ISO, ITIL and COBIT triple play fosters optimal security management execution

Home Source: http://www.scmagazineuk.com/ISO-ITIL-and-COBIT-triple-play-fosters-optimal-security-management-execution/article/108620/

This information is a survey which about security professionals conducted for the recent research report Security Management Matures, ESG. The survey materials are the organizations with 1,000 or more employees, and what kind of the commercial frameworks which include ITIL, Cobit, ISO implement in the organization.

ESG discovered that 72 percent of North American enterprise-class organizations say they are implementing one or more formal IT best practice control and process models.

Among survey participants, 18 percent have simultaneously implemented ITIL, ISO and COBIT. Of those implementing just one set of standards, ITIL is the most frequently selected (16 percent) followed by ISO (11 percent). A significant 17 percent have not implemented any type of framework at this time. An additional 20 percent have implemented other best practices or did not know whether their organization used these types of frameworks.

Over three-quarters (76 percent) of the organizations implementing all three sets of guidelines indicate that demands to comply with external regulations were very influential in defining their security management requirements during the past year. In contrast, only 44 percent of those implementing ITIL alone and 51 percent of those with no frameworks in place felt the same way.

For those organizations implementing all three best practices guidelines, the data reveals that regulatory pressures impact multiple business activities, as these organizations are required to comply with diverse regulatory requirements, such as Sarbanes-Oxley, PIPEDA (Personal Information Protection and Electronic Documents Act, Canada), FISMA (Federal Information Security Management Act), HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standard). Across all of these different regulatory requirements, organizations implementing all three sets of best practices guidelines are significantly more likely to be subject to those requirements than are organizations with a lesser number of best practices frameworks currently in place.

Combined, these forces require organizations to promote extensive and ongoing communication, cooperation and reporting capabilities across information security groups, data center operations teams, e-mail administrators, facilities, human resources and other business groups in order to assure that information security control policies are implemented consistently across the business. By combining the detailed security specifications from ISO, IT operations and cross-IT workflow integration best practices from ITIL, and governance and control models from COBIT, the most sophisticated firms are able to address the full range of compliance and audit requirements set before them by government and industry compliance mandates.

ESG found interesting relationships between an organization's degree of implementation of security and governance standards and the amount of cooperation between different IT groups within that organization. Organizations implementing all three sets of best practices recommendations are most likely to report significant levels (62 percent) of cooperation between IT operations and information security groups, compared with 56 percent of those implementing ITIL only and just 46 percent of those that have not implemented any frameworks. Interestingly, those organizations that have not implemented any frameworks are most likely to have merged IT operations and information security groups (29 percent), compared to just 14 percent of those implementing multiple frameworks.

In my opinion, this time I understand more about why company implement more then one standard in the organization. Because of the complex requirement across business, security and IT teams, in facts these three groups are work together. As common sense, IT is support the business, but IT services can not without the security. As the summary which ESG made, inducts ITIL, ISO and COBIT for compliance requirements on governance, operational process and information security policy integration.

Alphabet Soup: Cobit, ITIL and ISO

Home Source: http://www.csoonline.com/article/221411/Alphabet_Soup_Cobit_ITIL_and_ISO

This information is about Malcolm Wheatley interview an Expert Gary Hardy, Hardy is an adviser to both the IT Governance Institute and the Information Systems Audit and Control Association (ISACA), he having been a member of the latter for more than 25 years.

The content of the interviewing is about this question “How do Cobit and ITIL differ ?” Hardy answer is “Cobit [control objectives for information and related technology], the last version is the fourth release was lunched at November 2005, it is a high-level set of objectives with management and assurance tools for overall IT governance. People call it a standard, but it is not a framework. ITIL a set of best practices is mostly focused on service delivery and service management, the delivery of IT services in terms of the processes that should be followed.” Hardy also explained people say that Cobit is what you should do, and ITIL is how you should go about doing it—accepting that ITIL has a narrower scope.

Malcolm Wheatley asked again about how does ITIL's approach to security issues? Hardy answer is “ITIL talks about security, but mostly in the context of service delivery. Frankly, security isn't really what ITIL is focused on, it's not its core strength, and it's not what people go to ITIL for.”

Malcolm Wheatley asked the last question about how Cobit approaches to security issues. Hardy explained this Cobit has always been security-oriented, and at a high level sets out what should be done about security which the things that security should focus on. Cobit provides a set of objectives and guiding principles.

In my opinion, if the company’s character is service oriented, it is better using ITIL framework on the certification for their services quality. Such as Acer eDC. If an organization or company focus on the security aspect, they should take the Cobit standard. As the expert Hardy explained Cobit is focus on the security-oriented which the things should be done about security. If Cobit standard not popular at the location, ISO17799 may be another selection. Enterprise can choose the standard for they needed.

ITIL V3 Certification

Home Source:
http://www.itil-officialsite.com/Qualifications/ITILV3QualificationScheme.asp
http://www.itil-officialsite.com/Qualifications/ITILV3CreditSystem.asp

For the ITIL version 3 Certification, there have five core subjects which include Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. Each core subject covers the knowledge next:

Service Strategy
– Value Creation
– Business Fundamentals of services
– Service Provider Types
– Service Structures
– Service Strategy Processes
– IT Financial Management
– Service Portfolio Management
– Demand Management
Service Design
– Service Design Principles
– Service Design Processes
– Service Catalog Management
– Service Level Management
– Capacity Management
– Availability Management
– Service Continuity Management
– Information Security Management
– Supplier Management
– Application Management
– Requirements Engineering

Service Transition
– Service Transition Principles
– Service Transition Processes
– Change Management
– Configuration Management System
– Service Asset and Configuration Management
– Knowledge Management
– Service Releases Planning

Service Operation
– Service Operation Principles
– Service Operations Processes
– Event Management
– Incident Management
– Problem Management
– Service Request Management
– Functions (Detailed Information for each)
– Service Desk
_ Technical Management
_ IT Operations Management
_ Applications Management

Continual Service Improvement
– Continuous Improvement Fundamentals
– Continuous Improvement Principles
– Continuous Improvement Models
– Measurement and Control
_ Measurement
_ Benchmarking
_ Reporting
– Implementation Consideration
– Service Level Management

There are four levels certification for ITIL version 3

• Foundation Level.
• Intermediate Level (Lifecycle Stream & Capability Stream) .
• ITIL Expert.
• ITIL Master.

Foundation Level
The Foundation Level focuses on knowledge and comprehension to provide a good grounding in the key concept, terminology and processes of ITIL.

Intermediate Level
There are two streams in the intermediate level. Both assess an individual's comprehension and application of the concepts of ITIL. Candidates are able to take units from either of the intermediate streams, which give them credits towards the diploma.

• Intermediate Lifecycle Stream - 5 individual certificates built around the five core OGC books: Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement.
• Intermediate Capability Stream - 4 individual certificates loosely based on the current V2 offerings but broader in scope in line with the updated V3 content.
  

ITIL Expert

To achieve the ITIL Expert in IT Service Management, candidates must successfully complete, in addition to the Foundation Level, a number of intermediate units and the Managing Through The Lifecycle capstone course. This course brings together the full essence of a Lifecycle approach to service management, and consolidates the knowledge gained across the qualification scheme.

ITIL Master
This level of the qualification will assess an individual's ability to apply and analyse the ITIL concepts in new areas. This higher level qualification is currently under development.

Relationship Between Version 3 & Version 2
Individuals with existing ITIL v2 qualifications can use those qualifications as credits towards the Expert or may find that the credits or qualifications they hold will make them eligible for the current v3 Bridging routes.

Foundation level - There is a short bridging course which covers the differences between v2 and v3 and allows someone to take an exam to demonstrate their understanding of the ITIL v3 approach.

ITIL v2 Practitioner qualifications count towards the ITIL Expert in Service Management. Depending on whether an individual holds a single topic certificate or a clustered certificate the credits will vary.

Any ITIL v2 Service Manager who wishes to gain the v3 Expert Level can take a bridging course and must pass the v3 Managers Bridge examination. The course covers the new concepts within ITIL v3 and fully integrates the benefits of the Lifecycle approach.

In my opinion, the ITIL version 3 certification is quite difficult than version 2. I can understand the version 3 qualification higher than version 2. If candidates don’t have the version 2 certification and then jump to the version 3, it is a huge challenge. Because the version 3 concepts are base on the version 2 and extending. Without the version 2 knowledge and then take the version 3 certification which has a high risk on failed examination. It is waste time and money. I don’t thing that investment is make sense. I believe the best strategy is holding the version 2 certification and then upgrade to version 3.

Risk? Survey Shows Information Technology Infrastructure Library (ITIL) Benefits Are Exclusive

Home Source: http://www.riskcenter.com/story.php?id=16186

According to a recent compass survey about the global adopter’s experience on ITIL framework inducts to the organization. The information is referring to Gregory Beat’s report.

The survey comprises 70 responses from executives with organizations from at least eleven different countries. Of the respondents, 82 percent started their ITIL implementation program at least eighteen months beforehand and should therefore be qualified o comment on their ITIL processes and the benefits that their ITIL program is delivering.

Respondents were asked to categorize the maturity of eight core ITIL processes which includes Incident, Change, Problem, Service Level, Continuity, Availability, Configuration and Capacity. The results from these responses (Established, Mature, and World Class) shows Incident Management (90%) to be the most mature and Capacity Management (35%) to be the least mature of ITIL processes. Of potential concern to executives is the finding that Configuration Management (40%), widely accepted as the underpinning of all other core ITIL processes, is regarded as less mature than almost all others.

Respondents were then asked to describe their level of confidence that their ITIL program is delivering tangible improvements in IT performance:
Unsurprisingly, respondents expressed a relatively high degree of confidence about 67% (Fully Confident 31%, Fairly Confident 36%), just 20% response Some Confidence and 13% feeling Little Confidence / Don’t know.

Interviewer then asked executives how well they measured the maturity of their ITIL processes. Only 4 percent of respondents felt able to say that all of their ITIL processes were fully measured for maturity, 28 percent for all ITIL processes some measured, and 55 percent felt able to say that some processes were some measures. About 13 percent were no measures for all ITIL processes.

Respondents were asked to define how well their organizations could measure the impact of process maturity on performance improvement. Surprisingly, only 9 percent of respondents (six out of seventy) felt able to say that the relationship was based on full measures, fully linking process maturity with performance. Seventy-two percent felt unable to acknowledge any linkage at all between process maturity and performance improvement.

As the result, what I can see this most adopter still standing on the ITIL induction, some adopter just start, some started for few months and no more adopter finished the whole processes on IT services improvement . Because the implementation process takes times typically, that represents on training, documentation, tools integration and such. As people take time to adapt the enterprise culture change as well. As a common sense one-size can not fit all the audiences on using the best-practice guidelines increase the efficiency of service management. Enterprise should establish a baseline on the performance improvement, and review it on schedule. Reduce the risk of failure. The benefits not appear to give results in terms of cost saving immediately; it will certainly bring about long-term business benefits.

The Top 10 Strategic Benefits of ITIL

Home Source: http://www.cmpp.net/CMS/Media/Docs/ITIL/The%20Top%2010%20Strategic%20Benefits%20of%20ITIL.doc

According to the Introductory Overview of ITIL, the itSMF provides examples of figures from their research detailing some of the improvements business are experiencing every day:

• More than 70 percent reduction in service downtime
• ROI up by more than 1,000 percent
• Savings of nearly $200 million annually
• 50 percent reduction in new product cycles

For the example figures, how can we get those benefits from the planning? The following top 10 strategic benefits of ITIL is coming from the CMPP, with those strategic may be help the adopter have a direction where they can get the benefits from the improvements of business. The content of the 10 strategic benefits of ITIL as next:

1. Provides a single, definable, repeatable, and scalable documented framework for IT best practices that flows across the IT organization.
2. Clearly identifies roles and responsibilities for IT Service Management.
3. Supports reducing IT costs and justifying the cost of IT quality.
4. Supports ability of IT to measure and improve internal performance and service provisioning.
5. Defines IT in terms of services rather than systems.
6. Supports improvement of user productivity.
7. Improves communication and information flows between IT and organization business departments.
8. Provides a framework for IT to support regulatory challenges.
9. Improves ability of IT to adjust as business opportunities and challenges are presented.
10. Improves relationship of IT with the business – builds trust.

In summary, the ten points is a good idea which let the adopter realize which area they can get the benefits if inducts the ITIL standard to the organization. Are the figures of benefit always come true? I don’t think so. Because of the figures are references. How much the adopter would have? That will depend on the adopter’s execution ability during the ITIL induction. As we know there are many factors which will affect the final result. Different gains on different industry. However, I believe adopter will have the reaping on the days.

ITIL V3 Foundation Overview Diagram

Home Source: http://www.zyworld.com/geoffharmer/ITIL_V3_Foundation_Overview_Diagram_V3.2.pdf



For the last version of ITIL version 3 which have five core area which includes Service Strategy, Service Design, Service Operation and Continual Service Inprovement. But what is the relationship between that five core subjects with people, processes, products and partner's knowledge? It is so complicated and challenged with few words to descript those scenarios. If we don't have the real case experiences, how can we draw up that diagram? What can I say? It is an impossible mission. Fortunately, I found that diagram from Zyworld web site. It is very useful for people understand the relationship between people(users), processes(five core subjects), products(CMDB, SKMS) and partners(outsource or in-house design). With this diagram help, it is more easilt to understand the ITIL version 3 objectives.

ITIL Certification

Home Source: http://gllig.org/docs/ITIL_Certification_Presentation.ppt

Here list some information that about the ITIL certification. The information comes from the Great Lakes LIG’s ITIL Certification Presentation. According to the presentation, both company and employee will have the benefits when they get the ITIL certification. The benefits of ITIL certification includes two parts, one is the company. Other one is the employee. What are the benefits for the company and employee? The answer as following:

Benefits to Company:

• Certification provides an objective demonstration of the Company's breadth and currency of knowledge, which builds credibility and provides the competitive edge.
• Measurable improvement in product and service quality.
• Fosters customer confidence based on evidence of qualifications and suitability for the projects.
• Benchmarks IT skill sets possessed by its employees

Benefits to Employees:

• Certification provide a highly effective and practical way to:Gain additional knowledge and skills to perform current job more effectively.
• Acquire third party validation of knowledge and skills.
• Common understanding of Industry standards and terminology.
• Professional recognition and networking with other professionals.

ITIL Certification Providers

EXIN - The National Exam Institute for Informatics (Netherlands)

ISEB - The Information Systems Examination Board(UK)

Types of ITIL Certification

Foundation - Fundamental Level. Basic Understanding of the ten ITIL Service Delivery and Service Support processes and the Service Desk.

Objective: - Introduce knowledge and understanding of IT Service Management concepts and terminology, and insight into the applicability of IT Service Management.

Suitable for: - All personnel who wish to become familiar with the best practices of ITIM as defined by OGC ITIL guidelines.

Exam Qualification requirements:
No Formal entry requirements
Some experience in IT

Exam Format:
Closed book Multiple Choice
40 questions on Service Delivery Service
Support and Service Desk

Exam Duration: 1 hour

Exam Assessment:
Required to score 65% to pass (26 out of 40)

Cost:
Training Cost: $ 200 to $ 2500 approx
Exam Fee: $ 135 USD

Practitioner - In-depth understanding of one of the ten ITIL process areas

Objective: - Provide the knowledge and skills necessary to plan, implement and execute the IT Service Management processes.

Suitable for: - Person with responsibility for the definition, execution and maintenance of a specific ITSM process or processes in the Organization.

Exam Qualification Requirements:
Demonstrate one years experience in Practice area
Attend accredited course and complete in-course assignment
Hold Foundation Certificate in ITSM
Exam Format:
Closed book Multiple Choice
25 questions based on Case Study
Exam Duration: 1 hour

Exam Assessment:
Combined total score of 65% to pass (50 % of In-course Assignment & 50% of Exam score)

Cost:
Training Cost: Approx $ 2500 approx
Exam Fee: $ 160 USD

Manager (Masters) - Broader understanding of all ten processes and the Service desk function

Objective: -Provide the knowledge and skills necessary to plan, implement and execute the IT Service Management processes.

Suitable for: - Person with responsibility for the definition, execution and maintenance of a specific ITSM process or processes in the Organization.

Exam Qualification Requirements:
Demonstrate one years experience in Practice area
Attend accredited course and complete in-course assignment
Hold Foundation Certificate in ITSM

Exam Format:
Two Closed book essay exams based on Case
Study (Paper 1 Service Support, Paper 2
Service delivery)

Exam Duration:
3 hours each in a period of 24 hours

Exam Assessment:
Achieve a total score of 50% or more in both of the written exams)

Exam Offered in:
January, April, July, October

Cost:
Training Cost: Approx $ 6000 – 10,000 approx
Exam Fee: $ 360 USD

In my opinion, the ITIL certification is quite useful in the world. No worries where come from, each professional have the same language on the communication as well as working together. Those exams also take many times to prepare. Before we get the benefits, we need to pay much money on the training and examination. The total cost also expensive. That could be another long-term investment. I believe the result is excellent when we have the certification.

ITIL implementation checklist

Home source: http://www.cce.umn.edu/pdfs/CPE/ITIL/Preflight_checklist.pdf

The following information is a checklist which comes from the University of Minnesota. The checklist used for the preparing of ITIL induction. Checklist includes eleven items which provided for somebody who consider before the ITIL implementation. The checklist’s content as following:

Organizational Support
The following organizational entities are aware of ITIL and are supportive of its goals:

1. CEO / President
2. CIO / CTO / VP of IT Operations
3. CFO / VP of Finance
4. IT Managers
5. Business unit Managers
6. Board of Directors
7. Union representatives

Baseline Assessment

1. A baseline assessment has been administered to measure the organization’s current compliance with ITIL processes, with a gap analysis that indicates areas of deficiency.
2. The organization has administered a survey of the IT department’s internal customers and users to determine a current level of satisfaction with the services it provides.

Scope of Implementation

1. The organization has determined which of the 11 ITIL processes / functions it plans to implement, in which sequence, and has created a timeframe for doing so.
2. A specific implementation maturity level has been agreed upon for each of the processes that are to be adopted. Stages of implementation include:

• Initial: The process is recognized but there is little or no process management activity.
• Repeatable: The process is recognized and is allocated little importance, resource or focus within the operation.
• Defined: The process is recognized and is documented but there is no formal agreement, acceptance nor recognition of its role within the IT operation as a whole.
• Managed: The process is fully recognized and accepted throughout IT, it is service focused with objectives and targets that are based on business objectives and goals.
• Optimized: The process is fully recognized and has strategic objectives and goals aligned with overall strategic business and IT goals.

Training Strategy

• A budget for training and certifying the staff has been created and approved.
• The staff that is to receive ITIL Foundation training has been identified.
• The staff that is to receive ITIL Practitioner training has been identified.
• The staff that is to receive ITIL Manager training has been identified.
• A training vendor has been selected.
• A training schedule has been created.
• An organizational change management strategy has been implemented.

Certification Strategy

• The number of staff to be Foundation certified has been established.
• Provisions have been made for purchasing and administering the Foundation exam.
• Provisions have been made for purchasing and administering the Practitioner exams.
• Provisions have been made for purchasing and administering the Manager exam.
• A policy has been established to accommodate participants who fail the exam.

Staffing

• Process owners have been identified for each ITIL process to be implemented.
• Key staff members have been empowered to carry out the implementation process.
• A CTO, VP of IT operation or other staff person has been selected to be responsible for overall implementation of IT Service Management.

Communication

• An ITIL implementation vision has been created, endorsed by upper management, and communicated to all stakeholders.
• A series of information sessions have been scheduled to apprise staff of the purpose and benefits of implementing ITIL.
• The Service Desk has established a procedure to provide regular updates to all internal customers regarding usage, trends and customer satisfaction ratings, either via email or the Intranet.

ITIL Resources

• Sufficient copies of the ITIL Service Support and Service Delivery books have been acquiredand are available in the organization’s resource center.
• An on-line version of these books, including a multi-user license, has been acquired and isaccessible to employees via the organization’s Intranet or other file server.
• An organization membership to the local itSMF (IT Service Management Forum) has been established.
• Mentoring and consulting by a peer organization has been arranged.

Reporting and Record Keeping

• The IT department is prepared to publish a catalog of the services they provide internal customers, with prices based on differing levels of service.
• A CMDB (Configuration Management Database) exists, is regularly maintained, representsan accurate inventory, and captures the data necessary to be an effective tool for those ITIL processes that depend on it.
• Service Level Agreements (SLAs) have been created between the IT department and its internal customers and users, and are published in clear, non-technical language.
• Underpinning contracts between the IT department and external vendors are in place, written so as to be clearly understood, and renewed on an annual basis.
• Business continuity and disaster recovery plans have been created by the organization (not a vendor) that are current, simple, and detail the steps necessary to recover from unforeseen or difficult circumstances.
• A liaison has been established between the business units and the IT department to assure compliance with regulatory requirements such as Sarbanes-Oxley.

Measurement and Assessment

• The Service Desk maintains records of all calls and their resolution, and publishes these regularly.
• A set of metrics, based on a recognized business measurement philosophy such as the Balanced Scorecard©, is in place to capture and analyze IT service management processes and their interrelationships.

Assuring On-Going Success

• An organizational change management class has been scheduled to provide the necessary training to key staff.
• An IT process improvement team has been established to monitor progress of ITIL implementation.
• ITIL terminology has been incorporated into the staff’s annual performance plan, with incentives for employees who suggest improvements in the IT service management.

In my opinion, the checklist is a very good material which provides a direction for the adopter to evaluate the organization current state is ready or not to induct ITIL framework to the organization. The eleven items in the checklist should help the enterprise avoid the mistake or missing the consideration whether components which they forget. I can not find this checklist which variable at other consultant company web site. May be that is a secret weapon for the consultant company as well.

ITIL: 10 deployment mistakes

Home Source: http://searchcio.techtarget.com/news/article/0,289142,sid182_gci1304412,00.html

In Guglielmo article, he addressed the following 10 biggest mistakes that could IT organizations make during the first year of an ITIL implementation. If enterprise make whether mistake, that will affect the successful on ITIL implementation. The content of the 10 mistake as next:

Mistake No. 1: There is no vision. No one is sure of what is happening with ITIL and there are no clear answers.
Mistake No. 2: Top-down commitment isn't necessary. The project can be infiltrated via middle management.
Mistake No. 3: We don't need a business case. We know why ITIL is important and why we're doing it.
Mistake No. 4: We don't need an initial baseline. Let's just get started.
Mistake No. 5: ITIL is not a strategic project, so we can use existing resources to implement it.
Mistake No. 6: We don't need a communications strategy. A few emails and a kickoff meeting will suffice.
Mistake No. 7: We don't need an overall process strategy. Different process teams can do their own thing and we'll worry about process integration later. Let's just get it done.
Mistake No. 8: We'll start with a new tool and build processes around that later.
Mistake No. 9: Unmanaged scope creep. Manage growth as you go along.
Mistake No. 10: We don't expect much resistance to ITIL. We'll just tell them what to do.

As Guglielmo said, “organizations often make mistakes within the first year of an ITIL implementation, and that's normal.” If enterprise understands their direction is wrong early, and brings the project back on track. That may not too bad. If they don’t know, just waste time and money.

In my view, enterprise made those mistakes because of poor analyzes on the business needs, weak project management and communications. Also enterprise doesn’t really concentrate on the ITIL induction. Those mistakes could take the business down. Because something been changed that situation can not be reverse again. So, enterprise can avoid those mistakes happened in the organization, therefore they has to take the IT services assessment first, and then make a decision on which part allow the enterprise start the changing first then following. Do the ITIL induction step by step. The benefits can see easily.

NYLI: IT environment more maturity, the value which more considerable.

Home Source:
http://app.digitimes.com.tw/print.aspx?zNotesDocId=0000077689_B8Q6997A3572UR8LPEQOI

The following information which comes from the reporter Geng Huiru's reported.

Several year ago, the goal of system induction is for increases the work performance and helps the company reduces the operation cost. But IT already became an essential and auxiliary item indirect on the operation activity today, any new system induction, changing, that already could not ponder only for increase business operation effective. Because of the stakeholder, “profits” and “efficiency” is their most important goal. IT manager understands that is most important which besides reduce the cost and how to create the competition for the company based on the system.

Now IT department must pay attention not only on system induction, they should know how to penetrate the intelligent method, integrate and make it properly between the systems.

At present New York Life Insurance information service department altogether has 40 people, 30 people are responsible for the system development; Other 10 people are responsible to maintain the foundation construction, including: The database, the networking, equipment maintenance service, server room operation and such. Many people thought that only inducts the application system can increases the competition. In term of Qingtong’s opinion, both groups are important on the application system and foundation construction maintenance work, although 2 group’s manpower is disparate. Therefore, New York Life Insurance planning inducts ITIL’s Help Desk and the related flow in 2008.

In many person of cognitions, ITIL Induction is a huge project, generally only big size enterprise will have, because SLA has the very high level requirement, therefore inducts ITIL into the business processes. For New York Life Insurance such ordinary scale of company why care on the SLA? This is because I believed that IT needs to create the automated support system.

Now our regional of business unit's equipment requests for repairing, is apply the demand by the telephone call. Take care this business by 4 personnel working on IT unit, these 4 colleagues must support the front end approximately 300~400 users, the work load are very heavy. It is very difficult to subscribe their KPI on measuring their performance. Therefore Qingtong thought that is necessary on building a regulation and systematization maintenance flow and appraises the suitable responding. Also lets them know what must achieve according to the regulation. On the other hand, the automated working flow may let the user confide on IT department. As a result of New York Life Insurance has about 200 exterior points in Taiwan each region. Many exterior point only have 1~2 colleagues, if the company can create the unification and automation on equipment repairing working flow, these exterior point colleagues can under the standardized work flow to fixing the problem quickly, even without the IT the person assistance.

In this case, what I am understand that is very hard on IT service quantity measuring, inducts ITIL to let the achievements can be appraised. There is no doubt on the important of IT services, but in current stage profit is the key. Those ideas are happened in most high level management. I am not worried about that, because it is natured in the real world.

Mr. LDAP: The data centre management automation is the first step on ITIL successful

Home Source: http://www.ithome.com.tw/itadm/article.php?c=44140

One of LDAP initiators, Opsware’s CTO Timothy A. Howes believed that data centre management automated in the future, which will be the important component for all enterprise’s application.

He pointed out that similar ITIL framework establishment, if it does not have the automated management tool support, the enterprise will be very difficult to succeed. Along the enterprise's equipment more and more, the automated management's procedure is more important.

He believes that the data centre automated management is the most important factor. Generally the reason on enterprise defeat ITIL's induction, because of the user does not follow the standard which the enterprise formulates. The enterprise writes down a thick standard, gives the user it, but very difficult to request the user to follow this standard completely. But the data centre automation management's tool, it can actually achieve the function on user management to follow these standards truly. Therefore I thought that the enterprise needs to make the first step on ITIL, besides understood what application need to be manage, how many entities and visual equipment needs to manage, a very important point is the data centre automation management the tool must be used on the management, then can let person's factor fall lowly.

Along the enterprise’s entity and visual equipment more and more, we believed that if the enterprise does not understand the application that between the integrity connection of foundation construction and relational scheme, it is very hard to manage the data centre. We need to understand which equipment being used in the data centre? And defines the relations clearly, and then we can see the whole picture of the entire enterprise IT the construction. Only the automated management tool can achieve on this scenario. Only that way can provide the high efficiency of the environment for enterprise manage their data centre.

In the 90s, the enterprise spends in data centre management cost possible only half in present, but now is different, the enterprise spends in data centre equipment's management already increased largely. This representative the automated management's software is able to reduce the cost on enterprise’s data centre management.

Most enterprise data center's visibility is very low now, manages network's IT personnel possibly only to know that the network equipment's condition, server's IT the personnel possibly only know server's condition, that mean is nobody can see the comprehensive operation condition, when enterprise's application crash, each personnel attempt to solve the problem base on the condition which they know, this usually is invalid. But the automated management's tool can provide higher visibility and ability to support the enterprise finding the problem quickly, and then solving the problem.

The automated management on data center provides the same information to the IT department and support the different team worker can see the complete picture which related with the program and the hardware equipment. Therefore inducts the automated management procedure is very important; it can support the personnel to discover certain application program potency is lower. But the most enterprises do not like changing the pattern on their existing work flow, therefore inducts the automated management data center tool should be comes gradually, regarding the demand, enterprise can starts from server's management first, then works as in the future when network equipment more and more, then start from the network equipment's automated management. For this way, the enterprise possibly does not to change, but inducts part of the automated management, actually paved the way for the enterprise future change, the impact can also be small.

Enterprise should think about how using the data centre automated management's tool change the existing construction quickly, and change resources' assignment to supply the flow changing, reduces the enterprise in the management maintenance cost.

In my point of view, the data center automated management is support the personnel monitor all the equipments. Solve problem within a short time, and less impact on the business operation. Also reduce the maintenance cost in the long-term perspective.

IAC: With ITIL integrated Six Sigma

Home Source:
http://www.ithome.com.tw/itadm/article.php?c=44586

The following information come from the reporter Whiffen Yang reported.

Inventec Appliances Corp. (IAC), also begin the ITIL v.2 induction in April 2007, and achieves the Six Sigma with ITIL framework, reduces the problem’s process time positively, simultaneously and enhances the senior IT personnel's value.

During the ITIL induction, IAC besides follows ITIL standard conformity and also integrated with Six Sigma methodology. Briefly, with ITIL methodology achieves the Six Sigma requirement.

IAC information department senior Manager DeLong, Cai indicate that Six Sigma and ITIL although emphatically on IT working flow and service quality improvement, but between both, actually also respectively has the different advantage to be possible supplementary, used broadly by manufacturing industry on Six Sigma. Because Six Sigma takes the quality improvement by statistics the quantification way, therefore enterprise has a set of rigorous calculation formula, but actually Six Sigma doesn’t have the practical on quantification target method. However, the ITIL framework has the method on quantification target processing to make up this gap.

DeLong Cai point out that IAC starts appraising on ITIL in January 2007, the Service Desk and Incident Management implementation already completed in April. The reason that inducts ITIL as the Six Sigma’s project, the consideration mainly focuses on the cost aspect and user demand faster responding aspect. In the past, IAC have two problems which existing before the service desk setting up. The end user would like to ask recognizable IT personnel to solve the problem, but if the IT personnel who are busy or out of the office, the end user’s problem is unable to be solved immediately, because of the IT service quality is not ideal.

Looking from the cost expect, the original procedure represent also no performance. Because senior IT personnel take the high salary from company, but actually spends their time in the low value added work. Sometimes possibly only half time in the development, cause busy on the end user’s issue. After ITIL inducting, the end user’s issue can be fixing via a service window. The senior personnel can have the quite much time to concentrate in the difficulty higher development work.

At present IAC’s ITIL induction project still in processing. In term of the planning at current stage, Service Level Agreement (SLA) can be progress in 2008 hopefully. DeLong Cai point out that the ITIL application will expand to the exterior enterprise finally. Lets customer thought out their problem and get the respond immediately and directly according their rights. This linkage also needs to be improved, because IAC is facing both OEM and ODM. They disperses in global various countries, meanwhile the operating in the different time zone also have different operating. Reduce the processing time by using the web technology.

What I understand in this case, even ITIL is the best practice but still have some area that ITIL can fully cover. In case, it should need to combine with other standard to approach in the future. As IAC implement the Six Sigma standard and ITIL within the same project. Because both working as related as closely in the real world.

ITIL: Brings two authentication fashion

Home Source: http://www.ithome.com.tw/itadm/article.php?c=35074

The following information come from the reporter Whiffen Yang reported.

Regarding to individual, the authentication may prove that carries out ITIL the ability; for the enterprise, by the authentication may inspect that conform the operation of ITIL induction is following the international standard.

After ITIL extends gradually to ISO20000, one issue on the ITIL authentication personally, another issue is the enterprise authentication at ISO20000. From personally, there has the related training program can be found on the net. Also have more than 50 enterprises in the whole world to obtain the authentication, such IBM, CA, Microsoft and such. Taiwan's enterprise obtains not many regarding to the ITIL authentication. If the enterprise just improve parts of the operation flow by ITIL methodology, perhaps ITIL induction will be focusing on the most need place, doesn’t matter which part taking ITIL framework, which inducted ITIL. For example, many enterprises only made the event to manage, the Service Desk, this also inducted ITIL. But if enterprise must obtain the international standard authentication ISO20000, they must induct ITIL within each IT service management flow.

Because of the authentication auditing key point which care on the flow meeting standards inspection, therefore, no matter on the height of ITIL validity, so long as the flow coverage fit the standards can through the authentication.

Under such premise, if the enterprise obtains the authentication on the commercial purpose, the achievement possibly will neglect the IT service management validity. If enterprise focuses on improving the IT foundation construction and service management, it will be the true goal on ITIL induction.

The biggest significance of ITIL authenticates, that prove enterprise have the practical ability on ITIL implementation. ITIL authentication mainly may differentiate at 3 levels at presently, including ITIL Foundation, ITIL Practition as well as ITIL Service Management. But the authentication obtains in the process must proceed in an orderly way, the sequence also obtain ITIL Foundation first, according to own demand then enter to the ITIL Practition phase or ITIL Service Management.

For the ITIL Foundation may say that is the most foundation authentication, mainly focus on ITIL concept understanding; ITIL Practition concentrates the flow practice; But the ITIL Service Management besides must understand the ITIL concept fully and must have all flow practical ability.

At present the ITIL authentication is authenticated by both EXIN and ISEB organization mainly. EXIN is located at Holland's making profit unit, and also setup the subsidiary company in the Asian and Pacific area, ISEB is subordinates under a British Computer Association's semi-official unit.

In my view, before we get the benefits on the certification of ITIL, we must pay a lot of money and time on the training. Even though the examination just three level, it will take a long time for that certification. I believe the ROI is quite good but we need to have the budget on taking the professional level certification. Also should patient on the understanding of all material, then reaping later on.

ASE: Inducts ITIL process in an orderly way, do not attempt complete the wholes set immediately.

Home Source: http://www.ithome.com.tw/itadm/article.php?c=43812

The reporter Whiffen Yang reported after the speech by ASE group information Vice-president Mincheng Sheng.

After ITIL becomes international standard ISO 20000 officially, more and more enterprises improve their IT service management with ITIL methodology gradually. This ASE example shares their ITIL induction information with public.

The ASE inducts is also quite complete, a key point must be mentioned is whether Acer or ASE inducts the ITIL processes, both has adopted with the same pattern which proceeds in an orderly way.

ASE group information Vice-president Mincheng Sheng shares ASE’s experience on ITIL induction by itSMF Taiwan branch's invitation. “The enterprise inducts ITIL framework which should better be adopts the processes on proceeding in an orderly way, do not attempt to complete ITIL framework immediately, the reason is setting the scope is too big at the beginning, the cost on investment must be increasing naturally. The disagreement will be prompted on the boss side easily. Therefore enterprise should start from the point which has highest benefit and the smallest impulse.” he said.

By the ASE's experience, we starts from Service Level Management on the entrance of ITIL project induction before more than two years ago, then progresses gradually to the Change Management, as well as Incident Management and Problem Management and such. Mincheng Sheng said that besides both ASE and Acer starts to invest ITIL is also adopts the process on expand the scope with gradual growth way. ASE faces to the configuration management information database (CMDB) and the Change Management slowly extended recently.

Many people thought that inducts ITIL is must spend a lot of money, parts on buying many tools. Then can complete the IT service management truly, but as ASE inducts ITIL not to spend many money. Mincheng Sheng said. Take the example on the establishment on CMDB, ASE implement CMDB with their own method, has not invested too many money on tool purchasing. Because of CMDB is the key mainly, don’t matter the tool itself, just keep going on the flow improvement and the management. In term of the CMDB part, actually there does not have any information service provider to be possible to provide suggestion to the enterprise explicitly, how can the enterprise measure the achievement to be able to have the help to the IT management.

According to the ASE's procedure is caring the most important system. Mincheng Sheng explained that ITIL is talking about the flow management actually. However, in all the practice operation, each flow has the different priority, enterprise should take care their important software and hardware system, for example: ERP, the server or the storage. And also carry on the strict management, which can probably fit IT service requirement about 95%~98%.

In the past, the role of IT just focuses on solving problems. That idea was not make sense. After inducting ITIL, IT department may along to the SLA agreement to provide IT the service which matches the request initiatively.

Mincheng Sheng suggested that each enterprise should induct ITIL, because inducts ITIL really has the advantage; it will let IT changed differently compare to the former. After inducting ITIL, might reduce IT the Operation Cost effectively. In term of ASE’s experience, in the past wanted we need about 250 did a matter personally, so long as now the same matter only 70 people can complete it. Moreover, enterprise might control all the events and the processing status by the daily report. Do more with few resources this benefit should have the opportunity in each enterprise.

In my opinion, each enterprise wants to use a limit cost to have more benefits under high competition environment. This idea also can be seen on the ASE case as well. With some one’s story illustrate their reaping, we can not feeling truly, only if we confirms the advantage on IT government personally.