ITIL, COBIT, TOGAF and CMMI Documentation

ITIL

ITIL (Information Technology Infrastructure Library) is a framework for IT service management that strives for predictable, maintainable services that align with the needs of the corporation or organization.

ITIL is the most widely accepted approach to IT service management in the world. ITIL can help individuals and organizations use IT to realize business change, transformation and growth. framework is designed to standardize the selection, planning, delivery and support of IT services to a business. The goal is to improve efficiency and achieve predictable service levels. The ITIL framework enables IT to be a business service partner, rather than just back-end support. ITIL guidelines and best practices align IT actions and expenses to business needs and change them as the business grows or shifts direction.

Operational point of view, IT organizations spend much of their time with the

following activities:

a) Recovering from failures (“incidents”) that interrupt the users’ work

b) Modifying or replacing IT components to improve their reliability or functionality by eliminating

     issues (“problems” and “errors”) associated with those components

c) Carrying out additions, modifications or removals (“changes”) to IT components in order to

     introduce new or improved functionality to the users

In general, the number of incidents, problems, errors and changes to be addressed by IT exceeds IT’s capacity, so IT needs a way to determine how to best use its resources to make sure that the issues it does tackle will yield the most business benefit. The only way that IT can accomplish that prioritization is with guidance from its customers and users. But, that discussion cannot be carried out effectively in technical language. Therefore, IT must express what it does in terms of its customers’ and users’ language. This is where ITSM comes in. An ITSM approach to IT management facilitates tighter IT/customer alignment by providing IT and its customers with the ability to:

1. Define IT’s deliverables in terms of IT Services, expressed in the customers’ and users’ language

2. Define how those IT Services will be delivered to the users, in terms of functionality, availability,

     capacity, security, support, disaster recovery, change management and other dimensions of managing the

     service

3. Understand the business impact when an IT Service fails

4. Prioritize IT’s activities based on that impact

Another way of stating the above is that an ITSM-based IT organization seeks to understand the customer’s IT Service requirements, agree with the customer on the delivery of that service to meet those requirements, and operate and evolve the service in a way that continues to meet those requirements

ITIL is the body of knowledge representing how organizations are dealing with the challenges of managing IT, based on extensive research and actual practice across all types of IT organizations. ITIL presents a formal structure through which an organization can learn how other organizations around the world are dealing with those challenges. While ITSM answers the “What do we want to do as an IT organization?” question, ITIL is one way (currently a very popular way) of addressing “How are we going to do it?”

ITIL ORGANIZATION

ITIL is organized into five core publications, that revolve around the service lifecycle. These provide best practice guidance for an integrated approach to IT service management.

The five core titles are:  

                                                            

§  Service Strategy explains business goals and customer

   requirements.   

§  Service Design shows how to move strategies into

plans that help the business

§  Service Transition shows how to introduce services

into the environment.

§  Service Operation explains how to manage the IT

  services.

§  Continual Service Improvement helps adopters

evaluate and plan large and small improvements to IT services.

ITIL Service Strategy & ITIL Strategy Management

Service Strategy determines which types of services should be offered

to which customers or markets.

The objective of ITIL Strategy Management for 
IT Services is to assess the service provider’s offerings, capabilities, competitors as well as current and potential market spaces in order to develop a strategy to serve customers. Once the strategy has been defined, ITIL Strategy Management is also responsible for ensuring the implementation of the strategy.

                    Service Strategy ITIL

Business Planning Information includes important input from clients and external service providers, especially for devising the Service Strategy and looking for ways to improve services. 

The Service Strategy Plan (at times referred to as the Service Strategy) is about translating a big idea regarding customer needs into a distinctive and cost-effective set of connected capabilities and resources to satisfy those needs.

The Strategic Action Plan sets out the steps required to implement the previously defined Service Strategy, defining specific tasks and responsibilities.

The Strategic Service Assessment is used to gain insight into a service provider's weaknesses, strengths and opportunities prior to developing a Service Strategy.

ITIL Service Design

Service Design identifies service requirements and devises new

service offerings as well as changes and improvements to

existing ones.

Design Coordination: To coordinate all service design

activities, processes and resources. Design coordination ensures

the consistent and effective design of new or changed IT

services, service management information systems,

architectures, technology, processes, information and metrics.

Service Catalogue Management: to ensurethat a Service

Catalogue is produced and maintained, containing accurate

information on all operational services and those being prepared

to be run operationally. Service Catalogue Management

provides vital information for all other Service Management

processes: Service details, current status and the services'

interdependencies.

Service Level Management: to negotiate Service Level

Agreements with the customers and to design services in

accordance with the agreed service level targets. Service Level

Management is also responsible for ensuring that all Operational

Level Agreements and Underpinning Contracts are appropriate, and to monitor and report on service levels.

Risk Management: to identify, assess and control risks. This includes analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats.

Capacity Management: to ensure that the capacity of IT services and the IT infrastructure is able to deliver the agreed service level targets in a cost effective and timely manner. Capacity Management considers all resources required to deliver the IT service, and plans for short, medium and long term business requirements.

Availability Management: to define, analyze, plan, measure and improve all aspects of the availability of IT services. Availability Management is responsible for ensuring that all IT infrastructure, processes, tools, roles etc. are appropriate for the agreed availability targets.

IT Service Continuity Management: to manage risks that could seriously impact IT services. ITSCM ensures that the IT service provider can always provide minimum agreed Service Levels, by reducing the risk from disaster events to an acceptable level and planning for the recovery of IT services. ITSCM should be designed to support Business Continuity Management.

Information Security Management: to ensure the confidentiality, integrity and availability of an organization's information, data and IT services. Information Security Management usually forms part of an organizational approach to security management which has a wider scope than the IT Service Provider.

Compliance Management: to ensure IT services, processes and systems comply with enterprise policies and legal requirements.

Architecture Management:To define a blueprint for the future development of the technological landscape, taking into account the service strategy and newly available technologies.

Supplier Management: To ensure that all contracts with suppliers support the needs of the business, and that all suppliers meet their contractual commitments.

COBIT

Control Objectives for Information and Related

Technology (COBIT) is a framework framework for

developing, implementing, monitoring and improving

information technology (IT) governance and management

practices.

It is a supporting toolset that allows managers to bridge the

gap between control requirements, technical issues and

business risks.

COBIT aims "to research, develop, publish and promote an

authoritative, up-to-date, international set of generally

accepted information technology control objectives for

day-to-day use by business managers, IT professionals and

assurance professionals".

The goal of the framework is to provide a common language for business executives to communicate with each other about goals, objectives and results. 

The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.

Cobit5 is based on five key principales for governance and management of enterprise IT:

     Principle 1: Meeting Stakeholder Needs
     Principle 2: Covering the Enterprise End-to-End
     Principle 3: Applying a Single, Integrated Framework
     Principle 4: Enabling a Holistic Approach
     Principle 5: Separating Governance From Management

The COBIT components include:

·         Framework: Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements

·         Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.

·         Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.

·         Management guidelines: Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes

·         Maturity models: Assess maturity and capability per process and helps to address gaps.

It provides an end-to-end business view of the governance of enterprise IT, reflecting the central role of information and technology in creating value for enterprises of all sizes.

TOGAF

The Open Group Architecture Framework(TOGAF) is  a proven, comprehensive and generic methodology and framework. It is used by the world's leading organizations to optimize the outcomes of the Enterprise Architecture process.  A framework for enterprise architecture which provides an approach for designing, planning, implementing, and governing an enterprise information technology architecture.

TOGAF is a high level approach to design. It is typically modeled at four levels: Business, Application, Data, and Technology. It relies heavily on modularization, standardization, and already existing, proven technologies and products.

 

Why TOGAF?

• Open standard; being vendor, tool and technology neutral
• Transparent EA process: predictable and repeatable
• Based on best practices
• Widely adopted in the market
• Comprehensive, general method
• Complementary to (thus not competing with) other frameworks

§  Methods and approaches

TOGAF offers detailed methods for developing Enterprise Architecture. This includes a process for acceptance, production, use, maintenance and governance, and a set of supporting tools. TOGAF is a customer initiative, rooted in best practices in architecture development. TOGAF has been continuously evolved and improved by the members of The Open Group.

The Open Group Architecture Framework, or TOGAF gives software architects a structured approach for organizing and governing their software technology design, development and maintenance. Experienced professionals can focus on the aspects of TOGAF that work best for their organization as they pursue business benefits derived from software innovation. TOGAF can be used with - or without - service-oriented architecture (SOA), UML and various frameworks, methodologies and tools of modern software development.

Enterprise Architecture transparency

TOGAF increases the transparency of the Enterprise Architecture development and management process. The resulting architectures reflect best practices and are consistent and coherent with each other. Enterprise Architecture professionals enjoy greater industry credibility, job effectiveness, and career opportunities. TOGAF helps practitioners to avoid being locked into proprietary methods. They utilize resources more efficiently and effectively, and realize a greater return on investment.

An architecture framework is a set of tools which can be used for developing a broad range of different architectures.^[4] It should:

·         describe a method for defining an information system in terms of a set of building blocks

·         show how the building blocks fit together

·         contain a set of tools

·         provide a common vocabulary

·         include a list of recommended standards

·         include a list of compliant products that can be used to implement the building blocks

However TOGAF has its own view, which may be specified as either a "formal description of a system, or a detailed plan of the system at component level to guide its implementation", or as "the structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time."

The Architecture Development Method (ADM) is core of TOGAF which describes a method for developing and managing the lifecycle of enterprise architecture.

TOGAF Topics

TOGAF is based on four interrelated areas of specialization called architecture domains:

·         Business architecture which defines the business strategy, governance, organization, and key business processes of the organization

·         Applications architecture which provides a blueprint for the individual systems to be deployed, the interactions between the application systems, and their relationships to the core business processes of the organization with the frameworks for services to be exposed as business functions for integration

·         Data architecture which describes the structure of an organization's logical and physical data assets and the associated data management resources

·         Technical architecture or technology architecture, which describes the hardware, software, and network infrastructure needed to support the deployment of core, mission-critical applications

CMMI

Capability Maturity Model Integration (CMMI) is a process improvement training and appraisal program and service administered. CMMI defines the following maturity levels for processes: Initial, Managed, Defined, Quantitatively Managed, Optimizing.

CMMI models provide guidance for developing or improving processes that meet the business goals of an organization. A CMMI model may also be used as a framework for appraising the process maturity of the organization.

Process improvement

CMMI is a model for process improvement. SEI(Software Engineering Institute) has found that there are three critical dimensions that help organizations develop and maintain high quality products and services:

1.       People with skills, training and motivation

2.       Tools and equipment

3.       Procedures and methods defining the relationships of tasks

The report states: A focus on process provides the infrastructure and stability necessary to deal with an ever-changing world and to maximize the productivity of people and the use of technology to be competitive.

CMMI for development addresses 22 process areas covering the full application lifecycle, from conception through delivery. Unlike other improvement approaches that only focus on a specific part of the business, CMMI takes a systemic approach, emphasizing the work necessary to build and maintain the total product.

By defining repeatable processes, organizations are able to gain consistency and look for ways to implement improvements to work smarter and more efficiently.

CMMI models provide guidance not processes

The models provided with CMMI are not the actual processes that will be used in your organization. They will provide the guidelines and ideas to allow each organization to create and document the processes that are pertinent to their particular application domain, organizational structure and size. The process areas won't typically map one-to-one with an organization that's implementing CMMI. The focus is on guiding an organization towards an improvement path from immature processes to disciplined, mature processes with improved quality.

COMPONENTS: Each process area is made up of "components," which fall into one of three categories: required, expected or informative. The definition of each type of component for each process area is defined in the CMMI. By using the guidelines outlined in CMMI, you'll have the templates needed to work towards defining and documenting your processes and the relationships between them.

LEVELS: Levels are used in CMMI to rate organizational capability and maturity. Appraisals are done which can apply to an entire organization or to smaller groups such as a division or a project. There are two approaches that can be used: a continuous representation to achieve "capability levels" and a staged representation to achieve "maturity levels."

Mixing CMMI and Agile : Though the model may seem rather rigid, CMMI practices are meant to be methodology agnostic. To help those who use agile methods to interpret CMMI in their environments, notes are added to selected processes to indicate how practices can be adapted to agile environments.

Continuous improvement : Process improvement has been proven to improve quality. CMMI is a model that goes through continual reviews and improvements and has been recently been updated to reflect our continual software evolution. This would be the time to download their latest revision and get a sense for the maturity of your organization.