IT frameworks

IT frameworks ITIL, CMMi, Cobit, eSCM 23 06 2007 http://youssoufchotia.info [email_address] What you can do with this document ? http://creativecommons.org/licenses/by-nc/3.0/deed.fr

Needs Why are you here ? What are your needs ? Why will you be satisfied ?

IT as matured and start industrializing IT frameworks flourished but few is getting mainstreamed COBiT, ITIL, CMMi and eSCM actualy fit the best the CIO needs CobiT : IT gouvernance Cmmi : Software delivering ITIL : IT as service mgt eSCM : Because (out)sourcing issue is irreversible « quality » issues => new kind of jobs in IT

Agenda Process mgt IT frameworks ITIL COBiT CMMi eSCM

No institution can possibly survive if it needs geniuses or supermen to manage it. It must be organized in such a way as to be able to get along under a leadership composed of average human beings. Peter Drucker 1 - Process mgt

Between specialisation and adaptation Static environment Mass production => Real need to improve production process => Taylorism Company is divided in highly dedicated functions for specialised people Changing environment Change as a principle => permanently adapting objectives of the company Focus on a customer vision (internal or end-user) What is your entity/company delivering ?

Functions 5 main functions Research and development Production Marketing and sales Human ressources Financial mgt Corporate mgt is not enough to create a synergy between people with very different objectives

Process examples Beyond the functions, what are the objectives ? External view : the customer What are the needs (explicit and implicit) ? What do we deliver ? Internal view : the organisation What is our added value ? Are we efficient in doing the product ? Process examples Neuf Telecom Devoteam

Process definitions Set of linked activities and controls done by humans or machines that creates value by transforming an input into a more valuable output

Responsibilities Process mgt More interactions with different functions Defining everybody’s roles is even more important RACI R: Responsible -> Realise A: Accountable -> Approve C: Consulted I: Informed

Objectives Specific Mesurable Acceptable Realisable With a Time objective Ex : We must improve our quality ! After the audit, we must lower the time of incident resolution by 30% in 3 monthes by affecting 2 people to this task S M A R T

Indicators You can’t improve what you can’t measure !

How to deal with a process KGI Key goal indicator Indicators to measure the results of your process KPI Key performance indicator Indicators to measure interactions inside your process KPI KGI

2 - IT frameworks Process mgt IT frameworks ITIL COBiT CMMi eSCM

History of IT organisations IT as a black box IT as a cost center IT as a profit center IT supporting business strategy IT driving innovation for the business

IT global trends IT needs industrialisation Reducing cost Improving security Reducing risks Becaming agile to support changing business strategy IT seen as a service IBM : 92 billion $ in 2006 : 40% by IBM global services ASP -> Application on demand -> SaaS Salesforce Service-now google mail : 50$ /user / year for 10Gb

Frameworks overview ISO27000 ISO14000 ISO20000 ISO9000 PRINCE2 PMP ABC ITIL COBiT eSCM Business IT CMMi Val IT Six sigma COPC-2000 IT scorecard Balance scorecard

The tetralogy IT tetralogy ITIL COBIT CMMi eSCM ITIL COBiT eSCM CMMi Wagner tetralogy The Rhinegold The Valkyrie Siegfried Twilight of the Gods

IT house Support process Solution CMMi Operation ITIL ISO20000 Governance COBiT PROJECT : PMI, Prince2 SOURCING : eSCM

Frameworks global trends Maturity approach Progressive steps to achieve the entire scope Deming’s « Plan Do Check Act » cycle Continual improvement Life cycle approach Adressing specific needs at different moments

Maturity Level 1 : Initial (chaotic, ad hoc, heroic) the starting point for use of a new process. Level 2 : Repeatable (project management, process discipline) the process is used repeatedly Level 3 : Defined (institutionalized) the process is defined/confirmed as a standard business process. Level 4 : Managed (quantified) process management and measurement takes place. Level 5 : Optimised (process improvement) process management includes deliberate process optimization/improvement.

Frameworks overview : functions map Business IT Solution Operation COBiT ITIL CMMi eSCM

Frameworks overview : abstraction / diffusion All companies IT High abstraction COBiT ITIL CMMi eSCM Low abstraction Software company Big corporation

Frameworks history 1991 COBiT V1 1996 2002 2000 2005 2006 2007 2004 1994 COBiT V4 ITIL V1 ITIL V2 ITIL V3 CMM CMMi eSCM-CL eSCM-SP COBiT V3 ISO20000 CMMi 1.2

Defining a service 3 Technology SERVICE 1 Process 2 Organisation S P O T

3 - ITIL Process mgt IT frameworks ITIL COBiT CMMi eSCM

2 - ITIL IT infrastructure library

Certification ITIL Certification Management Board OGC : Office of Government Commerce (UK) IT Service Management Forum EXIN (Netherlands) ISEB (UK ) Levels Foundation Certificate : the basics Practitioners Certificates : for a specific topic Managers Certificate

Service support Concerning the accessibility of users to the appropriate services Service Desk Incident Management Problem Management Configuration Management Change Management Release Management

Service delivery Concerning proactive and forward-looking services for the business requirements Service Level Management Capacity Management IT Service Continuity Management Availability Management Financial Management

ITIL adoption Step1 : large and quick adoption Quickwins industrialisation Step2 : slow and focused adoption Maturity process assessment Justification and ROI to go beyond ITILV3

ITIL adoption : step 1 IT state Focused on itself : server, storage, network, … Silos centric , no process management ; No industrialized methods ITIL response Client centric Process oriented Industrialized methods Common language for the IT world

ITIL adoption : step 2 IT state Large adoption of service support process Starting maturity assement No more quick wins Why investing more on ITIL best practices ? ITIL V3 response Back to the ROI Alignement with business priorities and IT governance (COBIT)

ITIL V3 Service Strategies Service Design Service Transition Service Operation Continual Service Improvement 3 differences Strategies, life cycle and PDCA

What’s new Security mgt more detailed (cf ISO27000 ) CLOSELY LINKED Access and security mgt Release and deploy mgt Service asset and configuration mgt Risk and testing mgt Request management Supplier and contrat mgt (cf eSCM) Knowledge mgt system Service catalogue mgt out of service level mgt …

4 - COBit Process mgt IT frameworks ITIL COBiT CMMi eSCM

Definition Control Objectives for Information and related Technology IT governance IT audit Information System Audit & Control Association ( ISACA ) 1996 4 domains 34 high level objectives 318 control objectives categorized

IT governance What the company wants Effectiveness Confidentiality Availability Efficiency Reliability Integrity Compliance What CIO can action People Information Applications Infrastructure Control between business needs and IT operations

Plan and Organize PO1 Define a Strategic IT Plan and direction PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Processes, Organization and Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims and Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage IT Risks PO10 Manage Projects PO11 Manage Quality

Acquire and Implement AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes

Deliver and Support DS1 Define and Manage Service Levels DS2 Manage Third-party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations

Monitor and Evaluate ME1 Monitor and Evaluate IT Processes ME2 Monitor and Evaluate Internal Control ME3 Ensure Regulatory Compliance ME4 Provide IT Governance

IT audit Process audit using CobiT Understand how a process contributes to the business needs Assess effectiveness of the controls Test if controls are done consistently Assess the risk if objectives are not met

CobiT quickstart Simple self assessment tool for small companies Basics controls 34 -> 32 process 318 -> 62 activities / detailed controls

5 - CMMi Process mgt IT frameworks ITIL COBiT CMMi eSCM

Definition Capability maturity model integrated Funded by the US Air Force Objective = evaluation of software subcontractors. Study at the Carnegie-Mellon Software Engineering Institute Model for managing software process published in 1989

Process area and capability levels

Goals for each of 22 process Generic goals and practices are a part of every process area. L2 Institutionalise a Managed Process GP 2.1 Establish an Organizational Policy GP 2.2 Plan the Process GP 2.3 Provide Resources GP 2.4 Assign Responsibility GP 2.5 Train People GP 2.6 Manage Configurations GP 2.7 Identify and Involve Relevant Stakeholders GP 2.8 Monitor and Control the Process GP 2.9 Objectively Evaluate Adherence GP 2.10 Review Status with Higher Level Management

Configuration Management (CM) CM : establish and maintain the integrity of work products using configuration identification, configuration control, configuration status accounting, and configuration audits. SG 1 Establish Baselines SP 1.1 Identify Configuration Items SP 1.2 Establish a Configuration Management System SP 1.3 Create or Release Baselines SG 2 Track and Control Changes SP 2.1 Track Change Requests SP 2.2 Control Configuration Items SG 3 Establish Integrity SP 3.1 Establish Configuration Management Records SP 3.2 Perform Configuration Audits

Measurement and Analysis (MA) L2 Develop and sustain a measurement capability that is used to support management information needs. SG 1 Align Measurement and Analysis Activities SP 1.1 Establish Measurement Objectives SP 1.2 Specify Measures SP 1.3 Specify Data Collection and Storage Procedures SP 1.4 Specify Analysis Procedures SG 2 Provide Measurement Results SP 2.1 Collect Measurement Data SP 2.2 Analyze Measurement Data SP 2.3 Store Data and Results SP 2.4 Communicate Results

Process and Product Quality Assurance L2 Provide staff and management with objective insight into processes and associated work products. SG 1 Objectively Evaluate Processes and Work Products SP 1.1 Objectively Evaluate Processes SP 1.2 Objectively Evaluate Work Products and Services SG 2 Provide Objective Insight SP 2.1 Communicate and Ensure Resolution of Noncompliance Issues SP 2.2 Establish Records

Project Planning (PP) L2 Establish and maintain plans that define project activities. SG 1 Establish Estimates SP 1.1 Estimate the Scope of the Project SP 1.2 Establish Estimates of Work Product and Task Attributes SP 1.3 Define Project Life Cycle SP 1.4 Determine Estimates of Effort and Cost SG 2 Develop a Project Plan SP 2.1 Establish the Budget and Schedule SP 2.2 Identify Project Risks SP 2.3 Plan for Data Management SP 2.4 Plan for Project Resources SP 2.5 Plan for Needed Knowledge and Skills SP 2.6 Plan Stakeholder Involvement SP 2.7 Establish the Project Plan SG 3 Obtain Commitment to the Plan SP 3.1 Review Plans that Affect the Project SP 3.2 Reconcile Work and Resource Levels SP 3.3 Obtain Plan Commitment

Pros of CMMi L2 / L3 Creation of Software Specifications, stating what is going to be developed, combined with formal sign off, an executive sponsor and approval mechanism. This is NOT a living document, but additions are placed in a deferred or out of scope section for later incorporation into the next cycle of software development. A Technical Specification, stating how precisely the thing specified in the Software Specifications is to be developed will be used. This is a living document.

Pros of CMMi L2 / L3 Peer Review of Code (Code Review) with metrics that allow developers to walk through an implementation, and to suggest improvements or changes. Note - This is problematic because the code has already been developed and a bad design can not be fixed by "tweaking", the Code Review gives complete code a formal approval mechanism. Version Control a very large number of organizations have no formal revision control mechanism or release mechanism in place. The idea that there is a "right way" to build software, that it is a scientific process involving engineering design and that groups of developers are not there to simply work on the problem

Dangers Relying only on process with a top down vision Low creativity Low motivation Only procedures Lack of responsibilities

CMMi facts 3 years to go from level 1 to level 3 L2 assessemnt of projects (same method) change of customer requirements Mgt Assessing all the consequences in the planning Indicators of produictivity, bugs, spec, … L3 assessement of all the entity

CMMi certified French IT provider (10 to 20) Atos, CapGemini, Steria, Unilog, SQLI CMMi 3 or 4 100 indian companies at CMMi 5

6 - eSCM Process mgt IT frameworks ITIL COBiT CMMi eSCM

Definition e Sourcing Capability Model eSCM SP : Service Provider Can our provider outsource reach my expectations and add value to my contract ? eSCM SC : Service Client Do I have the maturity to outsource ?

Why eSCM ? We can’t manage an outsourcing contrat only with contractual indicators … Not enough transparency !

eSCM model overview 3 dimensions to deal with Differents skills to assess at each step Different steps of the contract Initialisation, Operation, Ending Diffrent level of maturity 1 to 5

Domains Generic skills Knowledge mgt HR mgt Performance mgt Relations mgt Technology mgt Risks mgt Specific skills Contract mgt Service design Service mgt Reversibility

IT frameworks

More Related Content

What's hot (20)

Similar to IT frameworks (20)

Recently uploaded (20)

IT frameworks