This is a copy of blog on SourceWire Sept 09, 2009
Hornbill’s latest survey “ITIL: State of the Nation” reveals that 70% of organisations now have IT on the board but 35% of executives still struggle with resources and only 51% can measure performance IT Service Management software provider Hornbill has announced the results of the company’s latest survey, revealing some interesting insights into the role of the CIO and the relationship between IT and the business today. Over 500 executives and senior managers from both commercial and government organisations took part in the survey, entitled “ITIL: State of the Nation”, which looked into international adoption rates of the IT Infrastructure Library (ITIL®) best practice framework version 3 since its launch in June 2007. Key highlights of the survey include:• 70% of respondents confirmed that IT now has representation on the board.• 50% claimed that the IT department holds regular planning meetings with the rest of the business (every day, week or month) with the remaining half meeting only quarterly or even annually.• The major positive outcomes from these meetings are helping IT to ‘properly understand business goals’ (78%), and to ‘plan resources to meet demand’ (65%), followed in third place by the opportunity to ‘establish clear metrics to measure achievements’ (51%).• More than one third (35%) of respondents struggle with planning resources to meet the demands of their organisation.• Over 54% of respondents do not charge the business for the delivery of IT and of those who do, 31% allocate a cost per use for each service, or divide the costs evenly across all employees and departments (24%).• 51% do not track the cost of providing IT services to the business, mirroring the number of respondents who said they do not have concise metrics in place to measure the services and therefore the costs per service provided.IT’s growing representation on the board (70%) is validation that the function is now considered essential to the business to help drive strategy forward and provide senior level sponsorship and support for service improvement initiatives such as adopting ITIL. Despite this trend, many IT departments do not interact with the rest of the business regularly enough, sometimes only on an ad-hoc basis, putting them at grave risk of either being out of tune with the business needs and drivers, or delivering irrelevant services at the wrong time, making IT a likely victim of outsourcing. The findings of the survey reveal that the UK is only marginally ahead of the US across most phases of ITIL. This is perhaps not surprising given that the UK market was exposed to ITIL much earlier than the US. Gerry Sweeney, CEO of Hornbill Systems, commented: “One notable aspect of ITIL v3 is its orientation towards business services, moving IT away from a pure technology play. What is now becoming apparent is the need to focus on people, for they are the process deliverers and receivers of service. Whichever version of the ITIL best practice framework organisations are looking to adopt, the drivers are the same: improving service quality and increasing customer satisfaction. Process can only take you so far. It is people that make the difference between poor and excellent service. The service desk is IT’s shop window and by ensuring that it is run by the right staff, with the right attitude and the right tools, IT can tackle service quality and customer satisfaction head on, instead of expecting processes alone to make a difference. The challenge for IT remains to demonstrate some quick wins to secure business attention, then forge ahead with the more strategic aspects of ITIL v3, complete the service lifecycle and demonstrate the true benefits of ITIL.”One final point is clear: the view of the business with regard to IT is changing and becoming more favourable with only 3% of business executives considering IT a ‘law unto itself’ and 32% firmly of the opinion that IT is a ‘competent business partner’, ensuring critical services are available to the organisation when needed.Hornbill collaborated with Ken Turbitt of the Service Management Consultancy (SMCG) Ltd to prepare the survey with input from the IT Service Management Forum (itSMF), and it was promoted via the Service Desk Institute (SDI), Pink Elephant and ITP Report online. Mauricio Marrone of the University of Göttingen contributed to the statistical data analysis and findings.To download a copy of Hornbill’s survey and white paper, please go to: http://www.hornbill.com/itilstate
Thursday, September 10, 2009
Thursday, June 18, 2009
Statera Releases a CRM to SharePoint Cloud Integration Engine
Just recently, Statera went into a Beta phase for their an integration engine called Stratus (http://stratus.statera.com). It’s a really cool idea/product which integrates Microsoft CRM Online with SharePoint Online completely via Microsoft’s Azure Services platform (which means everything is running in the Cloud). Some of the capabilities Stratus provides include:
· CRM users can provision SharePoint sites for Account, Opportunity and Case records, allowing them to store documents in a location where they are easier to collaborate on and in an environment where non-sales employees may be more familiar with
· CRM users can upload documents while in CRM and they are stored directly in SharePoint
· CRM users can view associated SharePoint document libraries and their contents and pull up documents without ever leaving CRM
· SharePoint users can navigate to SharePoint sites that are associated with CRM Account, Opportunity or Case records and access uploaded documents, CRM contacts, CRM activities as well as some other general CRM information
· SharePoint users can create new contacts or activities via the associated SharePoint site that are in turn stored in CRM
· SharePoint users can save CRM contacts directly into their Outlook contacts folder with the click of the mouse
The product also works with the on-premise versions of SharePoint and CRM or any combination of Online and On-premise (e.g. CRM Online and SharePoint on-premise), though the on-premise activation is not yet available.
There are some other cool ideas that will be coming out with in the future. For more information, check out the video or sign up to use the platform at http://stratus.statera.com – it only takes a few minutes to sign up and usage is free!
· CRM users can provision SharePoint sites for Account, Opportunity and Case records, allowing them to store documents in a location where they are easier to collaborate on and in an environment where non-sales employees may be more familiar with
· CRM users can upload documents while in CRM and they are stored directly in SharePoint
· CRM users can view associated SharePoint document libraries and their contents and pull up documents without ever leaving CRM
· SharePoint users can navigate to SharePoint sites that are associated with CRM Account, Opportunity or Case records and access uploaded documents, CRM contacts, CRM activities as well as some other general CRM information
· SharePoint users can create new contacts or activities via the associated SharePoint site that are in turn stored in CRM
· SharePoint users can save CRM contacts directly into their Outlook contacts folder with the click of the mouse
The product also works with the on-premise versions of SharePoint and CRM or any combination of Online and On-premise (e.g. CRM Online and SharePoint on-premise), though the on-premise activation is not yet available.
There are some other cool ideas that will be coming out with in the future. For more information, check out the video or sign up to use the platform at http://stratus.statera.com – it only takes a few minutes to sign up and usage is free!
Wednesday, June 17, 2009
DoF Abu Dhabi receives two ISO Certifications in Information Security
Here is an interesting article I found on http://www.zawa.com/ and you may read the original on: http://www.zawya.com/story.cfm/sidZAWYA20090616072525
Abu Dhabi 16, June 2009:
The Department of Finance (DoF) - Government of Dubai
Today announced its acquisition of two ISO certifications, ISO20000 and ISO27001 in Information Security. This comes in line with its commitment to adopting the best quality standards at all levels of Governmental practice, especially in information security. DoF is the first local department in Abu Dhabi Government to receive both certifications at once, in appreciation of its ongoing efforts to improve its services and adopt best global practices in Information Security Management.
ISO 20000 is the world's first international standard for IT Service Management, which defines the essential requirements for a service provider to deliver managed services. This certificate allows for effectively conveying the managed services which meet business and customer requirements, therefore implementing the department's strategic plan of 2009-2013.
ISO27001 is one of the global certifications with an elemental purpose of assisting to establish and sustain an effective Information Security Management System using a continual improvement approach. It concentrates on confidentiality, integrity and availability of information and executes the Organization for Economic Cooperation and Development values, prevailing security of network systems and information. This certification offers essential security measures to face potential menace.
Salem Al Rumaithi, Head of the IT Directorate at DoF clarified that the international German group TUV Rheinland used a 2-phase-audit process to ascertain DoF's readiness to get both international accolades. During the first phase TUV Rheinland reviewed the existing security measures and documents such as the Information Security Policy and the IT Security Management and Risk System at DoF. In the second phase, the group conducted a scrutinized audit to test the surveillance tools stipulated in the IT security Management System's regulations and supporting documents.
'We are proud of the Information Security team's great achievements. These milestones come in line with the directives of H.H. Sheikh Mohammed Bin Khalifa Al Nahyan, Chairman of Department of Finance, to enhance the level of IT performance and security" said Al Rumaithi.
Al Rumaithi praised the IT directorate's efforts to build the capacities of staff that have been trained for the international Information Technology Infrastructure Library certification (ITIL). Currently, over 25 employees have achieved this certification which falls under the ISO umbrella. ITIL is a set of concepts and policies intended to assist organizations to develop a framework for IT Service Management and to manage their operations.
DoF adopts the highest quality standards throughout its network which encompasses over 40 governmental entities. DoF strives to enhance its human resource skills and employs the finest IT applications with the aim of supporting the department's different activities. The aim of DoF is to accomplish sustainable economic growth for the Abu Dhabi government and rank it amongst the top five governments in the world.
An overview of the Finance Department
The Department of Finance (DoF) was established in 1962, and plays a vital role in providing all local government entities with the best of breed of financial services. DoF aims at enhancing the prosperity of the Abu Dhabi community by contributing to economic growth and promoting private sector participation. DoF includes 5 main directorates and they are: Budgeting, Customs, Government Accounts, Support Services and Information Technology. DoF is adopting the latest processes and technology to further strengthen the effectiveness and efficiency of its services.
UAE Governmental Institutions Strategic Plan encompasses the following 10 priorities:
Abu Dhabi 16, June 2009:
The Department of Finance (DoF) - Government of Dubai
Today announced its acquisition of two ISO certifications, ISO20000 and ISO27001 in Information Security. This comes in line with its commitment to adopting the best quality standards at all levels of Governmental practice, especially in information security. DoF is the first local department in Abu Dhabi Government to receive both certifications at once, in appreciation of its ongoing efforts to improve its services and adopt best global practices in Information Security Management.
ISO 20000 is the world's first international standard for IT Service Management, which defines the essential requirements for a service provider to deliver managed services. This certificate allows for effectively conveying the managed services which meet business and customer requirements, therefore implementing the department's strategic plan of 2009-2013.
ISO27001 is one of the global certifications with an elemental purpose of assisting to establish and sustain an effective Information Security Management System using a continual improvement approach. It concentrates on confidentiality, integrity and availability of information and executes the Organization for Economic Cooperation and Development values, prevailing security of network systems and information. This certification offers essential security measures to face potential menace.
Salem Al Rumaithi, Head of the IT Directorate at DoF clarified that the international German group TUV Rheinland used a 2-phase-audit process to ascertain DoF's readiness to get both international accolades. During the first phase TUV Rheinland reviewed the existing security measures and documents such as the Information Security Policy and the IT Security Management and Risk System at DoF. In the second phase, the group conducted a scrutinized audit to test the surveillance tools stipulated in the IT security Management System's regulations and supporting documents.
'We are proud of the Information Security team's great achievements. These milestones come in line with the directives of H.H. Sheikh Mohammed Bin Khalifa Al Nahyan, Chairman of Department of Finance, to enhance the level of IT performance and security" said Al Rumaithi.
Al Rumaithi praised the IT directorate's efforts to build the capacities of staff that have been trained for the international Information Technology Infrastructure Library certification (ITIL). Currently, over 25 employees have achieved this certification which falls under the ISO umbrella. ITIL is a set of concepts and policies intended to assist organizations to develop a framework for IT Service Management and to manage their operations.
DoF adopts the highest quality standards throughout its network which encompasses over 40 governmental entities. DoF strives to enhance its human resource skills and employs the finest IT applications with the aim of supporting the department's different activities. The aim of DoF is to accomplish sustainable economic growth for the Abu Dhabi government and rank it amongst the top five governments in the world.
An overview of the Finance Department
The Department of Finance (DoF) was established in 1962, and plays a vital role in providing all local government entities with the best of breed of financial services. DoF aims at enhancing the prosperity of the Abu Dhabi community by contributing to economic growth and promoting private sector participation. DoF includes 5 main directorates and they are: Budgeting, Customs, Government Accounts, Support Services and Information Technology. DoF is adopting the latest processes and technology to further strengthen the effectiveness and efficiency of its services.
UAE Governmental Institutions Strategic Plan encompasses the following 10 priorities:
Identify efficient ways to finance priority projects of government entities including the concept of public-private partnerships
Develop a common and standardized financial framework to ensure financial stability of Abu Dhabi Government
Define decentralized financial-management model and assure its gradual transition
Establish a fiscal policy unit to develop strategies for efficient government spending and to cooperate with the federal level on all financial frameworks and policies
Introduce a performance measurement approach to enhance efficient use of government funding
Establish DoF as the reliable and comprehensive source of Abu Dhabi financial data and analysis by building a process for the collection, analysis and reporting of all financial data
Enhance world class treasury function to optimize short term cash debt management
Strengthen and develop DoF employee competencies by state of the art HR management with special focus on nationals
Enable and maintain state of the art IT technologies to support the future role and activities of DoF
Protect borders and citizens, facilitate trade, and collect revenues through effective customs
Tuesday, May 26, 2009
ITIL Assessment
What are the deliverables for one week ITIL Assessment? And how long does it take to complete a typical assessment.
My take is: A Matrix Assessment Report that will assess People, Process and Tools for each discipline under assessment.
=Maturity Score
=Score for each process assessed based upon maturity level
=Risk & Implication Report
=Recommendations
Time wise I would say it is an open ended question, one can do two to three disciplines in a week, i.e., Incident, Problem, Change, Service Management or others but in case of V3 Strategy, Design, Transition, Operation and Continous Service Improvement may take one week each.
With The Complete ITIL V3 Readiness Assessments, you can put any or all of the assessments to work in your company:
• Service Management strategy and value planning
• Linking business plans and directions to IT service strategy
• Planning and implementing service strategy
• Service design objectives and elements
• Selecting the service design model
• Cost model
• Benefit/risk analysis
• Implementing service design
• Measurement and control
• Managing organizational and cultural change
• Knowledge management
• Service knowledge management system
• Methods, practices and tools
• Measurement and control
• Companion best practices
• Application Management
• Change Management
• Operations Management
• Control processes and functions
• Scaleable practices
• Measurement and control
• Business and technology drivers for improvement
• Justification
• Business, financial and organizational improvements
• Methods, practices and tools
• Companion best practices
My take is: A Matrix Assessment Report that will assess People, Process and Tools for each discipline under assessment.
=Maturity Score
=Score for each process assessed based upon maturity level
=Risk & Implication Report
=Recommendations
Time wise I would say it is an open ended question, one can do two to three disciplines in a week, i.e., Incident, Problem, Change, Service Management or others but in case of V3 Strategy, Design, Transition, Operation and Continous Service Improvement may take one week each.
With The Complete ITIL V3 Readiness Assessments, you can put any or all of the assessments to work in your company:
• Service Management strategy and value planning
• Linking business plans and directions to IT service strategy
• Planning and implementing service strategy
• Service design objectives and elements
• Selecting the service design model
• Cost model
• Benefit/risk analysis
• Implementing service design
• Measurement and control
• Managing organizational and cultural change
• Knowledge management
• Service knowledge management system
• Methods, practices and tools
• Measurement and control
• Companion best practices
• Application Management
• Change Management
• Operations Management
• Control processes and functions
• Scaleable practices
• Measurement and control
• Business and technology drivers for improvement
• Justification
• Business, financial and organizational improvements
• Methods, practices and tools
• Companion best practices
Friday, May 15, 2009
How to Manage IT Organization
How to Manage IT Organization
How do you steer your company’s IT organization to deliver high return on their investment.
Everyone realizes the importance of having a motivated, energetic quality work force but when they don’t understand the process they won’t be able to deliver to their full potential. Process, People, and Technology are the major determinants of product, cost, schedule and stakeholders satisfaction.
Three most common challenges faced by IT organization are;
* They know they are delivering the best value but no one recognizes their contribution
* They know all services are delivering best value but when it comes to integration with other services or applications they don’t connect well
* They know something is wrong but cannot pin point where is the organization hurting
How can Statêra help?
Statêra’s Business consulting services has exceptional track record and a proven methodology in improving company’s efficiency, service quality and customer satisfaction levels.
Business & IT Analysis
Workshops or Discovery engagement to enhance governance of a business's process environment to improve agility and operational performance. Define key metrics required to deliver best value to the organization.
ITIL
Help define and develop the baselines and benchmarks against which your IT organization performance can be measured and when you see deviations, it provides focal point what needs to change or exploited.
Project Management
We know the typical tasks, time required, resource skill needed for this type of project and associated project costs. Our experienced project managers will keep you on time and within budget.
Knowledge Management
Quickly and efficiently gather information about your company’s data and records. We help you convert data and information to a knowledge so others can benefit
CMMI
Show you where do you scale on the maturity model and what steps are needed to improve your levels.
Risk Management
Managing risk starts by identifying risk, knowing threats vs. opportunities. Minimizing the threats and exploiting the opportunities.
SOX
No matter what size is your company, you must abide by SOX guidelines to show your stakeholders that company has taken all necessary steps to minimize any objections by finance or IT auditors.
www.statera.com 972-560-1500
FREE IT Optimization Brownbag session in Dallas
Do you need a FREE brownbag session in any of these areas:
- ITIL Best Business Practices
- Optmizing your Service Desk
- Change Policy that really works
- Developing the right metrics for yor IT organization
- Control Bojectives for IT Organization (COBIT)
- Sarbanes Oxley - How does it apply to you
- ISO 20000
- CMMI
- How does these all fit: ITIL, COBIT, SOX, CMMI, COSO, Prject Management, Business Analysis, Six Sugma, QA, ISO 9000, 27000, 20000, 17799, and Optmizing your IT organization
Please contact Statera Dallas office: http://www.statera.com/ or 972-560-1500
FREE Brownbag in Dallas
Do you need a FREE brownbag session in any of these areas:
- ITIL Best Business Practices
- Optmizing your Service Desk
- Change Policy that really works
- Developing the right metrics for yor IT organization
- Control Bojectives for IT Organization (COBIT)
- Sarbanes Oxley - How does it apply to you
- ISO 20000
- CMMI
- How does these all fit: ITIL, COBIT, SOX, CMMI, COSO, Prject Management, Business Analysis, Six Sugma, QA, ISO 9000, 27000, 20000, 17799, and Optmizing your IT organization
Please contact Statera Dallas office: www.Statera.com or 972-560-1500
Monday, April 20, 2009
How good is your NOC?
If you have stumbled into this blog and would like to know more about the subject, let me clarify what is a NOC and what it stands for; Network Operations Center which is pronounced as; "nock" - it is one or more locations from which control is exercised over a computer, television broadcast, or telecommunications network.
Large organizations may operate more than one NOC, either to manage different networks or to provide geographic redundancy in the event of one site being unavailable or offline.
Large organizations may operate more than one NOC, either to manage different networks or to provide geographic redundancy in the event of one site being unavailable or offline.
- NOCs are responsible for monitoring the network for alarms or certain conditions that may require special attention to avoid impact on the networks performance. For example, in a telecommunications environment, NOCs are responsible for monitoring for power failures, communication line alarms (such as bit errors, framing errors, line coding errors, and circuits down) and other performance issues that may affect the network. NOCs analyze problems, perform troubleshooting, communicate with site technicians and other NOCs, and track problems through resolution. If necessary, NOCs escalate problems to the appropriate personnel. For severe conditions that are impossible to anticipate – such as a power failure or optical fiber cable cut – NOCs have procedures in place to immediately contact technicians to remedy the problem. There are two types of NOC that I am familiar with; NOC that is local to a company or an organization or NOC that manages networks for different customers In either case NOC should be secure and process well defined for Incident, Problem, Change, Release, Configuration Management at times Capacity, Availability and Continuity are part of NOC operations.
How good your NOC is depends upon what kind of metrics are reported on your NOC dashboard.
Few Key ones by each discipline would be:
Incident Management:
- Total number of incident recorded
- Reported by individual/customer
- System generated alerts
- SLA violations/Total number of SLAs committed
- Availability
- Number of FTE / Total number of cases handled
Problem Management:
- Number of Problems reported
- Number of root cause identified and resolved
- Number of problems requiring changes
Other Metrics:
- Workload per FTE
- Operational Expenses vs Revenue Generated
- Customer satisfaction index
For more information on the topic please contact Azim > itilsme@gmail.com
www.statera.com
contact Azim > itilsme@gmail.com
Sunday, March 29, 2009
Not getting job interviews
This is a side topic that has nothing to do with Business or IT and its projects, processes or risks but this will focus on your personal job seeking process and we will try to put some optimization to this very important goal.
Here are few high levels points that you should consider before starting to find a job;
Your resume should be so good that, it should be hard for people to not to call you.
Now the question is how can you draft a resume that will catch recruiter or employers attention.
I understand and the recruiter understand that you have done so many good things in your professional life that you want to provide as much information as you can but one thing that you are forgetting is that recruiter or employer does not have time to go through your resume in detail. It is actually the first or sometime first half of the page that will either get you an interview or your resume will become part of the other 99% of the resumes that gets archived for maybe next time. You want to be part of 1% not 99%.
Resume Template
For any further help please contact ITILSME@Gmail.com
To master the art of job interviewing, please contact via email or through my website.
Here are few high levels points that you should consider before starting to find a job;
Your resume should be so good that, it should be hard for people to not to call you.
Now the question is how can you draft a resume that will catch recruiter or employers attention.
I understand and the recruiter understand that you have done so many good things in your professional life that you want to provide as much information as you can but one thing that you are forgetting is that recruiter or employer does not have time to go through your resume in detail. It is actually the first or sometime first half of the page that will either get you an interview or your resume will become part of the other 99% of the resumes that gets archived for maybe next time. You want to be part of 1% not 99%.
Resume Template
For any further help please contact ITILSME@Gmail.com
To master the art of job interviewing, please contact via email or through my website.
Thursday, March 26, 2009
IT Governance Assessment
Holistic Approach to IS Governance Assessments
In the 80s and 90s, most people that were implementing process improvement efforts were using the reengineering approach. It is also an approach that is still used by various consultants and vendors today. Basically, reengineering implies that a consultant or process owner engages a team in the following way:
1. Stating that their processes are neither optimized nor efficient.
2. Informing the team that standardized processes should be used instead.
3. Plugging the standardized process in to the team environment.
4. Leaving the team with the expectation that the standardized process would now be
followed with increased efficiency.
Process improvement efforts conducted in this way clearly showed that the reengineering approached failed. In fact, the plug and play process efforts only succeeded 50% of the time. These projects failed because they assumed that every organization had the same pain points and goals.
It was overly focused on standardization and one-size-fits-all solutions. As a result, processes failed to evolve flexibly as customers' needs became more differentiated and their expectations grew. Moreover, the last round of adopt only efforts failed to take sufficient account of the organizational and people factors that lead to true behavioral change. While processes were reshaped, accountability was not institutionalized. There was plenty of talk about process owners and cascading change, but decision rights, coordination mechanisms, governance structures, and other organizational elements were not explicitly addressed until later - if at all. Process efficiency trumped organization alignment. Consequently, the substantial savings often quickly dissipated.
A more diverse approach to process redesign was needed.
The IT Governance processes that can be purchased and adopted should be considered as a starting point - not an end. Every company, organization, or team can benefit greatly from leveraging existing process frameworks. The key is leveraging, not just adopting. Consultant or a Subject Matter Expert (SME) inevitably has unique core values, business rules, and constraints that beg for a variation from the standardized process in parts of the framework. This is where an assessment is most helpful and an organized change management effort is important. Before you begin adopting the standardized process, learn where you need to massage the framework to meet your unique needs. The initial analysis will help you discover gaps before you begin adopting something that doesn't work for your organization. Then, plan a change management cycle that is the appropriate pace for your needs.
To this end, the consulting team should conduct interviews, meetings, and correspondence with client's management and key staff members to ascertain:
Current Workflows
Current Pain-points
Current Technologies, Applications and Components
Current Constraints and Guidelines
In the 80s and 90s, most people that were implementing process improvement efforts were using the reengineering approach. It is also an approach that is still used by various consultants and vendors today. Basically, reengineering implies that a consultant or process owner engages a team in the following way:
1. Stating that their processes are neither optimized nor efficient.
2. Informing the team that standardized processes should be used instead.
3. Plugging the standardized process in to the team environment.
4. Leaving the team with the expectation that the standardized process would now be
followed with increased efficiency.
Process improvement efforts conducted in this way clearly showed that the reengineering approached failed. In fact, the plug and play process efforts only succeeded 50% of the time. These projects failed because they assumed that every organization had the same pain points and goals.
It was overly focused on standardization and one-size-fits-all solutions. As a result, processes failed to evolve flexibly as customers' needs became more differentiated and their expectations grew. Moreover, the last round of adopt only efforts failed to take sufficient account of the organizational and people factors that lead to true behavioral change. While processes were reshaped, accountability was not institutionalized. There was plenty of talk about process owners and cascading change, but decision rights, coordination mechanisms, governance structures, and other organizational elements were not explicitly addressed until later - if at all. Process efficiency trumped organization alignment. Consequently, the substantial savings often quickly dissipated.
A more diverse approach to process redesign was needed.
The IT Governance processes that can be purchased and adopted should be considered as a starting point - not an end. Every company, organization, or team can benefit greatly from leveraging existing process frameworks. The key is leveraging, not just adopting. Consultant or a Subject Matter Expert (SME) inevitably has unique core values, business rules, and constraints that beg for a variation from the standardized process in parts of the framework. This is where an assessment is most helpful and an organized change management effort is important. Before you begin adopting the standardized process, learn where you need to massage the framework to meet your unique needs. The initial analysis will help you discover gaps before you begin adopting something that doesn't work for your organization. Then, plan a change management cycle that is the appropriate pace for your needs.
To this end, the consulting team should conduct interviews, meetings, and correspondence with client's management and key staff members to ascertain:
Current Workflows
Current Pain-points
Current Technologies, Applications and Components
Current Constraints and Guidelines
Now the consultant should compare his/her finding against the several guidelines to identify the weak spots in the existing model.
Following are some of the key model and frameworks that are being used to assess any IT departments for compliance and risk management.
- ITIL
- COBIT
- SOX
- COSO
- CMMI
ITIL: Is a framework that aligns IT with Business, establish Key Performance Mertics, define and assign Roles & responsibilities.
COBIT: Define Control Objectives for Business related IT organization.
SOX: It makes senior managemnt accountable for implementing controls for all financial reporting systems
COSO: The COSO framework defines internal control as a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations.
CMMI: All CMMI models contain multiple Process Areas (PAs). A PA has 1 to 4 goals, and each goal is comprised of practices. These goals and practices are called specific goals and practices, as they describe activities that are specific to a single process area.
With all the information listed above and clear picture of your "desired state" a gap analysis can easily be conducted with all this in-hand, a solution road map can be derived.
If you are interested in any of my blogs, please contact me via contact information provided in this blog or visit my website http://www.statera.com
Wednesday, March 25, 2009
Preparing a company for an ITIL audit
For my current client I came onboard to do some technical documentation - they were being audited by Cisco as they had applied for Gold and Managed Service Partnership status with them.
After joining them I realized many members of their staff were ITIL certified but when it comes to practical use or application they needed some serious help.
They had applied for Managed Service status in the following disciplines;
After joining them I realized many members of their staff were ITIL certified but when it comes to practical use or application they needed some serious help.
They had applied for Managed Service status in the following disciplines;
- Incident Management
- Problem Management
- Change and Release Management
- Configuration Management
- Capacity Management
- Performance & Availability Management
- Security Management
- Knowledge Management
- IT Service Continuity Management
And Cisco would audit them in above disciplines using ITIL best practices framework. They had done some work in Incident and Change but required some major overhaul and they needed someone to come and start the initiative from the scratch.
My biggest challenge was to where to begin?
My initial starting point was to conduct a quick assessment of their documentation and their processes as that gave me a good feel what I am dealing with.
I gave my initial assessment to my client and explained them that this is going to be more than a standard documentation engagement as they need some training, current process mapping and then we will compare current processes with ITL best practices model as that will give an accurate picture of where the gaps are and based upon that we will mutually decide on our solution road map. They realized the importance of what needs to be done and they gave me a green light to go ahead with the plan.
My game plan was to start with the two documentations they already had; Incident and Problem Management. I started by training the relevant staff in these two disciplines, while I was training them I was also inquiring them about their current practices, this gave me a short-cut to gaps documentation.
This made me and my client realize that what they have documented versus what they practice are two poles apart, therefore we started to align are documentation with our practices. This gave us an opportunity to adopt few good practices while letting go bad habbits. Our initial focus was to make each discipline/practice have some degree of accountability also to develop right metrics to gauge are activities. This gave us an opportunity to define some baseline values and criteria to benchmark our progress.
Covering Incident and Problem Management were easy to consider them ready for the audit now came Change and Release Management on which no previous documentation was done. In this case it was bit unique as my client is a Managed Service provider. They manage network, infrastruce and telephone networks for different clients all over the world, so in this case Changes come as a result of any one or combination of scenarios; Request by Customer, underlying root cause of the problem, business policy, technological changes, regulatory requirements, multiple incidents and many more but in any case the Change Advisory Board reside with customer not them while they did execution of the change - Release part.
We started with training internal staff on Change and Release while training we developed our internal change and release policies by marrying our practices, and ITIL best practices framework tharesulted in the templates for these two disciplines. We adopted Release model as our new guideline whilst we made our customers bind by our new change model into their standard practice.
Similar approach was taken to address remaining areas. To find more about our solution approach please contact us via contact information provided in this blog post.
To find out how we can improve effeiciencies into your system please goto: http://www.statera.com
Subscribe to:
Posts (Atom)
