isa 201 information systems acquisition · itsm/desmf 10 desmf •initiated by disa (140...
TRANSCRIPT
ISA 201Information Systems
Acquisition
1
Lesson 21Information Technology
Service Management (ITSM)
2
Learning Objectives
Overall: Given a DoD IT services acquisition scenario, recommend appropriate DoD Enterprise Service Management Framework (DESMF) guidance to manage a suite of IT services.• Identify the purpose and goals of the DoDI 8440.01 (DoD Information Technology
(IT) Service Management (ITSM)).
• Identify the purpose and goals of the DESMF.
• Recognize the DoD policy for ITSM and the use of DESMF.
• Describe the DoD ITSM process.
• Identify the benefits and projected outcomes of DESMF.
• Describe the five (5) DESMF domain structures.
• Identify performance measures associated with each of the five (5) DESMF domains.
ITSM/DESMF 3
Agenda
• IT Service Management (ITSM) Overview
• Policy Overview
• DoD ITSM Process
• Benefits and Projected Outcomes of DESMF
• DESMF Domains Overview
• Exercise
ITSM/DESMF 4
Definitions
• What is a Service?
- A means of delivering value comprised of people, processes and technology
perceived by Customers and Users as a self-contained, single, coherent entity
that enables them to achieve mission objectives and functions (Source: ISO
20000, COBIT 5)
• What is a Standard?
- Establishes a set of minimum requirements to audit an organization against
effective ITSM (DESMF v3 p2)
• What is a Framework?
- Provides a structure from which an organization can plan, implement, and
measure. (DESMF v3 p2)
ITSM/DESMF 5
6ITSM/DESMF
• IT Service: Engagement of the time and effort of a service provider, through the use
of IT, whose primary purpose is to perform an identifiable task, or tasks, rather than
provide an end item of supply.
• IT Enterprise Service: A service that is offered on a communications network by a
single provider to all entities in the DoD Enterprise and is characterized by function
performed, service provider, specific-service offering, and scope of the enterprise
served.
• IT Service Management (ITSM): A set of specialized organizational capabilities to
manage IT services through a set of defined, repeatable, measurable, implemented
and integrated processes that control the quality, performance and reliability of IT
services.
• DESMF (DoD Enterprise Service Management Framework): The DoD ITSM
framework that provides standards for service description, service categories, service
quality measurements, service management process descriptions, and service
management capability assessment as well as provides ITSM guidance.
Definitions
ITSM/DESMF 7
ITSM vs ITIL
ITSM stands for IT Service Management. It’s about how an organization manages
IT services for customers. ITSM refers to all the activities involved in this process,
which include planning, designing, delivering, operating, and controlling.
ITIL stands for IT Infrastructure Library. It’s a framework or a set of ITSM best
practices. These processes, procedures, tasks, and checklists are not organization-
specific. Instead, the idea is to integrate them with the organization’s strategy. ITIL is
divided into a series of five core volumes, each covering a different ITSM lifecycle
stage. ITIL first came from the UK government. In the 1980s, there was a growing
dependence on IT, but no standard practices. This lack of standard practices meant
inconsistent service quality.
8ITSM/DESMF
What is ITSM? ITSM addresses the need to align the delivery of IT services closely with the needs of the
business. This transformation of a traditional "business - IT paradigm" can be depicted by some of the following
attributes:
Definitions
Traditional I/T becomes ITSM Process
Technology focus Process focus
"Fire-fighting" Preventative
Reactive Proactive
Users Customers
Centralized, done in-house Distributed, sourced
Isolated, silos Integrated, enterprise-wide
"One off", adhoc Repeatable, accountable
Informal processes Formal best practices
IT internal perspective Business perspective
Operational specific Service orientation
Reference
• Key Aspects of the Current DoD ITSM Policy (DoDI 8440.01):
• The DoD CIO monitors, evaluates, and coordinates ITSM
activities across DoD
• The DoD Enterprise Service Management Framework (DESMF)
is the single service management framework for the DoD
• DoD Components will conform to the DESMF at the conformance
level prescribed by the DoD CIO
• A tiered accountability, federation approach will be the
governance mechanism used to implement DoD ITSM and
conduct conformance activities
• Conformance to DESMF should be considered in all portfolio
management decisions by the portfolio owners
• Updating policy to move it from a conformance checklist-type
focus to a more adaptive approach encompassing DevSecOps,
Agile, etc.
ITSM/DESMF 9
References (History and Status)
ITSM/DESMF 10
DESMF
• Initiated by DISA (140 contributors from 15 DISA Directorates)
• Applicable to DISA provided IT Services
• Published Sep 2012; Signed by DISA Director Mar 2013
Edition I
• Nine agencies/military services/Industry/DESMF Working Group
• Final released Sep 2013
• Signed by DoD CIO Apr 2015
• Nine agencies/military services/Industry/DESMF Working Group
• DRAFT released in Jan 2015
• Signed by DoD CIO Jun 2016
Edition III
Edition II
Restructures the DESMF into two parts (Released April 2019)
• Part 1: High-level articulation of the framework and explains the governance and conformance
aspect of the DESMF
• Part 2: Provides details on all of the DESMF models, processes, best practices, supporting tools,
and use cases, as well as information on other ITSM-related topics. Maintained as an on-line asset
(https://www.milsuite.mil/wiki/DoD_IT_Service_Management_Community_of_Practice)
Edition IV
ITSM/DESMF
Agenda
• IT Service Management (ITSM) Overview
•Policy Overview
• DoD ITSM Process
• Benefits and Projected Outcomes of DESMF
• DESMF Domains Overview
• Exercise
ITSM/DESMF 11
Policy Statements
• DoD will*:
- Promote effective use of standards for IT services
- Articulate DoD ITSM standards via DESMF
-Measure quality and management capabilities based on
those standards.
- Define, categorize, publish and measure IT services based on
DESMF
- Use DESMF to describe manner of ITSM for JIE
- Consider DESMF conformance in all portfolio management
decisions IAW DoDI 8115.02 (IT Portfolio Management)
*DoDI 8440.01 -- ITSM ITSM/DESMF 12
Responsibilities
DoD CIO
• Manage DESMF
• Establish Service Catalog
• Guide DoD
• Prescribe Conformance Levels
• Monitor Conformance
• Evaluate ITSM Capabilities and Quality across DoD
• Evaluate DESMF effectiveness
USD (AT&L) (A&S)
• Synchronize acquisition systems / policies IAW 8440 (ITSM)
• Provide guidance to PMs and PEOs to evaluate & approve implementations of ITSM practices
DoD Components
• Resource management
• Collaborate on DESMF refinements
• Execute conformance plan per DoD CIO prescribed level
• Measure IT service quality
• Register IT services iaw DoDI8320.02.
DISA Director
• DESMF Liaison
• Provide technical assistance for DoD ITSM
DoDI 8440.01 -- ITSMITSM/DESMF 13
Formalizes DESMF
DESMF will include:Quality Model
• Service descriptions
• Service categorizations
• Service Quality
Process Reference Model
• Standard descriptions
• Support implementations and organizational learning
• Support audit and assessments
Process Assessment Model
• Assessable levels of integrated service management capabilities.
Provide additional guidance
• DoD Components for adopting ITSM practices
• Acquiring and contracting for ITSM efforts and capabilities based on industry best practices
- Updated Annually by
DoD-wide group
- DoD CIO will provide
further requirements for
inclusion in DESMF
- DESMF baseline
controlled under DoD
CIO EASB using ESDP
adjudication.
ITSM/DESMF 14
Agenda
• IT Service Management (ITSM) Overview
• Policy Overview
•DoD ITSM Process
• Benefits and Projected Outcomes of DESMF
• DESMF Domains Overview
• Exercise
ITSM/DESMF 15
Comparing IT Products to IT Services
Technology Lifecycle People/Process Lifecycle
• SCOM
• SCCM
• TMG
• Good
• Lync
• SharePoint
• Active Directory
• Tanium
• AZURE
Service Health Monitoring
Compliance Management
Access Management
Mobile Messaging
Collaboration Services
Workflow & Content Mgt
Directory Services
Endpoint Protection
Application Hosting
Service = People + Processes + TechnologyITSM/DESMF
Service Management Components
17
Policies
Objectives
Roles
Skills
Processes
Automation
Information
Metrics
Controls
Roles
Processes
Tools
Measures
Value
SLA
Service
UC
OLA
Service
Mgmt
System
SVC Provider (DISA)Supplier
(e.g., Adobe DCO)
Svc Portfolio
Service Lifecycle
Quality
Improvement
Customer (DoD Office)
SMS
UC – Underpinning Contract
OLA – Operational Level Agreement
SLA – Service Level Agreement
What are the
consequences of a
service provider not
meeting an SLA – in
industry? in
Government?
• In industry, financial
penalties, loss of
business.
• In Government, no
penalties with teeth…
Disgruntled
customers….
How can we change SLA
enforcement between
Government entities?(ISO 20000)
ITSM/DESMF
Service Management System Concepts
18
Objectives
Roles
Processes
Automation
Information
Defines Metrics
Controls
Service Mgmt System
Quality Mgmt
Continual
Improvement
Requirements
Objectives
Policies
Services
Authority Lines
Ownership
Roles
Skills
Teams
Responsibilities
Org Structure
Resources
Key Processes
Tools
Information
Relationships
Service Metrics
Process Metrics
- Progress
- Compliance
- Effectiveness
- Efficiency
Organizational
Metrics
With Under
Audits
Corrective Actions
Integrated Improvements
- Services
- Tools
- Teams
- Processes
Quality Assurance
Communication
Purpose Structure Actions Outcomes Optimization
Customer
Needs
Provider
Capabilities
Driven
BySMS
Let’s see how these concepts are manifested in the DESMF…
(ISO 20000)
ITSM/DESMF
Service Management Models: SMS Context
19
Service Mgmt
System (SMS)
Potential
requirement for
use by customer
or sector
SMS Standard:
ISO 20000
Customer Focus:
LEAN
Org. Focus:
CMMI
Common Lexicon:
ITIL
Common Skills:
SFIA
Governance:
COBIT
Maturity Measures:
CMMI
Common CSF/KPIs:
ITIL
Metric Design:
LSS
Value/Contribution:
BSC
Assessments / Certs:
CMMI, ISO 20000
Control Audits:
COBIT
Improvement Approach:
LSS (DMAIC)
Svc. Imp. Principles:
ITIL
Quality Management:
ISO 9001, Baldrige
Purpose Structure Actions Outcomes Optimization
Org. Process
Guidance: CMMI
Domain Specific
Practices/Skills:
ITIL, PMI, SE
Process Design:
LSS / TOC
SMS
• ISO – International
Standards Organization
• CMMI – Capability Maturity
Model Integration
• ITIL – Information
Technology Infrastructure
Library
• SFIA – Skills Framework for
the Information Age
• COBIT – Control Objectives
for Information and Related
Technologies
• PMI – Program
Management Institute
• LSS/TOC – Lean Six
Sigma/Theory of
Constraints
• BSC – Balanced Scorecard
• DMAIC – Define, Measure,
Analyze, Improve, Control
(Six Sigma approach)
DESMF discusses integrating standards
and best practices to achieve better ITSM
outcomes
ITSM/DESMF
DESMF Processes Across the Service Lifecycle
Process
Reference
Model
ITSM/DESMF 20
• USN, USA, USMC, USAF, NETCOM, DISA, DoD CIO, SPAWAR, DoT, DSS, DLA and industry partners
• A group of volunteers (not a Tiger Team) working on their own time to contribute to content development
Collaborated and integrated effort though
the DESMF Working Group:
DESMF is a Framework
Agenda
• IT Service Management (ITSM) Overview
• Policy Overview
• DoD ITSM Process
•Benefits and Projected Outcomes of DESMF
• DESMF Domains Overview
• Exercise
ITSM/DESMF 22
Benefits and Projected Outcomes of DESMF
• Compliance and subsequent auditing will be stabilized through repeatable
processes
• Better understanding of the importance of IT services and the value derived from
each service both from the provider as well as the mission partner perspective
• Supports ability of IT to measure and thus improve internal performance in
provisioning IT services
• Improved mission partner satisfaction through a more professional, efficient
approach to service delivery and support
• Secure information and data exchange
• Enhanced ability to mature and increase performance based on information and
knowledge feedback into processes and services
• Cost effectiveness and efficiency are realized by identifying duplications for upgrade
or removal
ITSM/DESMF 23
*DESMF Vol IV, April 2019
Benefits and Projected Outcomes of DESMF (Continued)
• Provides a single, definable, repeatable, and scalable documented framework for recommended best practices
• Clearly identifies roles and responsibilities for ITSM
• Adopting characteristics of a standard service management framework enables organizations to provide higher service quality and availability levels, improve alignment between service provider and mission areas, and improve management of changes to ensure security and capability of the information enterprise
• Enables better decision making at all levels by identifying relationships and information items exchanged by all processes throughout the Service Management lifecycle
• Services supporting the war fighter and/or mission partner will be implemented faster, more efficiently, and with higher quality
• Services will be measured transparently and will be traceable through the component and Agency level strategies to those of the DoD
*DESMF Vol IV, April 2019ITSM/DESMF
24
Agenda
• IT Service Management (ITSM) Overview
• Policy Overview
• DoD ITSM Process
• Benefits and Projected Outcomes of DESMF
•DESMF Domains Overview
• Exercise
ITSM/DESMF 25
DESMF Five Domains Structure
Service Strategy
Service Design
Service Transition
Service Operation
CSI
DOMAIN FOCUSThink and act strategically
Long term view
Design services and what
is needed for support
Transition safely
Build trust
Deliver stable services
Be responsive
Continually align with business
Improve performance
ITSM/DESMF 24
The Five (5) Domains of the DESMF Service Life-Cycle
ITSM/DESMF 27
Strategy + Design + Transition + Operation + CSI + Action Plans = Mission Value
Strategy + Design + Transition + Operation + CSI + Action Plans = Variation
Strategy + Design + Transition + Operation + CSI + Action Plans = Poor Integration
Strategy + Design + Transition + Operation + CSI + Action Plans = Unsupportability
Strategy + Design + Transition + Operation + CSI + Action Plans = Poor Availability
Strategy + Design + Transition + Operation + CSI + Action Plans = Stagnation
Strategy + Design + Transition + Operation + CSI + Action Plans = Confusion
DESMF Domain Structures – Ensuring Mission Value
*DESMF Vol IV, April 2019
DESMF Domain Structures – Performance Measures
• Metrics
-Return on Investment
-Value of Investment
(cost avoidance)
-Number of Planned
New Services
-Number of Unplanned
New Services
-Number of Customer
Complaints
-Customer Satisfaction
Metrics
• Metrics
-Fulfilment of Service
Levels
-Number of Service
Issues
-Service Availability
-Number of Service
Interruptions
-Gaps in Disaster
Preparation
-Number of
implemented
Preventive Measures
-Number of major
Security Incidents
• Metrics
-Number of Major Changes
-Change Acceptance Rate
-Number of Emergency Changes
-Number of Releases
-Percentage of failed Release Component Acceptance Tests
-Number of identified Errors
-Number of unauthorized changes detected automatically
• Metrics
-Number of
Service Reviews
-Number of
identified
Weaknesses
-Number of
Process
Evaluations
-Number of
identified
Weaknesses
• Metrics
-Number of repeated
Incidents
-Incidents resolved
Remotely
-Number of
Escalations
-Number of Incidents
-Average Initial
Response Time
-Problem Resolution
Time
-Number of Incidents
per Known Problem:
Strategy Design Transition Operation Cont. Serv. Impr
Subset of KPIs from ITIL V3 ITSM/DESMF 28
ITSMO
• ITSMO Ties it all together- Policy
- Training
- Standardized approach to ITSM for your Enterprise
- Process Reference Model
• For more information- DoD ITSM Community of Practice (latest
information on DESMF)- https://www.milsuite.mil/book/groups/doditsmcop
- Navy ITSM Office (good templates + see how someone else is doing it)
- https://www.milsuite.mil/wiki/Navy_IT_Service_Management_Office
ITSM/DESMF 29
Agenda
• IT Service Management (ITSM) Overview
• Policy Overview
• DoD ITSM Process
• Benefits and Projected Outcomes of DESMF
• DESMF Domains Overview
•Exercise
ITSM/DESMF 30
Class Exercise
• Review DODI 8440 and the DESMF in the references folder
• Exercise assignments:
1. Summarize the purpose of the domain and identify and explain one outcome and one benefit for
each of the domains described in the DESMF IV Section 3.2
- Team 1 – Service Strategy Domain (Section 3.2.1)
- Team 2 – Service Design Domain (Section 3.2.2)
- Team 3 – Service Transition Domain (Section 3.2.3)
- Team 4 – Service Operations Domain (Section 3.2.4)
- Team 5 Continual Service Improvement Domain (3.2.5)
2. (optional – as time permits) Read the exercise scenario (ITSM DARA Desired Features).
- Identify what services are needed to include the potential performance measures (Slide 28 in Lesson)
- Analyze and discuss the applicable supporting functions in Section 10 (page 125).
- Describe how the DESMF for ITSM can be applied to produce the desired acquisition outcomes (or improved
customer service/satisfaction).
[~ 45 minutes]
ITSM/DESMF 31
Summary
Overall: Given a DoD IT services acquisition scenario, recommend appropriate DoD Enterprise Service Management Framework (DESMF) guidance to manage a suite of IT services.Using ITSM/DESMF best practices is key to success!
• Identify the purpose and goals of the DoDI 8440.01 (DoD Information Technology (IT) Service Management (ITSM)).
• Identify the purpose and goals of the DESMF.
• Recognize the DoD policy for ITSM and the use of DESMF.Policy in 8440.01, DESMF provide responsibilities and practices.
• Describe the DoD ITSM process.
• Identify the benefits and projected outcomes of DESMF.Provides a single, definable, repeatable, and scalable documented framework for recommended best
practices
Clearly identifies roles and responsibilities for ITSM
• Describe the five (5) DESMF domain structures/service life-cycles.- Strategy
- Design
- Transition
- Operations
- Continual Service Improvement
• Identify performance measures associated with each of the five (5) DESMF domains.
ITSM/DESMF 32