often this equipment and software offered no benefit over the standard equipment and software in use in the rest of the organization. Each request was handled by the IT staff, who approached several suppliers to find the best price and then informed the requester of the cost so that they could create a purchase order. The money saved by sourcing the cheapest supplier did not cover the cost of the IT staff time it used. The process might be repeated several times a week for very similar requests because each was handled separately. When the purchase order was created, the item would be ordered, and when it was delivered, the support staff would install it. Because each item could be different, the staff had to ensure that they were following the installation directions for the particular model or software. The IT department then had to support all these different items and manage the warranty agreements. Occasionally incidents would be caused because these nonstandard items were incompatible with a change. The whole process was expensive and took up considerable IT time. The process was slow, often taking three or four weeks from request to fulfillment, so users would sometimes circumvent it by buying and installing items themselves!

A new standard request fulfillment process was introduced to address these issues. Following discussion with the business, the IT department agreed on some standard software and a number of standard devices—a standard laptop and one for “power” users, a standard desktop PC, and a standard office printer. A small stock of each of these was bought and put in storage. Users now ordered from this short list, at a set price, supplying the purchase order at the time of order. The item was taken from stock and installed the same day, while the purchase order was used to replenish the stock. The new arrangement suited everybody; the user was happy to forgo the ability to order any item in return for same-day installation, the IT staff had a simpler range of items to support, the IT management was happy to have a less labor-intensive process, and the finance department was pleased that the IT department was able to negotiate a good price from a single supplier in return for a steady stream of orders.

In addition to these benefits, the simpler process meant that the service desk was able to handle the request, assigning the installation to the desktop support team and ordering the replacement. The simple process was suited to user self-service and became one of the first services offered to users on the new self-service portal.

Scope

The scope of request fulfillment will vary from one organization to another; it can include any requests that can be standardized and used where the organization has agreed to use it. Each request should be broken into agreed activities, each with a documented procedure. The procedures are then used to build the request models.

ITIL calls all these service requests; they are all opportunities to provide the user with something they have asked for, such as information, advice, a standard change, or access to an IT service (such as resetting a password or providing standard IT services for a new user), and as mentioned in the introduction, the request fulfillment process is used to handle them.

The ITIL Service Operation publication suggests that other sorts of requests, such as requests for building maintenance, may be handled together with IT requests. Take a moment to consider the advantages of this approach:

Similar handling for both
Expands single point of contact
De-skills the (usually service desk) job

It will be up to each organization to decide and document which service requests it will handle through the request fulfillment process and which will have to go through other processes, such as business relationship management (BRM) processes for dealing with requests for new or changed services.

Value to the Business

The request fulfillment process benefits the business in a number of ways.

First, it improves the productivity of the business by giving its staff quick and effective access to the services they need to do their jobs. By providing a straightforward means of having its requests fulfilled, business staff can remain productive. Centralization encourages consistency and efficiency. Bureaucracy and delay is reduced, thus reducing the cost of fulfillment. Second, the process provides an efficient way to handle requests, again reducing bureaucracy. A formal process implies the centralization of sourcing and purchasing, enabling the service provider to standardize the hardware and software used and reducing support costs. Central purchasing through approved suppliers can also reduce costs through economies of scale.

The standardized nature of request fulfillment means that it is an obvious candidate for self-help. Although not essential, automating the process with a self-help front end enables the requester to interface directly with the process and thus speeds up the fulfillment process. Typically, users can access a list of possible requests on a company external website or intranet. This ensures that the user provides all the necessary information and can be informed as to expected lead times (defined in the SLA).

Automation can simplify the logging of requests. It can also automate the fulfillment process, without the intervention of the service desk if there is a direct interface into the necessary systems. An example of such automated fulfillment is when you request and receive a password reset from an Internet shopping site such as Amazon without any human intervention. Financial approval of requests can also be automated, with the request being sent to the appropriate budget holder for approval or rejection before fulfillment.

Next, we consider the policies, principles, and basic concepts of the request fulfillment process. Let’s start with policies.

Policies

In this section, we’ll consider some of the policies that support effective request fulfillment.

Policy: Process flows should be defined for each service request. A process flow should be defined for the entire lifecycle of each service request. This will ensure that requests are satisfied effectively, efficiently, and consistently. Service designers should include new requirements for standard services in their design efforts.

Policy: Process should be owned by a centralized function. A centralized function should own all service requests. This does not mean that there should be a single function for fulfilling the requests. Rather, the central function will be a single point of contact to monitor progress of requests and take action should progress be slow. This central function will also provide requesters with updates on progress where appropriate. Often the service desk takes this role.

Policy: A standard change process should be used when a change to a configuration item is involved. If a request involves a change to a configuration item, then it must be implemented by a standard change. In other words, request fulfillment must follow normal change management procedures.

Policy: All service requests should be handled by a single system. Service requests should be handled by a single system. The parallel here is with incident management and the service desk.

Policy: All service requests must be authorized. All requests must be authorized before they are fulfilled. Many requests incur costs, such as the purchase of hardware or a software license, and those costs must be authorized.

Policy: All service requests should be prioritized according to business criteria. The activity needed to fulfill a request must align with the needs and objectives of the business. In other words, each request must be prioritized using business criteria. Here is another parallel with incident management.

Policy: Users must be able to submit requests and obtain updates easily. Users must have a clear means of submitting a request and of getting an update on progress. This could be the single point of contact that is provided by the service desk for incidents. For request fulfillment, the point of contact could be the service desk or the web portal.

Principles and Basic Concepts

Many organizations use their existing incident management process (and tools) to handle service requests because key steps are often the same. In each case, the following questions need to be answered:

Can the service desk deal with this?
Would this impact negatively on incident handling?
If not the service desk, who can deal with this?
What are the timescales/agreed service levels?
Is the user satisfied?

Separation of Requests and Incidents

Some organizations separate requests from incidents because incidents are unplanned and unwanted; a major aim of service management is to reduce the number of incidents through improved design, problem management, and continual service improvement. In contrast, there may be a policy of increasing the number of items that can be dealt with through the request fulfillment process. The targets for incidents and requests may be very different: requests often have specified lead times, which are dependent on other factors (such as the user not being given access until they have attended a training course), whereas with incidents, the aim is to resolve each one as quickly as possible. Where there are a significant number of requests to be fulfilled, a separate process with a different record type should be used. This allows the service provided to be monitored and reported on in a more appropriate way than using incident reporting. Also, it is likely incidents will be given priority over requests, resulting in requests not meeting SLA targets because fixes take precedence. Similarly, if dealing with requests has an impact on incident resolution, the customer will be dissatisfied.

Request Models

The process needed to fulfill a request will vary depending on exactly what is being requested, but it can usually be broken down into a set of activities that have to be performed. For each request, these activities should be documented into a request model. In this case, a request model defines how to handle a particular, frequently occurring request.

The model should define the sequence of actions that must be performed, who will perform them, and the required timescales for each of the steps as well as for the fulfillment of the complete request. Any escalation paths that may be required should also be included.

Menu Selection

The effectiveness of request fulfillment is hugely enhanced if it is supported by a software tool, and probably a tool that is web based. Such a tool should feature a menu of available services from which the user is able to select. The provision of all the required information can be enforced by using mandatory fields and providing drop-down lists of possible options. In addition, the tool should set the user expectations by showing lead times, costs, and so on.

Where organizations are already offering a self-help IT support capability to the users, it makes sense to combine this with a request fulfillment system as described.

Specialist web tools that offer this type of “shopping basket” experience can be used together with interfaces directly to the back-end integrated ITSM tools used to manage the request fulfillment activities.

Request Status Tracking

The request owner must be able to track requests through their lifecycle and report progress to the requester where appropriate. Each organization will choose the appropriate statuses for its needs, but let’s consider the most common statuses that are used:

Draft indicates that a request is being prepared for submission. For whatever reason, at the moment the requester is unable or unwilling to submit the request.
In Review indicates a request that has been authorized but is now under review by the relevant fulfillment team. They could be planning a desktop installation, for example.
Suspended indicates that fulfillment activity has been suspended. This may be because the fulfillment group is waiting for action or information from the requester.

The other common statuses—Waiting Authorization, Rejected, Canceled, In Progress, Completed, and Closed—are self-explanatory.

Prioritizing and Escalating Requests

All service requests should be prioritized based on a standard set of criteria. This can be done by considering the impact and urgency of a request, as with incident management. Alternatively, an organization might have set lead times for different request types.

A variety of reasons exist for escalating a request. Perhaps the obvious one is that a request might not be fulfilled within agreed timescales. Escalation might also be required if the process is being misused by the business. For example, the relocation of up to five workstations might be a service request but more than five would require the submission of a change request. Some managers in the business might try to get around this limitation by submitting several requests, each for five workstations but amounting to a large number in total. The request owner should be on the alert for this and escalate in the agreed manner.

Approval

As you’ve seen, many requests will incur a cost that must be approved. Some requests will have a standard charge—a software license or a standard workstation, for example. In other cases, the fulfillment group must establish the cost in the context of what exactly has to be done, as with an equipment move, for example. The role within the business responsible for approving the spend should be identified within the request model. Financial approval can be automated, and it may take place before the request is seen by the service desk. Requests for standard cost items may be routed to the approver before arriving at the desk.

Sometimes other types of approval are needed. These may include compliance with the organization’s policies, especially in regard to information security, or technical approval to confirm that the request will work with the infrastructure. Request fulfillment must have the ability to define and check such approvals where needed. Procedures for obtaining required approvals should be included as part of the request fulfillment models to save time in processing the service request.

Coordination of Fulfillment Activity and Closure of the Request

A request, including fulfillment, can be handled in many ways. Some requests can be automated—password resets, for example. When human intervention is needed, the request can be fulfilled by a dedicated fulfillment group, the technical support teams, suppliers, or a combination of these. Remember, though, that ownership of requests should remain with one team—usually the service desk, unless a dedicated request team exists.

The service desk should monitor and chase progress and keep users informed throughout, regardless of the actual fulfillment source.

When the service request has been fulfilled, it must be referred back to the service desk for closure. The service desk should go through a closure process that checks to see whether the user is satisfied with the outcome.

Process Activities, Methods, and Techniques

We are now going to review the process flow shown in Figure 3.3. Although you do not need to know the process flow in detail for the exam, an understanding of what is involved in fulfilling service requests will help you grasp its objectives.

Flowchart shows request fulfilment process flow with service desk, RFC, web interface, phone call, and email together receive request, analyzing request, logging and validation, valid request?, categorization, prioritization, authorization, review, and so on. — **FIGURE 3.3** Request fulfillment process flow

Copyright © AXELOS Limited 2010. All rights reserved. Material is reproduced under license from AXELOS.

First we will look at the process flow and then discuss the high-level activities.

Figure 3.3 shows the complete request fulfillment process flow. You can see that it includes logging, categorizing, and prioritizing a request as you would an incident. It also includes some activities that are specific to this process. The request is logged and validated, categorized, and prioritized. Any necessary authorizations are then obtained, and the request is reviewed to ascertain who will fulfill it. The appropriate request model is then executed, and finally, the request is closed, with the requester’s agreement. We’ll look at each of these steps in turn.

Receiving the Request

The first activity is receiving the request. Most service requests are received either from the web portal or at the service desk, but they could come in by other routes, such as email or even as requests for change (RFCs). From the point of view of the service provider, the preferred route is through the web portal because this will reduce the calls to the service desk. Not all incoming requests will be service requests; they could be incidents or change requests, in which case they must be routed to the appropriate process.

Logging the Request

When a request is received, it should be logged and allocated a unique reference number, and all necessary information should be recorded. The web portal should be designed to help the requester provide the necessary information. The request record should be updated as necessary as the request proceeds through its lifecycle with date- and time-stamping to maintain a track of what happened and when.

Validating the Request

The request is examined to confirm that it is valid; this includes making sure the request is within the scope of the IT services being offered. The web portal may help by restricting what can be logged to the available types of service requests. These tools ensure that the source of the request is valid and that only valid types of request are issued. Any requests that are invalid should be returned to the requester with an explanation; for example, the requested service might not be provided by the service provider.

Categorizing the Request

Categorizing the request will enable future analysis and reporting. As with the categorization of incidents, some thought should be given to the system employed. Requests can be categorized in a number of ways. For example, they can be categorized by activity, such as password reset or software installation. Another example is categorizing by the function that will fulfill the request.

Prioritizing the Request

Prioritization will be in line with business need, taking into account the impact and urgency of the request. A model like the one described in Chapter 2, “Incident and Problem Management,” for the prioritization of incidents could also be used here.

Authorizing the Request

We discussed the need for all requests to be authorized as one of the request policies. The degree of rigor needed here depends very much on the type of request. Requests that cannot be authorized should be returned to the requester with an explanation of rejection.

Fulfilling the Request

After a request has been authorized, it is reviewed by the service desk and the appropriate fulfillment function is determined. In some cases, this will be the service desk itself; in others it might be a dedicated fulfillment team or even a supplier.

The request is then fulfilled by performing the actions specified in the appropriate request model. The request model can take a number of forms. In many organizations, it will simply be described in a written document; in others, a workflow tool will be used.

Completion and Closure of the Request

When the request has been fulfilled, it can be closed. Usually there will be a two-stage closure. The first stage simply records that, so far as the service provider is concerned, the fulfillment actions are complete. The second stage is the final closure, which should be performed only after consulting the requester.

If the service performed is chargeable, then at this point the appropriate charging mechanism is triggered. This might be sending a bill or registering a recharge. The service desk should check that the request documentation is up-to-date and that it is correctly categorized before final closure. Any updates to the CMS need to have been completed. This is also the time to conduct a satisfaction survey.

Triggers, Inputs, Outputs, and Interfaces

ITIL requires that every process should have a trigger and inputs to and outputs from the process activities. Each process will also have interfaces with a number of other processes.

Trigger

As previously explained, the request fulfillment process is triggered when a user submits a request. As you have seen, this may be delivered directly to the service desk or via the web portal where users can choose from a list of possible requests.

Inputs

The main input to the process is a request from the user. As you’ve seen, this can come by a variety of routes, each with its own format of information. Another significant input is the authorization form that may be required for some requests. Some requests may be logged as RFCs. Some requests will be for information, whereas others are for standard goods or services to be supplied.

Outputs

The following list includes examples of outputs from the process:

Requests that have been authorized or rejected and those that are canceled.
Some requests may be rerouted as incidents. For example, a user requests a new laptop because their current machine keeps crashing. This could be rerouted to resolve the fault and thus save unnecessary expenditure on new equipment.
Status reports may be output from the process.
Where a standard change is required, an RFC must be created.
Some requests may be routed as changes because they are asking for nonstandard products or applications and need to be approved for use within the organization.
The request should be updated as it is fulfilled.
When the request is completed, the output will be a fulfilled request, which should then be closed.
The final output is the update to the CMS when standard changes have been made.

Interfaces

Examples of primary interfaces with request fulfillment are as follows:

Financial Management for IT Services Some requests may be chargeable, and financial approval may be required.

Service Catalog Management The services that can be requested should be listed in the service catalog.

Release and Deployment Management This will interface with request fulfillment when the request concerns the automatic deployment of new or upgraded components. In such cases, the release is predefined, built, and tested and then deployed on request.

Service Asset and Configuration Management The CMS will need to be updated following any changes that may have been made as part of fulfillment activities. Where appropriate, software license checks and updates will also be necessary.

Change Management When a change is required to fulfill a request, it will need to be logged as an RFC and progressed through change management.

Incident and Problem Management As discussed, requests may be handled using the incident management process. Where appropriate, it will be necessary to relate service requests issued by IT to any incidents or problems that created the need for the requests.

Access Management This process may be involved with request fulfillment activities to ensure that those making requests are authorized to do so in accordance with the information security policy. Request fulfillment can act as the input to the access management process in relation to the creation and deletion of accounts.

Information Management

The process of request fulfillment is heavily dependent on information from formal service requests, and these can include the following:

What service is being requested.
Who requested and authorized the service.
Which process will be used to fulfill the request.
Who it was assigned to and what action was taken.
The date and time when the request was logged as well as the date and time of all actions taken.
Closure details.
RFCs: In some cases the request fulfillment process will be initiated by an RFC. This is typical where the service request relates to a CI.
The service portfolio, to enable the scope of agreed service requests to be identified.
Security policies that prescribe any controls to be executed or adhered to when providing the service—for example, ensuring that the requester is authorized to access the service, or that the software is licensed.

Each organization will have to define their own requirements, as the process of request fulfillment will vary from organization to organization.

Process Roles

There are a number of roles that need to be performed in support of the request fulfillment process, which are not job titles, but each organization needs to understand their requirements and allocate roles appropriately.

Request Fulfillment Process Owner

The request fulfillment process owner’s responsibilities may include

Carrying out the generic process owner’s role for the request fulfillment process (see Chapter 1)
Designing request workflows and models
Working with other process owners to ensure an integrated approach across all processes

Request Fulfillment Process Manager

The request fulfillment process manager’s responsibilities may include

Carrying out the generic process manager’s role for the request fulfillment process (see Chapter 1)
Planning and managing support for request fulfillment tools and processes
Coordinating interfaces between this and other service management processes
Handling staff, customer, and management concerns, requests, issues, and inquiries
Ensuring that request fulfillment activities operate within service level targets
Proactively seeking improvements in the process
Managing the gathering of customer and user feedback on the process
Managing resources and resourcing levels
Ensuring that service requests are carried out in a timely manner and according to any required authorization
Representing request fulfillment at CAB
Reviewing process records for accuracy and consistency

Request Fulfillment Process Practitioner/Analyst

This role is responsible for the day-to-day activities and ensures that service requests are completed to a high level of customer satisfaction. The role includes the following:

Providing a single point of contact and end-to-end responsibility to ensure service requests are properly carried out
Triaging service requests at point of contact to allocate resources
Communicating service requests to other process areas involved in the process
Ensuring service requests are appropriately logged

The initial handling of service requests is commonly carried out at the service desk, but the eventual fulfillment will be undertaken by the appropriate service operational staff, or suppliers, as required. Often there is no need for additional or specific roles to be identified. In certain circumstances, where the workload justifies it, a dedicated team may be created to carry out the process.

Critical Success Factors and Key Performance Indicators

There are several possible CSFs for request fulfillment, each of which will have KPIs to show whether the CSF is being achieved. Before we look at the CSFs and KPIs, let’s take a minute to understand what these terms mean:

A CSF is a high-level statement of what a process must achieve if it is to be judged a success. Normally, a process would have only three or four CSFs. A CSF cannot be measured directly; that’s what KPIs are for.
A KPI is a metric that measures some aspect of a CSF. Each CSF will have three or four associated KPIs.

Here are some examples of CSFs and KPIs for request fulfillment:

Critical success factor: “Requests must be fulfilled in an efficient and timely manner that is aligned to agreed service level targets for each type of request.”
Possible associated KPIs for this CSF are as follows:
- The mean elapsed time for handling each type of service request
- The number and percentage of service requests completed within agreed target times
  
  The first KPI relates to the requirement to fulfill requests in a timely manner and the second to meeting agreed targets. You may be able to think of other KPIs.
Critical success factor: “Only authorized requests should be fulfilled.”
This could be measured by the following KPIs:
- The percentage of service requests fulfilled that were appropriately authorized
- The number of incidents related to security threats from request fulfillment activities
Critical success factor: “User satisfaction must be maintained.”
The following examples would be relevant KPIs for this CSF:
- The level of user satisfaction with the handling of service requests (as measured in some form of satisfaction survey)
- The total number of incidents related to request fulfillment activities
- The size of the current backlog of outstanding service requests

Challenges

There are some common challenges encountered when implementing and running a request fulfillment process:

Ensuring that the scope of the process is clearly defined by documenting the type of requests that will or will not be handled by this process and which requests need to go to change management.
Providing an effective portal that will encourage users to submit requests there rather than calling the service desk. Clear targets must be agreed with the business for each type of request. These targets will be documented in the service level agreement.
Reaching agreement with the business on where, when, and how authorization should be sought. It’s important to adhere to normal budgetary controls in place within the organization.
Agreeing on the costs for fulfilling requests, specifying whether they are to be recharged, and ensuring that service requests do not violate the information security policy.
Providing the required level of information regarding the types of available requests in an easily accessible format, usually as part of the service catalog.
Providing a documented request model with a predefined process flow for each of the services being requested to ensure that all requests follow a predefined standard fulfillment procedure.
Making sure all service requests made through the web portal are processed in a timely manner and in accordance with agreed SLA targets to ensure customer satisfaction. Regular customer satisfaction surveys should be carried out.

Risks

Five common risks are faced by the request fulfillment process:

A poorly defined or communicated scope will mean that users and IT staff will be unclear as to what the process will and won’t handle.
A poorly defined or implemented web portal will not be used. Users will continue to call the service desk and a major benefit of the process will be lost.
Poorly designed or insufficiently resourced back-office fulfillment activities will mean that the process will not operate effectively or efficiently. Targets will not be met, backlogs will build up, and customer satisfaction will plummet.
Inadequate monitoring capability will prevent metrics from being gathered, and as a result, performance won’t be managed.
Users may be reluctant to use a web-based tool if it is a new concept to the organization.

Access Management

Access management is the process of granting authorized users the right to use a service while preventing nonauthorized users from gaining access. It is also sometimes referred to as rights management or identity management.

Purpose

As part of your Foundation training, you will have covered the process of information security management and its role in defining security policies. The process for implementing many of these policies is access management. This process provides users who have the required authorization with the ability to use the services they require. Ensuring that only authorized individuals are given access to data is a concern of every IT service provider; failure to carry this out correctly can be damaging and possibly breach legal or regulatory requirements. Consider the damage that could be done to an organization discovered to have allowed unauthorized access to medical or banking records because of poor access management processes.

Organizations need to ensure that access is managed not only when a new member of staff is appointed and set up with access to the systems and services, but also when the staff member leaves. A challenge many organizations face is keeping up-to-date with changing access requirements as a staff member moves between departments. Often new access rights are requested, but it’s never determined whether the existing access rights are still required in the new position; therefore, the individual may amass significant rights over a period of years if this step is not carried out. It is dependent, in part, on the business informing the IT service provider of staff moving between departments; the IT provider should routinely query whether existing access is still required when additional access is requested.

There may also be occasions when access is restricted—for example, during an investigation into suspected wrongdoing to prevent any evidence from being destroyed. Such requests would normally be made by senior management or human resources department.

Objectives

The objectives of the access management process are to do the following:

Manage access to services, carrying out the policies defined within information security management (see Chapter 15, “Technology and Implementation Considerations for Release, Control, and Validation”).
Ensure that all requests for access are verified and authorized. This may include requests to restrict or remove access.
Ensure that requests are dealt with efficiently, balancing the requirement for authorization and control with the need to be responsive to business requirements.
Ensure (once access rights are granted) that the rights that have been granted are used in accordance with security policies. This might include, for example, Internet access for personal use. Although some personal use may be allowed, there are likely to be categories of websites that may not be accessed.

Scope

The scope of access management, as we have said, is the efficient execution of information security management policies. Carrying these out ensures that the confidentiality, integrity, and availability (CIA) of the organization’s data and intellectual property are protected. Confidentiality here means that only authorized users are able to see the data. Integrity means that the data is kept safe from corruption or unauthorized change. Access management ensures that users are given the right to use a service. This does not guarantee that it will always be available during service hours, which is the responsibility of availability management.

A request for access will often be made through the request management process. Some organizations will maintain a specialized team to carry out requests, but more commonly they are carried out by other functions. Technical and application management functions are involved, and a significant part of the process may be handled within the service desk. There should be a single coordination point to ensure consistency.

Value

The access management process provides a number of benefits to the business:

First, by controlling access to services, it protects the confidentiality of the organization’s information. Customer confidentiality, for example, is a significant concern for many organizations.
A second benefit is that staff members have the right level of access to perform their roles.
A third benefit is that the process provides a means of tracking the use of services by users.
Sometimes there may be a need to revoke access rights quickly—for example, if a user is suspected of criminal behavior. The process enables this to be done.
Finally, the process will support regulatory and legal compliance not only by managing access, but also by being able to demonstrate that access is managed.

Policies

The ITIL Service Operation publication describes five useful policies for access management.

The first policy is a formal statement of things we have already mentioned, especially that the management of access to services is led by the policies and controls defined by information security management. An implication of this is that if an unusual request for access is received, and it doesn’t appear to fall within the guidelines laid down by information security management, then the request should be escalated to information security management. It cannot be granted at the discretion of access management.
Another policy is that the use of services should be logged and tracked. Tracked here implies that access should be monitored in real time and events triggered as appropriate. There are also implications here for service designers—services must have the means of logging activity built into them.
The third policy is that the process must keep the access rights up-to-date. In particular, it should modify rights as individuals change roles or leave the organization.
The fourth policy is related to the second. It says that the process should maintain an accurate history of successful and unsuccessful attempts to access services. This information would be useful, for example, for later examination by auditors.
The final policy is that escalation procedures should be defined for any events that threaten security.

Principles and Basic Concepts

We’re now going to examine a number of basic access management concepts.

Access Refers to the level and extent of a service’s functionality or data that a user is entitled to use.

Identity Refers to the information about a user that distinguishes them as an individual, makes them uniquely identifiable, and verifies their status within the organization.

Rights or Privileges Refer to the settings whereby a user is provided access—for example, read, write, execute, change, and delete.

Service Groups Provide a means of simplifying the task of allocating rights. The idea behind service groups is that there are groups of users who will require exactly the same rights to the same set of services. Instead of rights being granted individually, a service group is created that has the required set of rights. Users are linked to the service group and will inherit the rights of the group.

Directory Services Refer to specific types of tools that are used to manage access and rights.

Process Activities, Methods, and Techniques

It is important to understand the steps and activities in the process, as shown in Figure 3.4, the access management process flow. We are going to look at each step of the process.

Flowchart shows access management process flow with request for change, service, human resources, and application script flows together into receive, verification, decision making on validity (user, request, and access), and so on. — **FIGURE 3.4** Access management process flow

Copyright © AXELOS Limited 2010. All rights reserved. Material is reproduced under license from AXELOS.

Request Access

A request for access can be made in a number of ways:

The access request could be handled as a service request through the request fulfillment portal.
It may result from the completion of a request form.
If the change of access affects many users, a request for change will probably be used. For example, the transition of a new service will mean updating the access rights of everyone who will use the service.
Another route is through an automated process. For example, each year a college or university will enroll possibly thousands of new students, and each of them must be granted access to student IT services. This is often done automatically by the student registration system when the student actually registers.
The request may also come automatically from the HR system when a new member of staff is recorded or the status of an existing employee changes, such as when someone resigns or is transferred or promoted.

All requests, whether or not they are valid, are logged.

Verifying and Validating

The access request must then be verified. The identity of the requester must be confirmed, and the access requirement must be judged as legitimate.

Usually, an existing user’s username and password are accepted as proof of identity. In more secure environments, biometric data or physical identification devices can be used.

For new users, some physical evidence of identity will be required, such as official proof of identity (such as a passport or driver’s license).

New users include not only new permanent staff members but also temporary and third-party users such as visitors, contract staff, and vendors. The organization will define how a request will be verified.

The second aspect of verification is checking that the request is legitimate—that is, the user is authorized to have the rights requested. This verification must be independent of the requester. A user cannot verify the legitimacy of their own request. Often a request will be verified by a line manager or HR. Requests that come by way of a RFC will have been authorized through the change management process.

Some services will be available for use by anyone who requests them; there should be a policy that defines this. If the request is not valid, then it will be logged and returned to the requester. An incident may be raised to investigate why an invalid request was created, if thought necessary. A valid request will be actioned appropriately.

Provide Access

The task of providing rights is often delegated to a specialist technical or application team that has the necessary knowledge and skills. This task can be automated by using access management tools that interface with multiple applications. This is only possible, of course, if the design of the applications included this as a requirement.

Access rights are associated with a role: a payroll clerk has the right to use the payroll system. Users can occupy multiple roles, each of which brings a set of rights, and sometimes these conflict with some enterprise policy such as the separation of duties. For example, it is usual practice to ensure that a person who places an order with a supplier is not able to authorize payment. Where a role conflict occurs, access management should escalate the issue to the appropriate stakeholder, who will be someone in the business area concerned. (For example, if the roles are within the finance department, the issue would be referred to the appropriate stakeholder in that department; if the roles are within the IT department, the appropriate IT manager would be consulted.)

Monitor Access

Once the access has been granted, the status of the user should be monitored to ensure that they still have a valid requirement for the access. In practice, this can be difficult to achieve. Access management should be notified of staff who leave so that their access can be revoked, and many organizations have robust procedures to ensure that this is done. Many organizations encounter difficulty in tracking the changing roles and accompanying access requirements of users, especially those who have been in the organization for many years. In this situation, new access requirements are added to existing rights, with no verification that the existing rights are still required. Consideration should be given to adding questions about existing access requirements to the access request form. The HR department needs to be made aware of the importance of supplying information regarding changing job roles to access management in order to protect the organization’s data. Access management should understand these different types of staff changes and determine how it will become aware of them. Ideally, this will be automated by an interface with the HR system. The failure to respond to changes in status is a common security issue. It leads, for example, to computer accounts remaining available for use even though the users have left the organization.

The tracking access activity might trigger a security incident if, for example, an unsuccessful attempt to access a service is made by a valid user.

Remove Access

The last activity that we’ll look at is removing or restricting a user’s rights. There are a number of circumstances when this might be necessary. Although in many cases the modification is permanent, such as in the case of dismissal or promotion, there may be situations where this is only temporary. For example, in some organizations, a user’s computer account is suspended when they go on leave.

Access should be permanently revoked when a user leaves an organization; again, the HR department needs to understand the importance of informing access management quickly in this situation.

Access management has to ensure that rights are not improperly used, which will require that access is logged and tracked. The degree of oversight required is determined when the service is designed and the appropriate logging mechanisms are provided. Should possible misuse be detected, the process must respond appropriately. This will usually entail raising a security incident and alerting stakeholders. In this situation, access may be temporarily revoked during the investigation, with access being restored if the misuse is deemed to have been an innocent mistake or permanently revoked if it is found to be deliberate. The access management process may be required to provide a record of access, perhaps in the context of the investigation of criminal behavior.

Triggers, Inputs, Outputs, and Interfaces

Next let’s consider the triggers for the process, its inputs and outputs, and the interfaces it shares with other processes.

Triggers

Access management is triggered by a request for a user or users to access a service or group of services. This could originate from a number of circumstances.

The first possible trigger is an RFC, especially where a large number of access changes are required, perhaps as part of a rollout or project.

Another possible trigger is a service request. This is usually initiated through the service desk, or input directly into the request fulfillment system, and executed by the relevant technical or application management teams.

A request from human resources is another possible trigger. In this situation, HR management personnel make the request through the service desk. These requests are usually as a result of hiring, promoting, relocating, termination, or retirement.

The final trigger may be a request from the manager of a department, who could be performing a human resources role or who could have made a decision to start using a service for the first time.

Inputs

The inputs to the process are those that relate to the triggers, such as these:

Authorized RFCs and authorized requests to grant or terminate access rights
The security policies of the enterprise
Any information about the identity of users

Other inputs are the operational and service level requirements for granting access to services, performing access management administrative activities, and responding to events related to access management.

Outputs

The access management process has the following outputs:

The provision of access to IT services in accordance with information security policies
The access management records showing when access has been granted or denied and the reasons for the denial
Timely communications concerning inappropriate access or abuse of services

Interfaces

The access management process interfaces with a number of other service management processes.

A key interface is the one with information security management. As already stated, access management acts under the guidance and instruction of information security management and plays an essential part in ensuring that the requirements of the information security policies are met.

Many requests for access will come from the change management process in the form of authorized requests for change or even standard changes.

It is through the service level management process that access requirements and criteria are agreed on with the business on a service-by-service basis.

The relationship of the process with IT service continuity management is interesting. Access requirements may need to be varied should the continuity plan be invoked. Also, there may be a need to grant temporary access when the plan is being tested.

Request fulfillment provides a route for users to submit access requests.

Information Management

Information is critical to the success of access management and is part of the definition of identity.

Identity

Examples of things that may be included in the identity of a user are

Name
Address
Contact details, such as telephone number and email address
Physical documentation, such as driver’s license, passport, or marriage certificate
Numbers that refer to a document or an entry in a database, such as employee number, tax number, government identity number, driver’s license number
Biometric information, such as fingerprints, retinal images, voice recognition patterns, DNA
Expiration date (if relevant)

Access management should provide access to IT services or organizational information to any legitimate users. These could include permanent employees or contractors temporarily engaged by the organization, vendor personnel such as account managers or support staff, or customers.

It is normally the responsibility of the organization to verify a user’s identity before they join the organization and are granted access to IT systems or services. But IT will need to verify that the correct person is associated with the information provided. The higher the level of organizational security, the more information will be required to verify an individual.

Temporary access is just as important to manage as permanent access. Any identification will be captured and filed as part of an employee record.

Users, Groups, Roles, and Service Groups

It is often helpful to group numbers of users together to make the management of access rights more effective. The term user profile or user template can be used to describe these.

Many organizations have a standard set of services that users can access and may use this for grouping users together. But it must be flexible enough for the individual requirements to be catered for, as well as providing sufficient control. A catalog of user roles may be useful to help the definition of user groups.

However, the data profiles of all groups or users must be subject to the relevant legislation or governance—for example, the Data Protection Act (UK), or state-specific legislation in the US. This should be specified as part of the information security management policy.

Process Roles

These are the roles and responsibilities carried out by the access management process. As with all service management processes, the roles defined for an organization will depend on its needs.

Access Management Process Owner

The access management process owner’s responsibilities may include

Carrying out the generic process owner role for the access management process (see Chapter 1)
Designing access request workflows
Working with other process owners to ensure an integrated approach to the management of access request across the lifecycle

Access Management Process Manager

The access management process manager’s responsibilities may include

Carrying out the generic process manager role for the access management process (see Chapter 1)
Planning and managing support for access management tools and processes
Coordinating interfaces between access management and other service management processes

Access Management Process Practitioner/Other Roles

Access management is the operational execution of the information security management and availability management processes. As a consequence, the practitioner roles are most likely to be defined by these design processes, based on the content of the information security policy. These roles can be identified as follows.

The Role of Service Desk Staff

The service desk will often be the first point of contact to validate a request for access to a service. This may be done using a service request, which may require validation of the correct level of authorization, and also the identity of the user requesting the access.

Once validated, the request may be passed to the appropriate team for action. Depending on the security levels required by the organization, this may be at the service desk or require a higher level of technical access.

Incidents relating to the process of access management will also be handled by the service desk.

The Role of Technical and Application Management Staff

Technical and application management may play several important roles:

During service design, they will ensure that access management requirements are part of the capability of the service design. This should include detection and monitoring of access to the service, and the approach to management of any access-related issues or incidents.
During service transition, they will be involved in and responsible for the testing of the access to the service.
During service operation, these teams will typically manage the access for systems under their control.
Technical and application management will also be involved in the resolution of access-related incidents and problems.
In the situation where the service desk has been granted the rights to manage access for particular services, technical and application management must ensure that appropriate training is given.

The Role of IT Operations Management Staff

If there is an operations management function, it is common practice for the access management activities to be delegated to this group. This will include providing or revoking access to services or systems, and there will need to be clear instructions for the management of such access.

If the operations bridge also exists, it may have the responsibility for managing the monitoring for access events.

Critical Success Factors and Key Performance Indicators

The ITIL Service Operation publication suggests three CSFs for access management.

The first is “Ensuring that the confidentiality, integrity, and availability of services are protected in accordance with the information security policy.” The KPIs show whether the CSFs are being achieved. The first KPI is the percentage of incidents that involved inappropriate security access or attempts at access to services. You can see that this is measuring actual consequences of poor access management. The second KPI is the number of audit findings that discovered incorrect access settings for users who have changed roles or left the company. This is measuring the potential for security lapses caused by poor access management.

The second CSF for access management is “Provide appropriate access to services in a manner that’s timely enough to meet business needs.” The example KPI for this is the percentage of requests for access that were provided within established SLAs and OLAs.

The last CSF for access management is “Provide timely communications about improper access or abuse of services.” This and the suggested KPI of a reduction in the average duration of access-related incidents (from time of discovery to escalation) are about ensuring that any issues are dealt with expeditiously.

Challenges

For access management to be successful, it must overcome a number of challenges. It must be able to do the following:

Verify the identity of both the user and the approving person or body.
Verify that a user qualifies for access to a specific service.
Link multiple access rights to an individual user.
Determine the status of the user at any time, such as to assess whether they are still employees.
Manage changes to a user’s access requirements.
Restrict access rights to unauthorized users.
Keep a database of all users and the rights that they have been granted.

Meeting these challenges requires a considerable effort.

Risks

Finally, we consider the risks faced by access management. Failure to meet any of the challenges described in the preceding section is a risk, of course. There are five additional risks:

The first risk is a lack of appropriate supporting technologies, causing a reliance on error-prone manual involvement.
A second risk is controlling access from “backdoor” sources such as application interfaces.
A third risk is managing and controlling access to services by external third-party suppliers. Third parties may need access for a variety of legitimate reasons, but the access is often occasional and unplanned, which makes it difficult to manage.
Lack of management support for the process is a risk for all service management processes. A particular issue here is that management often sees security controls as obstructing them and their staff from accomplishing their tasks and therefore does not support them.
There is a risk that access controls will hinder the ability of users to conduct business.

Summary

This chapter explored the next processes in the service operation stage, event management, request fulfillment, and access management.

We covered the use of event monitoring to manage large numbers of items and how automated responses to particular events may improve the delivery of services. We also explained the role of events in automating processes.

We discussed the key ITIL concepts of events and alerts and how event management can improve availability by preempting failures or reducing the time taken to identify them. Finally, for this process, we considered the technical and staff challenges of implementing the event management process, and the roles included in the process.

We also explored the process of request fulfillment. We discussed the key ITIL concepts of service requests and how the request fulfillment process can save time and money in expediting simple user requirements.

We examined the process in depth, covering its purpose, objectives, scope, and value. We considered its policies, principles, activities, and basic concepts and how its success might be measured. We also discussed what factors might work against a successful implementation. The chapter also explored the appropriate roles for the process.

This chapter also covered access management’s purpose, objectives, scope, and value. We discussed policies, principles, and basic concepts; process activities, methods, and techniques; triggers, inputs, outputs, and interfaces; critical success factors and key performance indicators; and challenges and risks.

You learned about the key ITIL concepts of access, identity, rights, and service groups.

We discussed the importance of access management in preventing unauthorized access to data and some of the issues that arise in monitoring access rights. This included exploration of the roles and responsibilities of staff involved in managing this activity.

We examined the following key ITIL concepts:

Active monitoring
Alert
Event
Identity
Information security management
Information security policy
Monitoring
Passive monitoring
Request model
Threshold

Exam Essentials

Understand the purpose, objectives, and scope of event management. Describe events (a change of state that has significance for the management of a CI) and alerts (a failure or breach of a threshold) and the difference between them. Be able to give examples of each.

Understand the role of event management in automation. Describe passive and active monitoring and the difference between them. Be able to give examples of each. Understand the importance of filtering events and explain how effective event management can reduce downtime. Be able to explain automatic responses to certain types of events.

Know how event management benefits the customer and the IT department. Understand the efficiency benefits to be gained by being able to have a small number of staff monitor huge numbers of CIs and services. Understand how improved availability through reduced downtime benefits the business.

Understand how event management can be used to monitor business events and environmental conditions. Be able to explain how the process of event management can be applied beyond the technical IT environment.

Understand the purpose, objectives, and scope of request fulfillment. Request fulfillment provides an efficient means of delivering defined standard services to customers, with low-risk requests and a defined fulfillment process. It can include IT and non-IT requests and be accessed through a self-help web portal.

Know how request fulfillment benefits the customer and the IT department. Request fulfillment provides the customer with an easy, efficient means of requesting defined standard services and enables the requests to be fulfilled by service desk and second-line staff with minimum bureaucracy.

Understand the use of request models. Because requests have a predefined fulfillment process, they are very well suited to the use of request models, which can be programmed into the service management toolset.

Understand the need for technical and financial approval. Although some requests are preauthorized, there may be occasions when authorizations are required. The usual corporate financial controls still apply, so the budget holder may need to approve, for example, the purchase of equipment. Technical authorization may be necessary as a confirmation that the request is compatible with the user’s existing equipment.

Understand the use of a web portal and menu selection in implementing an efficient user interface. Request fulfillment can be greatly enhanced by providing the equivalent of an online shop, complete with “Add to Cart” facility. Users are familiar with this approach through Internet shopping, and it reduces the need for data entry at the service desk.

Understand the purpose, objectives, and scope of access management. Explain the relationship between access management and information security management. Access management is not just granting access—it is also restricting or removing it as required.

Understand the main process activities of access management. Explain the following access management activities: requesting access, validating and verifying a request, providing a request and monitoring how it is used, and finally, where necessary, removing it.

Understand and recognize the roles and responsibilities for each process. This includes not only the generic roles applicable in all cases but also the specific relating to each process.

Review Questions

You can find the answers to the review questions in the appendix.

For which of these situations would implementing automation to support event management by using event management be appropriate?
1. Hierarchical escalation of incidents
2. Speeding up the processing of month-end sales figures
3. Notification of an “intruder detected” to local police station
4. Running backups
  1. 3 and 4 only
  2. All of the above
  3. 2 and 3 only
  4. 1, 3, and 4 only
Event management can be used to monitor which of the following?
1. Environmental conditions
2. System messages
3. Staff rosters
4. License use
  1. 1 and 2 only
  2. 2 and 3 only
  3. 1, 2, and 4 only
  4. All of the above
Which of the following are types of event monitoring?
1. Passive
2. Virtual
3. Active
4. Standard
  1. 1 and 2 only
  2. 2 and 3 only
  3. 1 and 3 only
  4. All of the above
The request fulfillment process is suitable for which of the following?
1. All requests, including RFCs
2. Only requests that have been approved by the CAB
3. Emergency requests for change, because the process will ensure a fast implementation
4. Common, low-risk requests with a documented fulfillment procedure
Requests are most likely to be fulfilled by which of the following?
1. Service desk staff
2. Second-line staff
3. Service level manager (SLM)
4. Business relationship manager (BRM)
  1. 1 and 2
  2. All of the above
  3. 1 and 3
  4. 2 and 3
Which of the following statements is incorrect?
1. Requests need to be authorized by the CAB.
2. Requests need to be authorized by the budget holder when an expense will be incurred.
3. Requests need to be authorized by technical management when technical compatibility is an issue.
4. Requests that involve a change should be primarily preauthorized standard changes.
Which of the following is the best description of access management?
1. Access management enables authorized access to services and data. Information security management prevents nonauthorized staff from gaining access.
2. Access management grants authorized users the right to use a service while preventing nonauthorized users from gaining access.
3. Access management is responsible for setting security policies.
4. Access management decides what services users should have access to.
Why is effective access management important for an organization?
1. Because there may be legal requirements to require control over access to data.
2. Because poor access management may lead to data that should have been protected being made available to unauthorized individuals, leading to negative press that could damage the reputation of the organization.
3. Because effective access management will reduce costs.
4. Because without it, potential customers may hesitate to deal with the organization, concerned that their data will not be protected.
5. Because otherwise, deciding what access to allow will be an IT rather than a business decision.
  1. 1, 2, and 4 only
  2. 1, 4, and 5 only
  3. All of the above
  4. 1, 2, 4, and 5 only
Which of the following is not a challenge for access management?
1. Verifying identity
2. Validating access requests
3. Tracking access rights when users change names (such as upon marriage) or have the same name as another user
4. Tracking changes in requirements as users change jobs
When might access management reduce or remove access?
1. If the user is on long-term leave
2. If the user has left the organization
3. If the user is under investigation for wrongdoing
4. If the user has changed jobs within the organization
  1. All of the above
  2. 1, 3, and 4 only
  3. 2, 3, and 4 only
  4. 1, 2, and 3 only

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 3 Event Management, Request Fulfillment, and Access Management

Create new playlist

Sign In

Sign Up

Event Management

Purpose

Objectives

Scope

Value

Policies

Principles and Basic Concepts

Monitoring and Event Management

Informational, Warning, and Exception Events

Filtering

Designing for Event Management

Instrumentation

Correlation Engine

Process Activities, Methods, and Techniques

Event Notification

Event Detection and Logging

Correlation and Filtering

Actions Taken

Review and Closure

Triggers, Inputs, Outputs, and Interfaces

Triggers

Inputs

Outputs

Interfaces between Event Management and the Lifecycle Stages

Business Processes

Service Design

Service Transition

Service Operation

Information Management

Process Roles

Event Management Process Owner

Event Management Process Manager

Event Management Process Practitioner: Other Roles

The Role of Service Desk Staff

The Role of Technical and Application Management Staff

The Role of IT Operations Management Staff

Critical Success Factors and Key Performance Indicators

Challenges

Risks

Request Fulfillment

Purpose and Objectives

Scope

Value to the Business

Policies

Principles and Basic Concepts

Separation of Requests and Incidents

Request Models

Menu Selection

Request Status Tracking

Prioritizing and Escalating Requests

Approval

Coordination of Fulfillment Activity and Closure of the Request

Process Activities, Methods, and Techniques

Receiving the Request

Logging the Request

Validating the Request

Categorizing the Request

Prioritizing the Request

Authorizing the Request

Fulfilling the Request

Completion and Closure of the Request

Triggers, Inputs, Outputs, and Interfaces

Trigger

Inputs

Outputs

Interfaces

Information Management

Process Roles

Request Fulfillment Process Owner

Request Fulfillment Process Manager

Request Fulfillment Process Practitioner/Analyst

Critical Success Factors and Key Performance Indicators

Challenges

Risks

Access Management

Purpose

Table of Contents for
Chapter 3 Event Management, Request Fulfillment, and Access Management