Continual Service Improvement Process General Understanding Knowledge Sources

Continual Service Improvement Process General Understanding

Knowledge Sources ISO/IEC 20000: 2011 • Section 4. 5 Establish and Improve SMS. ITIL® • Continual Service Improvement. COBIT 5 • • Manage Quality Monitor, Evaluate and Assess Performance and Conformance. Monitor, Evaluate and Assess the System of Internal Controls. Monitor, Evaluate and Assess Compliance with External Requirements.

Continual Improvement – PDCA Cycle surance Quality As Plan Do Act Check Improvement

7 Steps to Service Improvement © Crown Copyright 2013 Reproduced under licence from AXELOS Identify • Vision • Strategy • Tactical Goals • Operational Goals 1. Define what you should measure 2. Define what you can measure 7. Implement corrective action Goals 6. Present and use the information, assessment summary, action plans, etc. 5. Analyze the data Relations? Trends? According to plan? Targets met? Corrective action? 4. Process the data Frequency? Format? System? Accuracy? 3. Gather the data Who? How? When? Integrity of data?

COBIT Processes Provides the governance and management structures to manage and improve: • Quality. • Performance. • Control. • Compliance.

Continual Service Improvement Plan

Planning for Improvements ISO/IEC 20000: Plan – scope and service management plan. ITIL: Define what should be measured (strategy). Define what will be measured (measurement framework). COBIT: Establish a quality management system. Define and management quality standards, practices, and procedures. Establish a monitoring approach. Set performance and control targets. Identify compliance requirements. Optimize responses to compliance.

Step 1 – Defining Strategy Defining what should be measured: • Corporate Strategy. • IT Strategy. • Improvement Strategy.

The Continual Service Improvement Model Items to consider: What is the vision? © Crown Copyright 2013 Reproduced under licence from AXELOS • Vision aligns with business and IT strategies Where are we now? • Obtain an accurate baseline assessment. • Understand agree upon the priorities for improvement. • Verify that measurements and metrics are in place. • Momentum for quality improvement is maintained by assuring Changes are embedded in the organization. How do we keep the momentum going? Business vision, mission, goals, and objectives Baseline assessments Where do we want to be? Measurable targets How do we get there? Service & process improvement Did we get there? Measurements & metrics

The Continual Service Improvement Model © Crown Copyright 2013 Reproduced under licence from AXELOS What is the vision? How do we keep the momentum going? Business vision, mission, goals, and objectives Where are we now? Baseline assessments Where do we want to be? Measurable targets How do we get there? Did we get there? Service & process improvement Measurements & metrics

Scope Why scope? • To provide the greatest value to the customer. • To prioritize appropriately. • To manage budgets and resources effectively. • To minimize risk.

Service Management Plan A service management plan will include information on: • Objectives. • Service requirements. • Policies, standards, and external requirements. • Roles, responsibilities, and authorities. • Resource allocations (human, technical, information, and financial). • Stakeholders and suppliers. • Process and system interfaces. • Risk acceptance and management. • Approved technologies. • Measurements and reporting.

Quality Management Systems Benefits to Continuous Improvement: • Performance advantage through improved organizational capabilities. • Alignment of improvement activities to organization’s strategic intent. • Flexibility to react quickly to opportunities. • Employing a consistent approach to continual improvement. • Providing people with training. • Making continual improvement an objective for every person in the organization. • Establishing goals and measures in continual improvement. • Recognizing and acknowledging improvements. Source: Quality Management Principles (ISO)

Approaches to Monitoring • Identify stakeholders. • Define requirements on monitoring and reporting. • Maintain alignment with current business, customer, and IT objectives. • Create agreement around goals, metrics, taxonomy, and retention periods. • Create agreement around change control. • Allocate resources to monitoring and reporting. • Assess effectiveness of approach.

Identifying compliance requirements 1. 2. 3. 4. 5. Legislation Regulations Standards Architectures Policies

CSI – Implementation Issues • Identify and fill critical roles and responsibilities, e. g. CSI Manager, Service Owner, SLM and reporting analyst. • Governance. • CSI and Organizational Change. • Communication and Strategy planning.

CSI - value to the business For CSI to be successful, it must provide improvement opportunities throughout the entire service lifecycle. There is much greater value to the business when service improvement takes a holistic approach throughout the entire lifecycle. Improvements Benefits Return on Investment Value of Investment

CSI and the Service Lifecycle Service and Process Improvements, Guidance for Investments into IT and refreshed Service Portfolios Service and Process Improvements, guidance for KPIs, metrics and reporting, refined SLRs, SLAs, OLAs, & UCs. Continual Service Improvement Request for Changes, Service and Process Improvements, guidance and refinements for testing & validation. Service Strategy Service Design Service Transition Process and Function organization improvements, refined SLAs & OLAs, guidance Service for metrics and reporting Operation

Step 2 – Define Measurement Framework Defining what to measure Creating relationships between objectives, critical success factors, key performance indicators, and metrics Identifying methods of reporting communicating service levels, customer satisfaction, business impact, supplier performance, and market performance

Governance has been around the IT arena for decades. IT is forced to comply with sweeping legislation and an ever increasing number of external regulations. IT organizations must operate under full transparency.

IT Governance “IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership, organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives. " Source: Board briefing on IT Governance, 2 nd Edition, 2003, IT Governance Institute – ITGI.

Defining Service Levels are a means of defining and measuring the behavior of service components within the context of providing value to the customer.

Defining Service Targets represent the required level of service needed to deliver value to the customer.

Quality Management What is quality? • A measure of excellence. • A comparison between similar objects. • A fulfillment of requirements. • etc.

Process Management The activities of process management include: • Process definition. • Defining roles, responsibilities, and authorities. • Evaluating performance. • Identifying opportunities for improvement.

Continual Service Improvement Do

Implementing and Operating CSI ISO/IEC 20000: Do – service management system. ITIL: Gather Data. Process Data. COBIT: Monitoring, control and review of performance. Performance and conformance data. Monitor internal controls. Self-Assessments. Confirm compliance.

Step 3 – Data Collection Quality Performance Internal Control Compliance Technology Process Service

Procedure for Data Collection Define activity requirements Define frequency Define tool requirements Develop and communicate plan Update availability and capacity plans Begin monitoring and data collection

Performance Monitoring • • Capability assessment. Investment performance reports. Service level reports and service reviews. Supplier reports and reviews. Project performance reviews. Availability, performance, and capacity monitoring. Incident and problem reports. Service request and change reports.

Internal Controls What is an Internal Control? “A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achieving of objectives to operations, reporting, and compliance. ” From COSO Internal Control – Integrated Framework Executive Summary

COSO Internal Controls Framework The framework consists of: • Three objective categories • Operations • Reporting • Compliance • Five components • Control Environment • Risk Assessment • Control Activities • Information and Communication • Monitoring Activities • 17 principles

Capability Assessments A capability assessment compares the performance of a process against a performance standard. This can be an agreement in a SLA, maturity standard, or an average compared to companies in the same industry (known as a benchmark). An assessment for ISO/IEC 20000 is a capability assessment; it shows whether or not the requirements of ISO/IEC 20000 are being met. 33

Purpose of Internal & External Audits An independent evaluation is needed to assess the performance, and is also required by customers and third parties. The results can be used to update the agreed measures in consultation with the customers, and also for their implementation. There are three forms of evaluation: • Self-assessment. • Internal Audit. • External Audit. 34

Types of Audit findings are used to assess the effectiveness of the quality management system and to identify opportunities for improvement. There are three main types of audit: • First-Party Audit • Second-Party Audit • Third-Party Audit 35

Step 4 – Data Processing Define activity requirements Define frequency Define tool requirements Develop process data procedures Develop and communicate plan Update availability and capacity plans Begin processing Group logically Evaluate

Continual Service Improvement Check

Monitor and Review ISO/IEC 20000: Check – internal audits and management reviews. ITIL: Analyze Data. Present and Use Data. COBIT: Analyze and report performance. Identify and report control deficiencies. Obtain compliance assessment.

Step 5 – Analyze Data 1. Review the data collected. 2. Current process results • • Statistical measurements Descriptive Analysis Variation Analysis Root Cause Analysis 3. Can we learn anything from a SWOT analysis?

Step 6 – Presenting Data Objective: To produce agreed, timely, reliable, and accurate reports for informed decision making and effective communication 40

Management Reviews Top Management must regularly review the service management system and services. The purpose of the review is to determine continued suitability and effectiveness of the targeted area. The review may include: • Assessment of improvement opportunities. • Assessment of SMS changes, including strategic and policy changes.

Service Reviews Service and Service Level Agreements are reviewed with customer at planned intervals

Continual Service Improvement Act

Step 7 - Implementation Data drive Decisions Objectives drive Priorities Necessity drive Implementation