Service Assets and Configuration Management

Overview

Assets

Asset is something that has financial value with a depreciation rate attached to it. It has a cost and organization uses it for its asset value calculation.

It doesn’t have direct impact on delivering services. Anything such as servers, buildings, blackberries, switches, routers etc. comes under assets.

Configuration Items (CIs)

Configuration item is subset of service assets and have direct impact on delivering services. All servers, networks, applications that have impact on production are known as configuration item.

Building is an asset but not CI. Document is a CI not an asset.

Hence Service Assets and Configuration Management (SACM) deals with maintaining up-to-date and verified database of all assets and CIs which are also made available to other service management processes.

• Configuration Manager is the process owner of this process.
• SACM uses Configuration Management System (CMS) which contains one or more Configuration Management Databases (CMDB).

CIs Types

CIs are categorized into six as shown in the following diagram −

Service Lifecycle CIs

Service lifecycle CIs gives clear picture on:

• Services
• How services will be delivered?
• What benefits are expected?
• Service cost

Service CIs

Service CIs refers to −

• Service model
• Service package
• Release package
• Service resource assets
• Service capability assets

Organization CIs

Organization CIs are internal to an organization but independent of the service provider.

Internal CIs

CIs which are delivered by individual projects are known as Internal CIs.

External CIs

External CIs refer to external customer requirements and agreements, releases from supplier and external services.

Interface CIs

These CIs are required to deliver end-to-end service across a Service Provider Interface (SPI).

Configuration Management System (CMS)

SACM uses Configuration Management System (CMS) which contains one or more Configuration Management Databases (CMDB). The database contains information associated with a CI such as supplier, cost, purchase date, renewal date for licenses and maintenance contracts and other related documents such as SLA etc.

There are also other attributes for Configuration Items such as −

• Unique Identifier
• CI type
• Name/description
• Supply date
• Location
• Status
• License details
• Related document masters
• Related software masters
• Historical data
• Relationship type
• Application SLA
• Service Assets and Configuration Process

SACM process comprises of following five activities −

• Management and Planning
• Configuration identification
• Configuration control
• Status accounting and reporting
• Verification and Audit

All of the above mentioned activities are described in the following diagram −

ITIL - Change Management

Introduction

Change in IT service refers to commissioning, decommissioning or up gradation of configuration of servers.

All changes are required to be implemented with minimum disruption of IT services.

Change Management process deals with following aspects while implementing a change −

• Study the adverse impact of change and minimize it
• Create and maintain change management process
• Prevent unauthorized changes in the environment
• Maintain record of all the changes
• Post implementation review of all changes

Change is not implemented by change management team rather it is implemented by a technical team. Change management team only review and approve the change.

Change Manager is the process owner of this process.

Key Points −

• Change manager is the person who approves the changes and closes it. He also checks whether it meets the desired result.
• Change coordinator raises changes
• Change coordinator has to send screen shots after the change in Post Implementation Report (PIR)

Objectives

Following are the several objectives of change management process −

Seven Rs of Change Management

These are the seven questions that must be answered for all changes. It helps to assess impact of changes and risk and benefit to the service.

Request For Change (RFC) is the key information source and the catalyst for the change activities of −

• Create and record
• Review
• Assess and evaluate
• Authorize
• Plan
• Coordinate
• Review
• Close

Each RFC will follow a certain change model that is suitable for the nature and type of change.

Change Models

There are basically three change models as listed below −

• Standard change Model
• Normal change Model
• Emergency change Model

Standard change model

This model is used for pre-authorized repetitive, low risk and well tested changes.

Normal change model

In this model any change must go through certain steps such as assessment, authorization, and Change Advisory Board (CAB) agreement before implementation.

Emergency change model

This change model deals with highly critical changes needed to restore failed high availability service failure.

Change Advisory Board (CAB) is a body to authorize the changes and assist change management in assessing and prioritization the changes.

ITIL - Project Management

Transition Planning and support (Project management) deals with planning the resources to deploy major release within predicted cost, time and quality estimates.

Project manager is the process owner of this process.

Objectives

The following diagram describes the several objectives of project management process −

The Service Transition Strategy considers several aspects to organize Service Transition and allocating resources −

• Purpose, goals, and objectives of Service Transition
• Framework for Service Transition
• Context, e.g. service customers, contract portfolios
• Criteria
• Organizations and stakeholders involved in transition
• People
• Approach
• Schedule for milestones
• Financial requirements

Planning an individual Service Transition

Service Transition plans describe tasks and activities required to release and deploy a release in to the test environment. It is good practice to deploy Service Transition plan from a proven Service Transition model.

Service Transition Plan also includes −

• Issues and risks to be managed
• Activities and tasks to be performed
• Schedules of milestones, handover and delivery dates
• Staffing, resource requirements, budgets, and timescales at each stage
• Lead times and contingency

Key Points −

• It is required to have integrated transition plans that are linked to lower level plans such as release, build and test plans.
• It is best practice to manage several releases and deployments as a programme, with each deployment run as a project.

Reviewing the Plans

It is required to verify the plans as and ask following questions before starting release or deployment −

• Have the plans been agreed and authorized by all relevant parties, e.g. customers, users, operations and support staff?
• Do the plans include the release dates, and deliverables, and refer to related change requests, known errors and problems?
• Has the service Design altered significantly such that it is no longer appropriate?
• Have potential changes in business circumstances been identified?
• Do the people who need to use it understand and have the required skills to use it?
• Have the impacts on cost, organizational, technical and commercial aspects been considered?
• Have the risk to overall services and operation capability been assessed?
• Is the service release within the SDP and scope of what the transition model addresses?
• 
  

ITIL - Service Transition Overview

Service Transition manages transition of a new or changed service. It ensures all changes to the service management processes are carried out in coordinated way.

Objectives

Sr.No.	Objectives
1	Provide a consistent framework for evaluating the service capability and risk profile before a new or changed service is released or deployed.
2	Establish and maintain the integrity of all identified service assets and configurations as they evolve through the service transition stage.
3	Plan and manage the capacity and resources required to package, build, test, and deploy a release in to production and establish the service specified in the customer and stakeholder requirements.
4	Provide efficient repeatable build and installation mechanisms that can be used to deploy releases to the test and production environments and be rebuilt if required to restore service.
5	Ensure that service can be managed, operated and supported in accordance with the requirements and constraints specified in service design.

Service Transition Benefits

Service Transition helps to improve several things as discussed below −

• Quick adaptability to new requirements
• Transition management of mergers, de-mergers, acquisitions and transfer of services
• Success rate of changes and releases for the business
• Success rate of changes and releases for the business
• Predictions of service levels and warranties for new and changed service
• Confidence in the degree of compliance with business and governance requirements during change
• Variation of actual against estimated and improved plans and budgets
• Productivity of business customer staff
• Timely cancellation or changes to maintenance contracts for software and hardware when components are decommissioned.
• Understanding the level of risk during and after change

Service Transition Processes

Here are the processes involved in Service Transition −

Sr.No.	Process & Description
1	Transition Planning and Support This process deals with management and control of transition plan.
2	Change Management This process ensures manage and control change management process. It also prevents any unauthorized change to occur.
3	Service Asset and Configuration Management (SACM) It maintains database for configuration items such as servers, switches, routers etc.
4	Release and Deployment Management This process deals with management and control of movement of releases to test and live environment.
5	Service validation and Testing This process deals with the quality of services offered.
6	Knowledge Management This process deals with gathering, storing, analyzing, and sharing knowledge.

ITIL - Supplier Management

Supplier Management deals with maintaining good relationship between suppliers and the partners to ensure quality IT services.

Supplier Manager is the process owner of this process.

Objectives

The following diagram shows several objectives of supplier management −

Supplier Management Process

The following diagram shows several activities included in Supplier Management −

Here are the activities involved in Supplier Management Process −

• Implantation and enforcement of the supplier policy
• Maintenance of an SCD
• Supplier and contract evaluation and selection
• Supplier and contract categorization and risk assessment
• Contract review, renewal and termination
• Development, negotiation and agreement of contracts
• Maintenance of standard contracts, terms and conditions
• Management of contractual dispute resolution
• Management of sub-contracted suppliers
• Agreement and implementation of service and supplier improvement plans

ITIL - Information Security Management

Information Security Management (ISM) ensures confidentiality, authenticity, non-repudiation, integrity, and availability of organization data and IT services. It also ensures reasonable use of organization’s information resources and appropriate management of information security risks.

Information Security Manager is the process owner of this process.

Information security is considered to be met when −

• Information is observed or disclosed on only authorized persons
• Information is complete, accurate and protected against unauthorized access (integrity)
• Information is available and usable when required, and the systems providing the information resist attack and recover from or prevent failures (availability)
• Business transaction as well information exchanges between enterprises, or with partners, can be trusted (authenticity and non-repudiation)

ISM Security Policy

It is required for ISM security policies cover all areas of security, be appropriate, meet the needs of business and should include the policies shown in the following diagram −

ISM Framework

ISM Process

The following diagram shows the entire process of Information Security Management (ISM) −

Key elements in ISM Framework

ISM framework involves the following key elements −

Control

The objective of Control element is to −

• Establish an organization structure to prepare, approve and implement the information security policy
• Allocate responsibilities
• Establish and control documentation

Plan

The purpose of this element is to devise and recommend the appropriate security measures, based on an understanding of the requirements of the organization.

Implement

This key element ensures that appropriate procedures, tools and controls are in place to underpin the security policy.

Evaluation

The objective of Evaluation element is to −

• Carry out regular audits of the technical security of IT systems
• Supervise and check compliance with security policy and security requirements in SLAs and OLAs

Maintain

The objective of Maintain element is to −

• Improve on security agreements as specified in, for example, SLAs and OLAs
• Improve the implementation of security measures and controls

Preventive

This key element ensures prevention from security incidents to occur. Measures such as control of access rights, authorization, identification, and authentication and access control are required for this preventive security measures to be effective.

Reductive

It deals with minimizing any possible damage that may occur.

Detective

It is important to detect any security incident as soon as possible.

Repressive

This measure is used to counteract any repetition of security incident.

Corrective

This measure ensures damage is repaired as far as possible.