*Management Practices - ITIL 4 (19 of 40)
[?] provides an understanding of all the different elements that make up an organization and how those elements interrelate, enabling the organization to effectively achieve its current and future objectives. It provides the principles, standards, and tools that enable an organization to manage complex change in a structured and agile way.
1. Architecture Management
The [?] is to align the organization's practices and services with changing business needs through the ongoing improvement of products, services, and practices, or any element involved in the management of products and services.
2. Continual Improvement Practice
The purpose of the [?] practice is to protect the information needed by the organization to conduct its business. This includes understanding and managing risks to the confidentiality, integrity, and availability of information, as well as other aspects of information security such as authentication (ensuring someone is who they claim to be) and non-repudiation (ensuring that someone can't deny that they took an action).
3. Information security management
The [?] allows the organization to look at its capabilities in terms of how they align with all the detailed activities required to create value for the organization and its customers. These are then compared with the organization's strategy and a gap analysis of the target state against current capabilities is performed. Identified gaps between the baseline and target state are prioritized and these capability gaps are addressed incrementally. A 'roadmap' describes the transformation from current to future state to achieve the organization's strategy.
Business Architecture
[?] enables an organization to communicate its needs in a meaningful way, express the rationale for change, and design and describe solutions that enable value creation in alignment with the organization's objectives.
Business analysis
[?] changes are not typically included in a change schedule, and the process for assessment and authorization is expedited to ensure they can be implemented quickly.
Emergency
These are changes that must be implemented as soon as possible; for example, to resolve an incident or implement a security patch.
Emergency change
The [?] describes the external factors impacting the organization and the drivers for change, as well as all aspects, types, and levels of environmental control and their management. The environment includes developmental, technological, business, operational, organizational, political, economic, legal, regulatory, ecological, and social influences.
Environmental architecture
[?] also includes identification of potential permanent solutions which may result in a change request for implementation of a solution, but only if this can be justified in terms of cost, risks, and benefits.
Error control
[?] regularly re-assesses the status of known errors that have not been resolved, including overall impact on customers, availability and cost of permanent resolutions, and effectiveness of workarounds.
Error control
In some organizations there is a centralized team responsible for [?].
IT asset management
The purpose of the [?] practice is to plan and manage the full lifecycle of all IT assets, to help the organization: maximize value, control costs, manage risks, support decision-making about purchase, re-use, retirement, disposal of assets, meet regulatory and contractual requirements.
IT asset management
The scope of [?] typically includes all software, hardware, networking, cloud services, and client devices. In some cases, it may also include non-IT assets such as buildings or information where these have a financial value and are required to deliver an IT service.
IT asset management
[?] contributes to the visibility of assets and their value, which is a key element to successful service management as well as being useful to other practices.
IT asset management
[?] maintains information about the assets, their costs, and related contracts.
IT asset management
[?] typically includes the following activities: • Define, populate, and maintain the asset register in terms of structure and content, and the storage facilities for assets and related media • Control the asset lifecycle in collaboration with other practices (for example, upgrading obsolete software or onboarding new staff members with a laptop and mobile phone) and record all changes to assets (status, location, characteristics, assignment, etc.) • Provide current and historical data, reports, and support to other practices about IT assets • Audit assets, related media, and conformity (particularly with regulations, and license terms and conditions) and drive corrective and preventive improvements to deal with detected issues.
IT asset management
[?] is a sub-practice of asset management that is specifically aimed at managing the lifecycles and total costs of IT equipment and infrastructure.
IT asset management (ITAM)
For risk management to be effective, risks need to be [?], [?], and [?].
Identified, Assessed, and Treated.
[?] may require frequent interaction with these suppliers, and routine management of this aspect of supplier contracts is often part of the incident management practice.
Incident management
[?] are prioritized based on an agreed classification to ensure that [?] with the highest business impact are resolved first.
Incidents
[?] have an impact on users or business processes, and must be resolved so that normal business activity can take place.
Incidents
[?] practice is to protect the information needed by the organization to conduct its business. This includes understanding and managing risks to the confidentiality, integrity, and availability of information, as well as other aspects of information security such as authentication (ensuring someone is who they claim to be) and non-repudiation (ensuring that someone can't deny that they took an action).
Information Security Management
The [?] describes the logical and physical data assets of the organization and the data management resources. It shows how the information resources are managed and shared for the benefit of the organization. Information is a valuable asset for the organization, with actual and measurable value. Information is the basis for decision-making, so it must always be complete, accurate, and accessible to those who are authorized to access it. Information systems must therefore be designed and managed with these concepts in mind.
Information systems architecture, including data and applications architectures
The purpose of the [?] practice is to maintain and improve the effective, efficient, and convenient use of information and knowledge across the organization.
Knowledge management
[?] aims to ensure that stakeholders get the right information, in the proper format, at the right level, and at the correct time, according to their access level and other relevant policies.
Knowledge management
These are changes that need to be scheduled, assessed, and authorized following a process.
Normal change
[?] is a coordinated collection of strategic decisions that together enable the most effective balance of organizational change and business as usual.
Portfolio management
[?] plays an important role in how resources are allocated, deployed, and managed across the organization.
Portfolio management
Problem management involves three distinct phases:
Problem identification, Problem control, Error control.
Many [?] activities rely on the knowledge and experience of staff, rather than on following detailed procedures.
Problem management
Output from the [?] practice includes information and documentation concerning workarounds and known errors.
Problem management
[?] activities can identify improvement opportunities in all four dimensions of service management.
Problem management
[?] is usually focused on errors in operational environments.
Problem management
[?] makes a significant contribution by preventing incident repetition and supporting timely incident resolution.
Problem management
[?] are the causes of incidents. They require investigation and analysis to identify the causes, develop workarounds, and recommend longer-term resolution. This reduces the number and impact of future incidents.
Problems
The [?] practice ensures that: • stakeholders' needs and drivers are understood, and products and services are prioritized appropriately • stakeholders' satisfaction is high and a constructive relationship between the organization and stakeholders is established and maintained • customers' priorities for new or changed products and services, in alignment with desired business outcomes, are effectively established and articulated • any stakeholders' complaints and escalations are handled well through a sympathetic (yet formal) process • products and services facilitate value creation for the service consumers as well as for the organization • the organization facilitates value creation for all stakeholders, in line with its strategy and priorities • conflicting stakeholder requirements are mediated appropriately.
Relationship Management
The purpose of the [?] practice is to establish and nurture the links between the organization and its stakeholders at strategic and tactical levels. It includes the identification, analysis, monitoring, and continual improvement of relationships with and between stakeholders.
Relationship Management
The purpose of the [?] practice is to support the agreed quality of a service by handling all pre-defined, user-initiated service requests in an effective and user-friendly manner.
Service Request management
[?] gives the organization a view of all the services it provides, including interactions between the services and service models that describe the structure (how the service components fit together) and the dynamics (activities, flow of resources, and interactions) of each service. A service model can be used as a template or blueprint for multiple services.
Service architecture
[?] provide a clear path for users to report issues, queries, and requests, and have them acknowledged, classified, owned, and actioned.
Service desks
[?] supports decision-making by the governing body and management of the organization regarding where to best allocate financial resources.
Service financial management
A documented agreement between a service provider and a customer that identifies both services required and the expected level of service.
Service level agreements
[?] should relate to defined outcomes and not simply operational metrics. This can be achieved with balanced bundles of metrics, such as customer satisfaction and key business outcomes.
Service level agreements
[?] provides the end-to-end visibility of the organization's services.
Service level management
These are low-risk, pre-authorized changes that are well understood and fully documented, and can be implemented without needing additional authorization.
Standard change
There are three types of change that are each managed in different ways:
Standard, normal, and emergency.
[?] establishes the organization's direction, focuses effort, defines or clarifies the organization's priorities, and provides consistency or guidance in response to the environment.
Strategy management
The [?] defines the software and hardware infrastructure needed to support the portfolio of products and services.
Technology architecture
Workforce and talent management plays a critical role in establishing organizational velocity by helping organizations to proactively understand and forecast future demand for services.
Workforce and talent management
The purpose of the [?] practice is to ensure that services deliver agreed levels of availability to meet the needs of customers and users.
availability management
The purpose of the [?] practice is to analyse a business or some element of it, define its associated needs, and recommend solutions to address these needs and/or solve a business problem, which must facilitate value creation for stakeholders. Business analysis enables an organization to communicate its needs in a meaningful way, express the rationale for change, and design and describe solutions that enable value creation in alignment with the organization's objectives.
business analysis
The purpose of the [?] practice is to ensure that services achieve agreed and expected performance, satisfying current and future demand in a cost-effective way.
capacity and performance management
It is essential that the correct [?] is assigned to each type of change to ensure that change enablement is both efficient and effective.
change authority
The person or group who authorizes a change is known as a [?].
change authority
The purpose of the [?] practice is to maximize the number of successful service and product changes by ensuring that risks have been properly assessed, authorizing changes to proceed, and managing the change schedule.
change enablement
The [?] is used to help plan changes, assist in communication, avoid conflicts, and assign resources. It can also be used after changes have been deployed to provide information needed for incident management, problem management, and improvement planning.
change schedule
The ITIL SVS includes the [?] which can be applied to any type of improvement, from high-level organizational changes to individual services and configuration items (CIs).
continual improvement model
To track and manage improvement ideas from identification through to final action, organizations use a database or structured document called a [?].
continual improvement register (CIR).
Every [?] should be logged and managed to ensure that it is resolved in a time that meets the expectations of the customer and user.
incident
In some extreme cases, disaster recovery plans may be invoked to resolve an [?].
incident
Organizations should design their [?] practice to provide appropriate management and resource allocation to different types of incident.
incident management
The purpose of the [?] practice is to minimize the negative impact of incidents by restoring normal service operation as quickly as possible.
incident management
More complex [?] will usually be escalated to a support team for resolution. Typically, the routing is based on the incident category, which should help to identify the correct team
incidents
The most complex [?], and all major incidents, often require a temporary team to work together to identify the resolution. This team may include representatives of many stakeholders, including the service provider, suppliers, users, etc.
incidents
In high-velocity environments, [?] is integrated as much as possible into the daily work of development and operations, shifting the reliance on control of process towards verification of preconditions such as expertise and integrity.
information security
The [?] practice provides a structured approach to defining, building, re-using, and sharing knowledge (i.e. information, skills, practices, solutions, and problems) in various forms.
knowledge management
The purpose of the [?] practice is to support good decision-making and continual improvement by decreasing the levels of uncertainty. This is achieved through the collection of relevant data on various managed objects and the valid assessment of this data in an appropriate context. Managed objects include, but are not limited to, products and services, practices and value chain activities, teams and individuals, suppliers and partners, and the organization as a whole.
measurement and reporting
Automation is key to successful [?]. Some service components come equipped with built-in monitoring and reporting capabilities that can be configured to meet the needs of the practice, but sometimes it is necessary to implement and configure purpose-built monitoring tools. The monitoring itself can be either active or passive.
monitoring and event management
The [?] practice manages events throughout their lifecycle to prevent, minimize, or eliminate their negative impact on the business.
monitoring and event management
The processes and procedures needed in the [?] practice must address these key activities and more: • identifying what services, systems, CIs, or other service components should be monitored, and establishing the monitoring strategy • implementing and maintaining monitoring, leveraging both the native monitoring features of the elements being observed as well as the use of designed-for-purpose monitoring tools • establishing and maintaining thresholds and other criteria for determining which changes of state will be treated as events, and choosing criteria to define each type of event (informational, warning, or exception) • establishing and maintaining policies for how each type of detected event should be handled to ensure proper management • implementing processes and automations required to operationalize the defined thresholds, criteria, and policies.
monitoring and event management
The purpose of the [?] practice is to systematically observe services and service components, and record and report selected changes of state identified as events. This practice identifies and prioritizes infrastructure, services, business processes, and information security events; it also establishes the appropriate response to those events, and conditions that indicate potential faults or incidents.
monitoring and event management
Some [?] changes are low risk, and the change authority for these is usually someone who can make rapid decisions, often using automation to speed up the change. Other [?] changes are very major and the change authority could be as high as the management board (or equivalent). Initiation of a [?] change is triggered by the creation of a change request.
normal
The key activities of effective [?]: Creation of a sense of urgency Clear and relevant objectives, willing participants Stakeholder management Strong and committed participants Sponsor management Strong and committed leadership Communication Willing and prepared participants Empowerment Prepared participants Resistance management Willing participants Reinforcement
organizational change management
The purpose of the [?] practice is to ensure that changes in an organization are smoothly and successfully implemented, and that lasting benefits are achieved by managing the human aspects of the changes.
organizational change management
The purpose of the [?] practice is to ensure that the organization has the right mix of programmes, projects, products, and services to execute the organization's strategy within its funding and resource constraints.
portfolio management
The purpose of the [?] practice is to reduce the likelihood and impact of incidents by identifying actual and potential causes of incidents, and managing workarounds and known errors.
problem management
When a problem cannot be resolved quickly, it is often useful to find and document a workaround for future incidents, based on an understanding of the problem. Workarounds are documented in [?].
problem records
The purpose of the [?] is to ensure that all projects in the organization are successfully delivered. This is achieved by planning, delegating, monitoring, and maintaining control of all aspects of a project, and keeping the motivation of the people involved.
project management
The purpose of the [?] practice is to ensure that the organization understands and effectively handles risks. Managing risk is essential to ensuring the ongoing sustainability of an organization and creating value for its customers.
risk management
The purpose of the [?] practice is to capture demand for incident resolution and service requests. It should also be the entry point and single point of contact for the service provider with all of its users.
service desk
The purpose of the [?] practice is to support the organization's strategies and plans for service management by ensuring that the organization's financial resources and investments are being used effectively.
service financial management
The purpose of the [?] practice is to set clear business-based targets for service levels, and to ensure that delivery of services is properly assessed, monitored, and managed against these targets.
service level management
The purpose of the [?] practice is to formulate the goals of the organization and adopt the courses of action and allocation of resources necessary for achieving those goals.
strategy management
The purpose of the [?] practice is to ensure that the organization's suppliers and their performances are managed appropriately to support the seamless provision of quality products and services. This includes creating closer, more collaborative relationships with key suppliers to uncover and realize new value and reduce the risk of failure.
supplier management
The purpose of the [?] practice is to ensure that the organization has the right people with the appropriate skills and knowledge and in the correct roles to support its business objectives. The practice covers a broad set of activities focused on successfully engaging with the organization's employees and people resources, including planning, recruitment, onboarding, learning and development, performance measurement, and succession planning.
workforce and talent management
Service request management should follow these guidelines:
• Service requests and their fulfilment should be standardized and automated to the greatest degree possible. • Policies should be established regarding what service requests will be fulfilled with limited or even no additional approvals so that fulfilment can be streamlined. • The expectations of users regarding fulfilment times should be clearly set, based on what the organization can realistically deliver. • Opportunities for improvement should be identified and implemented to produce faster fulfilment times and take advantage of automation. • Policies and workflows should be included for the documenting and redirecting of any requests that are submitted as service requests, but which should actually be managed as incidents or changes.
Each service request may include one or more of the following:
• a request for a service delivery action (for example, providing a report or replacing a toner cartridge) • a request for a service delivery action (for example, providing a report or replacing a toner cartridge) • a request for information (for example, how to create a document or what the hours of the office are) • a request for provision of a resource or service (for example, providing a phone or laptop to a user, or providing a virtual server for a development team) • a request for access to a resource or service (for example, providing access to a file or folder) • feedback, compliments, and complaints (for example, complaints about a new interface or compliments to a support team).
Key activities that are part of continual improvement practices include:
• encouraging continual improvement across the organization • securing time and budget for continual improvement • identifying and logging improvement opportunities • assessing and prioritizing improvement opportunities • making business cases for improvement action • planning and implementing improvements • measuring and evaluating improvement results • coordinating improvement activities across the organization.
Service level management provides the end-to-end visibility of the organization's services. To achieve this, service level management:
• establishes a shared view of the services and target service levels with customers • ensures the organization meets the defined service levels through the collection, analysis, storage, and reporting of the relevant metrics for the identified services • performs service reviews to ensure that the current set of services continues to meet the needs of the organization and its customers • captures and reports on service issues, including performance against defined service levels.
In some cases, the service desk is a tangible team, working in a single location. A centralized service desk requires supporting technologies, such as:
• intelligent telephony systems, incorporating computer-telephony integration, IVR, and automatic call distribution • workflow systems for routing and escalation • workforce management and resource planning systems • a knowledge base • call recording and quality control • remote access tools • dashboard and monitoring tools • configuration management systems.
Service desks provide a variety of channels for access. These include:
• phone calls, which can include specialized technology, such as interactive voice response (IVR), conference calls, voice recognition, and others • service portals and mobile applications, supported by service and request catalogues, and knowledge bases • chat, through live chat and chatbots • email for logging and updating, and for follow-up surveys and confirmations. Unstructured emails can be difficult to process, but emerging technologies based on AI and machine learning are starting to address this • walk-in service desks are becoming more prevalent in some sectors, e.g. higher education, where there are high peaks of activity that demand physical presence • text and social media messaging, which are useful for notifications in case of major incidents and for contacting specific stakeholder groups, but can also be used to allow users to request support point of contact for the service provider with all of its users. Service desks provide a clear path for users to report issues, queries, and requests, and have them acknowledged, classified, owned, and actioned. How this practice is managed and delivered may vary from a physical team of people on shift work to a distributed mix of people connected virtually, or automated technology and bots. The function and value remain the same, regardless of the model. With increased automation and the gradual removal of technical debt, the focus of the service desk is to provide support for 'people and business' rather than simply technical issues. Service desks are increasingly being used to get various matters arranged, explained, and coordinated, rather than just to get broken technology fixed, and the service desk has become a vital part of any service operation. A key point to be understood is that, no matter how efficient the service desk and its people are, there will always be issues that need escalation and underpinning support from other teams. Support and development teams need to work in close collaboration with the service desk to present and deliver a 'joined up' approach to users and customers. The service desk may not need to be highly technical, although some are. However, even if the service desk is fairly simple, it still plays a vital role in the delivery of services, and must be actively supported by its peer groups. It is also essential to understand that the service desk has a major influence on user experience and how the service provider is perceived by the users. Another key aspect of a good service desk is its practical understanding of the wider business context, the business processes, and the users. Service desks add value not simply through the transactional acts of, for example, incident logging, but also by understanding and acting on the business context of this action. The service desk should be the empathetic and informed link between the service provider and its users. With increased automation, AI, robotic process automation (RPA), and chatbots, service desks are moving to provide more self-service logging and resolution directly via online portals and mobile applications. The impact on service desks is reduced phone contact, less low-level work, and a greater ability to focus on excellent CX when personal contact is needed. Service desks provide a variety of channels for access. These include: • phone calls, which can include specialized technology, such as interactive voice response (IVR), conference calls, voice recognition, and others • service portals and mobile applications, supported by service and request catalogues, and knowledge bases • chat, through live chat and chatbots • email for logging and updating, and for follow-up surveys and confirmations. Unstructured emails can be difficult to process, but emerging technologies based on AI and machine learning are starting to address this • walk-in service desks are becoming more prevalent in some sectors, e.g. higher education, where there are high peaks of activity that demand physical presence • text and social media messaging, which are useful for notifications in case of major incidents and for contacting specific stakeholder groups, but can also be used to allow users to request support • public and corporate social media and discussion forums for contacting the service provider and for peer-to-peer support.