|
Chapter 1: The Business Value of IT Operations Service Life Cycle Management
What do you think of when you think of a “service”? Think about services where you work, you...
- Flip a switch, the light goes on;
- Turn a faucet handle, the water flows; and
- Press an elevator button, the elevator stops at your floor.
You expect for these basic services to be there; to be reliable. These services weren’t always reliable in the years when they were first used. What made them reliable was applying consistent, best practice continual service improvement practices.
These rather mundane basic business office services have become reliable as a result of refining and improving technologies, coupled with evolving and improving facilities service management. Now these once unreliable and flawed facilities services are as efficient and consistent as possible, and are just expected to be working within our business environment. The expectations that these services will work all the time make them business utilities because they support and perform service functions that are vital to supporting and improving business. In many ways, information technology (IT) systems and network services and technologies are at approximately the same stage in evolution as the electricity, plumbing, and lift utility mechanics were in around the 1930s to 1950s; they work most of the time and eventually deliver the services necessary to support business, but in many organizations, IT services are not considered to be completely reliable. In fact, oftentimes, the IT services are not coordinated across the enterprise to the maximum business benefit.
Effective and dependable IT services deliver value to the enterprise customers and help business units to achieve their goals, without requiring each of the business units to address the specific management risks and costs for each of the IT services. Automating IT services can increase business value by making IT services more reliable and consistent and shortening service delivery times. IT has become a utility within most businesses today. Unfortunately, IT is often implemented and managed in such a way that it is not reliable, is uncoordinated throughout the enterprise, and often seems to do more harm than good to the business in the opinions of the enterprise network users, who are IT’s customers.
An Overview of Using Frameworks
Essentially, a framework is a collection of controls organized to highlight what needs to be done at various levels of the organization. It’s an outline, if you will, that tells what but not how, because that level of detail is something you must fill in based upon your own organization and its unique environment. Organizations are increasingly realizing the value of frameworks and more often using them to increase business efficiency and integrate supporting controls into the business processes.
As they relate to conformity and compliance, there are many frameworks that are currently being used throughout the world to make many businesses more effective and efficient with a number of compliance and risk management issues. The following list highlights some of the most popular frameworks:
- Control Objectives for Information and related Technology (COBIT)—Created in 1995 as an IT audit framework, COBIT has evolved into an IT management framework used extensively by IT and Sarbanes-Oxley (SOX) auditors. COBIT is governed by the IT Governance Institute.
- Committee of Sponsoring Organizations (COSO)—A voluntary private-sector organization formed in 1985 that provides executive management with frameworks and guidance to establish more effective, efficient, and ethical business operations on a global basis. COSO concepts can be used by IT areas to help with risk identification and mitigation activities.
- ISO/IEC 20000—Used to provide more effective managed services delivery through an integrated process approach to best meet business and customer requirements. The concepts can be adopted within IT to improve IT managed services.
- ISO/IEC 27001—The specification for an information security management system (ISMS) which, in 2005, replaced the old BS7799 standard, which was originally established in 1995. This is probably the most widely adopted and actively used set of security guidelines by IT practitioners throughout the world.
- Capability Maturity Model Integrated (CMMI)—Created by the Software Engineering Institute at Carnegie Mellon University in 1991, CMMI was initially developed to track the maturity of software development processes but then evolved into being used to measure the maturity of any type of process. This can be used nicely to determine the maturity of IT processes.
|
