Service Design

Contents

Objectives
Processes
Roles

Service Design begins with the demand for new of changed services and end with a documented service solution that meets the needs of the business. The Service Design Package (SDP) contains all the Design information required for testing, introduction and operation of the service solution. Five aspects should be considered during the Design stage:

The design of the Service solutions
The design of Management Information Systems and tools, including the Service Portfolio
The design of the technology and management architectures
The design of the required processes
The design of the measurement systems, methods and metrics

For the design to succeed, there has to be the correct mix of People, Processes, Products and Partners - ITIL's Four Ps

Service Design evaluates the Business Case and designs and builds the the service. The design will need approval by business and IT stakeholders before the service is built. Service Design has a key role to play in the development of policies and standards and the development of IT skills and capabilities.

Traditional Service Design requires a complete statement of the customers requirements from the start. The Rapid Application Development (RAD) approach assumes that change is inevitable, and thus recommends an incremental and iterative approach - services are designed one-by-one, using prototyping to further refine the design. The two approaches can be combined.

Objectives

The key objectives for Service Design are:

Design new or changed services to satisfy business objectives
Agree quality, compliance, risk and security requirements
Agree responsibilities, methods, tools, techniques used to design solutions
Design new or changed processes
Selection of support tools
Updating the Service Portfolio
Identify and manage risk
Design of secure and resilient infrastructures
Design of measurement methods and metrics of the service

The KPIs for Service Design are:

Accuracy of the SLAs, OLAs and UCs
Percentage of specifications of the requirements of Service Design that are produced within budget
Percentage of Service Design Packages that are produced on time

Processes

Design Coordination

The Design Coordination Process exists to ensure that the goals and objectives of Service Design are met by providing and maintaining a single point of coordination and control for all processes within the Design stage of the Service Lifecycle. The objectives of Design Coordination are:

ensure consistent design of services, service management, information systems, architectures, technology, processes, information and metrics
coordinate design activities across all projects
plan and coordinate resources and capabilities used in Service Design
to produce Service Design Packages (SDPs) based on service charters and change requests
ensure SDPs are passed to Service Transition (handover)
manage quality, requirements and handover points
ensure models and solutions conform to all requirements
improve efficiency and effectiveness of all processes in the Service Design stage

Design coordination will typically focus on projects with a major or significant impact, and the service provider will define policies for which service design efforts will need oversight from Design Coordination. Minor projects or changes, instead of requiring Design Coordination control, may instead be subject to pre-defined design standards.

Service Catalogue Management

The goal of Service Catalogue Management is to ensure that the Service Catalogue is produced and maintained. The Service Catalogue should contain information on all operational services and those being prepared to run operationally.

The Service Catalogue has two main aspects:

Business Service Catalogue: Customer view, detailing all IT Services delivered to the customer and showing relationship of services to business units and processes
Technical Service Catalogue: Underpins the Business Service Catalogue, and shows the inter-relationships of services, components and configurations supporting the provision of the service

The Business Service Catalogue is the customer view of the service, but this view may not contain all the information for a service that is held in the Service Portfolio. The Service Catalogue should provide information to answer the following:

Why should a customer buy these services
Why buy them from us
Pricing
Strengths, weaknesses, priorities and risks of offerings
How assets should be allocated

ITIL defines:

Service Package

a detailed description of an IT Service that is 
available to be delivered to customers. A service package includes 
one or more core services and supporting services, 
as well as at least one Service Level Package

Core Service

delivers basic outcomes desired by one or more 
customers. They represent the value that the customer wants 
and for which they are willing to pay

Supporting Services

either enable or improve the value of a service.
Enabling services are the basic factors that enable the provider to serve 
and enhancing services are excitement factors for differentiation

Core Service Packages (CSP) may be shared by multiple Service Packages. The bundling of CSPs with Supporting Services enables the development of differential offerings and together with Service Level Packages are used to build the Service Catalogue. Service Packages provide baselines for Demand Management.

Service Catalogue KPI's:

Number of services recorded in Service Catalogue as a percentage of those being provided
Variance of information contained in Service Catalogue from the real world

Service Level Management

The goal of Service Level Management is to ensure that levels of IT Service Delivery are documented, agreed and achieved. Service Level Management is used to plan (propose and negotiate), implement, control, review and audit the service and service provision to meet customer business requirements. Corrective action will need to be initiated to eradicate unnacceptable levels of service. Service Level Requirements (SLRs) are developed with the customers based on business objectives and customer requirements. SLRs are used to define Service Level Agreements (SLAs), which document the service level agreement between provider and customer.

A typical SLA will contain the following headings:

Service Description and Scope: Parties to the agreement, title and brief description; signatories; dates for start, end, reviews; scope and responsibilities; description of service covered
Service Hours: When the service is should be available
Service Availability: Acceptable level of interruption to service availability
Reliability: Mean time between incidents
Customer Support: Mechanisms for reporting and fixing problems
Contact Points for Escalation: Reporting lines to escalate unresolved issues
Service Performance: Expected responsiveness of the service
Batch Turnaround Times: Performance and mechanisms for batch processing activities
Change Management: Targets for approving, handling and implementing RFCs
IT Service Continuity: Reference to the IT Service Continuity Plan and how to invoke it
Charging: Charging formulas and periods. Outsourcing contracts may be confidential and thus excluded from SLAs
Service Reporting and Review: Mechanisms to report and review service performance

OLAs define the operational agreements with an organisation, and Underpinning Contracts are contracts with third parties for services that contribute to meeting the SLA. Corporate level SLAs apply to all customers or all services. Customer level SLAs are for a particular customer or business unit, and service level SLAs relate to specific services.

Service Level Management can bring the following benefits:

develops business confidence in the supplier by showing that the service meets defined targets
allows demonstration of value for money by identifying charges for service levels provided
provides a basis for charging for additional services over and above the agreed level
can be used to identify long-term cost reductions
agreed mechanism to handle conflict resolution
provides better understanding of business demand
improves customer relationships

Typical KPIs for Service Level Management:

Percentage of service targets being met
Number and severity of service breaches
Number of services with defined SLAs
Number of SLAs supported by OLAs and UCs
Customer perception

IT Service Continuity Management

IT Service Continuity Management involves managing the IT Infrastructure and Services to enable a pre-determined level of service to support the business following an interruption to the business. The goal of ITSCM is to support Business Continuity by ensuring that the required IT technical and service facilities can be resumed within required and agreed business timescales.

Implementation of ITSCM follows a defined lifecycle:

Initiation

Policy Setting
Scope
Initiate the Project

Requirement and Strategy

Business Impact Analysis
Risk Assessment
IT Service Continuity Strategy

Implementation

Develop IT Service Continuity Plan
Develop IT plans, recovery plans and procedures
Organisation Planning
Testing Strategy

On-going Operation

Education, awareness and training
Review and audit
Testing
Change Management

Business Impact Analysis and Risk Assessment are used to define the requirements of the ITSCM Plan, and will begin by identifying critical business processes and the IT infrastructure and services required by these processes. The strategy will define both risk reduction methods and recovery options. Recovery options can be classified into the following categories:

Cold Standby: appropriate where immeadiate restoration of business services is not necessary. Restoration may take more than 72 hours and might include provision of empty accomodation with LAN infrastructure for business to install their own IT
Warm Standby: Services restored with 24 to 72 hours. May involve use of commercial facilities potentially shared with other subscribers or portable facilities such as a trailer. With shared services, there is no guarantee of availability
Hot Standby: Recovery occurs within 24 hours
Immeadiate Recovery: Implies no loss of service, and will typically involved the use of mirrored services at an alternate location
Manual Workaround: Procedures for manual working used whilst service is restored. The procedures for both manual working and replicating manual data back to IT systems when services are restored need to be in place and tested beforehand.
Reciprocal Arrangements: Involves pre-existing agreements between organisations to provide IT services to each other in the event of major incidents

The ITSCM Plan needs to developed in conjunction with the business and should be thoroughly tested and staff trained in its operation. The ITSCM Plan should contain the following sections:

Overall recovery strategy
Guidelines on invocation
General guidance in the event of invocation
Service/Infrastructure dependancies
Recovery team roles and responsibilities
Recovery tasks checklist
In-depth recovery procedure

An Overall Coordination Plan should also be defined and used to identify and respond to service disruption. In addition, each critical business area will develop a plan, detailing the individual members of the recovery team and a list of tasks to be carried out. Agreements for support and services from other departments will be noted in the plan. Six key plans are:

the Accomodation and Service Plan
the Computer Systems and Network Plan
the Telecommunications Plan
the Security Plan
the Personnel Plan
the Finance and Administration Plan

During normal operations, the ITSCM Management will maintain documentation in Change Management and in the Service Asset and Configuration Management databases, and carry out regular reviews and audits to verify the plan. Regular testing of the plan will be accompanied by a continuing education and awareness campaign. At a strategic level, IT and Business changes will be assessed for potential impact on the plan.

Availability Management

Although the reliability of IT has improved considerably, so has business's reliance on IT service. Business require IT services to be more flexible, available for extended hours and provide greater throughput. Thus availability remains an important issue for service providers and business alike. A balance must be struck between service availability and cost to provision. The goal of Availability Management then is 'to ensure that the level of service availability delivered in all services is matched to or exceeds the current and future needs of the business in a cost effective manner'.

Businesses are normally concerned with end-to-end availability, whereas Availability Managment is concerned both with end-to-end availability and with the availability of components, process, people and systems.

Availability targets are based on Service Level Requirements. Availability Management:

monitors and reports on service and component availability and reliability
investigates shortfalls and instigates actions to correct them

The key objectives for Availability Management are:

Produce and maintain the Availability Plan
Advise business and IT on availability-related issues
Ensure availability meets agreed targets by managing services/resources affecting availability
Assist in the diagnosis/resolution of incidents affecting availability
Take pro-active measures to improve availability of services that are cost-justifiable

Availability and Reliability of IT services directly affects user satisfaction. Availability is typically improved by removing single points of failure (SPOF) or unreliable components, and by improving the maintainability of the IT Infrastructure, thus reducing the frequency of failures and improving the speed to resume the service. Availability should be planned in to the service from the start.

Availability is normally measured as 'the Agreed Service Time minus Downtime divided by the agreed service time'. Reliability can be measured using the 'Mean Time Between Failures' (MTBF), Uptime or 'Mean Time Between Service Incidents' (MTBSI). Maintainability is measured by the 'Mean Time to Restore Service' (MTRS). MTBSI is equal to MTBF plus MTRS. Serviceability describes the contractual arrangements made with third-party providers of services to assure availability, reliability and maintainability.

Component Failure Impact Analysis (CFIA) uses a grid with Configuration Items on one axis and dependant IT services on the other. Service Failure Analysis (SFA) analyses the reasons for and impacts of service failures. Fault Tree Analysis (FTA) is used to determine the chain of events that caused a disruption to IT Services.

Critical Success Factors for Availability Management are:

to be able to manage availability and reliability of IT Services
to satisfy business needs for access to services
to maintain availability according to SLAs at optimum cost

Capacity Management

Capacity is defined as the maximum throughput that a Configuration Item or IT Service can deliver whilst meeting agreed service level targets. The goal of Capacity Management is to ensure that the capacity of IT Infrastructure matches the evolving demands of the business in a cost-effective and timely manner. Key activities will include producing and maintaining the Capacity Plan; advise CAB on changes that will affect capacity and capacity-based changes; ensuring service performance matches or exceeds agreed targets; and proactively managing capacity via trend analysis. In addition to long-term planning of capacity, short-term variations need to be planned for. Capacity planning will be required at the start of most projects for Application Sizing, ensuring that the correct capacity and costings are identified at the outset.

Capacity Management occurs at three levels:

Business Capacity Management - long-term, adresses demand for new or enhanced services
Service Capacity Management - medium-term, concerned with load-balancing and handling peaks and troughs
Component Capacity Management - short-term, dealing with capacity of technology components

The Capacity Plan is an investment plan and should occur in-line with the business budget lifecycle. Quarterly updates may be needed to account for changes in business plans. The Capacity Plan would typically include headings for:

Assumptions
Management Summary
Options for Service Improvement
Service Summary
Cost Models
Component Summary - in terms of performance
Business Scenarios - or forecasts
Recommendations for Future Solutions

Supplier Management

The goal of Supplier Management is to manage all suppliers and contracts in order to support the delivery of services to the customer

Supplier Management identifies potential suppliers, selects new suppliers and manages existing suppliers and requires skills in contract definition, renewal and termination. The Supplier Management function is driven by the Supplier Strategy and Policy developed in the Service Strategy phase. The main aim of Supplier Management is to obtain value for money from suppliers and ensure agreed targets are met, which involves managing the supplier and monitoring contract performance.

Suppliers can be categorised by their importance and management effort can be allocated appropriately. Typical categories and associated management effort include:

Strategic - for suppliers of products that have strategic value and are therefore managed at a senior management level
Tactical - concern relationships which involve a lot of commercial activity and will be managed by middle management
Operational - for suppliers of operational products or services, managed by operational managers
Commodity - for suppliers of low-value or readily-available products

Critical Success Factors for Supplier Management are:

Protecting the business and service availability from poor supplier performance
Aligning supporting services and targets to business needs
Clear ownership and awareness of supplier contractual issues

Information Security Management

Information Security Management ensures that Information Security is effectively managed in all service and service management activities. There are two international standards that apply in this area:

ISO IEC 27001:2005 - the standard for Information Security Management
ISO IEC 17799:2005 - the standard for general organisational security

There are three key objectives in Information Security Management:

produce, maintain and enforce the Information Security Policy
protect information from failures relating to lack of availability, integrity or confidentiality
ensure information exchanges are trustworthy

Some key terms in information security:

Security: achieving an acceptable level of risk
Confidentiality: protection from unauthorised disclosure
Integrity: safeguarding accuracy and completeness of information to those accessing it
Availability: when access is required
Privacy: the ability to trace data to an individual
Anonymity: ensuring a users identity remains confidential
Verifiability: confirms that information is used properly and security measures are working

A threat is anything that disrupts business processes or has a negative impact on business result and can be caused by human error, procedural errors, external threats, software faults or hardware faults. An incident occurs when a threat materialises. Preventative measures are used to stop incidents occuring: reduction measures are used to minimise the impact of security incidents. Detection methods are required when incidents occur and repression methods are used to counteract repitition or continuation. Corrective measures repair any damage caused.

Serious incidents should be reviewed and used to inform improvements in the Information Security Policy. The Security Policy should be available to all customers, users and IT staff and should be mentioned in all SLAs and have senior management support.

The ITIL IT Security Management framework involves the following activities:

Control: to establish management framework and control documentation
Maintain: learning from previous incidents, identify countermeasures, planning implementation of solutions
Plan: understanding implications on and from SLAs, UCs, OLAs and policy statements
Implement: creating awareness, classification and registration of incidents, personnel, assets, access controls and incident procedures
Evaluate: regular audit and analysis of policy

Roles

Design Manager

The Design Manager plays a key role in Service Design. Responsibilities are:

To design services in line with strategy
To design functional requirements of the services
To produce quality, sercure and resilient designs for services
To produce and maintain all design documentation
To produce all Service Design Packages
To measure the effectiveness and efficiency of the service design process

Service Level Manager

The Service Level Manager ensures that an agreed level of service is provided for current services and agreed achievable targets are delivered for future services. The SLM will seek to improve service quality within cost justified limits by monitoring and auditing process, identifying weaknesses and suggesting improvements. The SLM will also monitor customer satisfaction and manage customer expectation.

Service Catalogue Manager

The Service Catalogue Manager produces and maintains the Service Catalogue, recording operational and proposed services. The information needs to be kept up to date and in agreement with details in the Service Portfolio. The Service Catalogue Manager is also responsible for ensuring the information in the Service Catalogue is secure and backed-up

Availability Manager

The Availability Manager owns the Availability Management process and is responsible for:

Ensuring Availability Management process is efficient and effective
Maintaining standards and policies
Assessing risks
Advising CAB of impact of changes on availability
Monitoring systems and services

Information Security Manager

The Information Security Manager is responsible for Information Security Management and ensuring that the processes run efficiently and effectively. This will involve constant monitoring and auditing, identifying weaknesses and implementing improvements. Regular security testing will need to be undertaken. Policies and standards will be identified and defined, and awareness needs to be maintained. Security-related assets will need to be identified and classified in terms of their value to the organisation, requiring business impact analysis to be carried out. The Information Security Manager will also need to attend CAB.

IT Service Continuity Manager

The IT Service Continuity Manager is the owner of the ITSCM plan and processes, ensuring that the plan is kept up-to-date and in line with overall business continuity plans. They will be responsible for maintaining the testing schedule, carrying out regular reviews and negotiating 3rd party contracts. The IT Service Continuity Manager will also manage the Plan whilst it is in operation