ITIL PPO Certification – Flashcards
Unlock all answers in this set
Unlock answersquestion
Name the PPO process that come from service strategy.
answer
Demand management
question
demand management
answer
the process that seeks to understand, anticipate, and influence customer demand for services and support the provision of capacity to meet those demands
question
Name the PPO processes that come from service design.
answer
1. Availability Management 2. Capacity Management 3. Information Security Management 4. IT Service Continuity Management
question
Availability Management
answer
the process that ensures that enough cost-justifiable capacity is present now and in the future to meet business requirements; operates at three levels: business, service, and component
question
Information security management
answer
the process that ensures that security requirements from the business are understood and realized, and that effective security policies are implemented, managed, and improved as needed
question
IT Service Continuity Management
answer
the process that ensures that IT continuity planning is aligned with the business continuity planning; ensures that cost-effective plans are in place, communicated, and understood so that extreme conditions can be managed while controlling risk
question
Purpose of Service Design
answer
design IT services, practices, processes, and policies to realize the service provider's strategy; ensure that services are cost-effectively designed in order to realize the business strategy
question
objective of service design
answer
design services so that minimal improvement is required over time; design services in line with business requirements so that minimal improvement is required over the life of the service
question
value of service design
answer
-reduced total cost of ownership -improved quality of service -improved consistency of service -ease of implementation of new or changed services -improved service alignment and performance -improved IT governance -improved effectiveness of service management processes -improved information and decision-making -improved alignment with customer values and strategies
question
Service design begins with
answer
a set of new or changed business requirements and ends with the development of a service solution
question
5 major aspects of service design
answer
1. S (service solution)- service solutions for new or changed service 2. T (tools)- the management information systems and tools, especially the service portfolio 3. A (architectures)-the technology architectures and management architecture 4. M (metrics)- the measurement methods and metrics 5. P (processes)- the processes required
question
Service Design Package
answer
document(s) defining all aspects and areas of an IT service and its requirements through each stage of its lifecycle; produced for each new IT service, major change, or IT service retirement
question
ITIL suggests a design approach that considers the following areas:
answer
- the scalability to future requirements -outcomes supported -utility requirements -warranty requirments -technologies, components, and inter-relationships -supporting services (internal and external) -performance requirements and measurements -required security levels -sustainability
question
Within the technology area, ITIL identifies four domains that need to be addressed and considered as they support and underpin the delivery of all services
answer
1. (i) infrastructure 2. (d) data/information 3. (e) environmental 4. (a) applications
question
ITIL suggests a formal approach to the business requirements gathering stage, including the following key elements:
answer
-appointment of project manager -identification of all stakeholders -requirements analysis, agreement, and documentation -budgets and business benefits -conflict resolution -sign-off processes -engagement and communication plan
question
Why do service providers need to conduct service design activities? (business value of service design)
answer
1. align IT service provision with business goals and objectives 2. prioritize all IT activities based on business impact and urgency 3. increase business productivity and profitability through increased efficiency and effectiveness 4. support corporate governance 5. create competitive advantage
question
Service providers demonstrate business value by:
answer
-agreeing services, SLAs and targets across the whole enterprise, ensuring critical business processes receive most attention -measuring IT quality in business/user terms, reporting what is relevant to users (for example, customer satisfaction, business value) -mapping business processes to IT services and IT infrastructure, to ensure that dependencies between the relationships are well understood, and to reduce the possibility of disruptions caused by loss on business services and processes -mapping business processes to business and service measurements, to ensure focus on IT service measurements related to business performance measurements and desired business outcomes -mapping infrastructure resources to services in order to take full advantage of critical IT components that are linked to critical business processes -providing end-to-end performance monitoring and measurement of IT services supporting business processes, regularly reported against SLA targets
question
ISG (IT steering group)
answer
a formal group that is responsible for ensuring that business and IT service provider strategies and plans are closely aligned; includes senior representatives from the business and the IT service provider
question
ISG should consider the following items
answer
-business and IT plans -demand planning -project authorization and prioritization -review of projects -potential outsourcing -business/IT strategy review -business continuity and IT service continuity -policies and standards
question
purpose of design coordination process
answer
-ensure goals and objectives of the service design stage are met -provide and maintain a single point of coordination and control all design processes and activities
question
objectives of design coordination process
answer
-ensure the consistent design of appropriate services, service management information systems, architectures, technology, processes, information, and metrics to meet current and evolving business outcomes and requirements -coordinate all design activities across projects, changes, suppliers, and support teams, and manage schedules, resources, and conflicts where required -plan and coordinate the resources and capabilities required to design new or changed services -produce SDPs based on service charters and change requests -ensure that appropriate service designs and /or SDPs are produced and that they are handed over to service transition as agreed -manage the quality criteria, requirements, and handover points between the service design stage and service strategy and service transition -ensure that all service models and service solution designs conform to strategic, architectural, governance, and other corporate requirements -improve the effectiveness and efficiency of service design activities and processes -ensure that all parties adopt a common framework of standard, reusable design practices in the form of activities, processes and supporting systems, whenever appropriate -monitor and improve the performance of the service design lifecycle stage
question
scope of design coordination process
answer
coordinate all design-related activities for new or changed services moving into production environments, as well as any design-related activities for services that are being retired
question
scope of designation coordination includes the following responsibilities
answer
-assisting and supporting each project or other change through all the service design activities and processes -maintaining policies, guidelines, standards, budgets, models, resources, and capabilities for service design activities and processes -coordinating, prioritizing, and scheduling of all service design resources to satisfy conflicting demands from all projects and changes -planning and forecasting the resources needed for the future demand for service design activities -reviewing, measuring, and improving the performance of all service design activities and processes -ensuring that all requirements are appropriately addressed in service designs, particularly utility and warranty requirements -ensuring the production of service designs and/or SDPs and their handover to service transition
question
the scope of design coordination does not include the following tasks
answer
-responsibility for any activities or processes outside of the design stage of the service lifecycle -responsibility for designing the detailed service solutions themselves or the production of the individual parts of the SDPs
question
The PPO lifecycle in context to service strategy
answer
demand management process; provides the signal in the form of a service charter for design activities to begin
question
The PPO lifecycle in context to service design
answer
warranty processes that include availability management, capacity management, information security management, and IT service continuity management; capacity management has a strong relationship with demand management form the service strategy stage of the service lifecycle
question
The PPO lifecycle in context to service transition
answer
design processes produce a service design package, which is used by service transition to move a service through various lifecycle stages; warranty aspects of transition processes are important to consider as well as the impact of change on the warranty aspects of services
question
The PPO lifecycle in context to service operation
answer
many of the design processes covered in PPO are frequently invoked; capacity and availability management are often involved in operational aspects of monitoring and understanding trends in availability and capacity for services and components; operational staff are often involved in various aspects of continual planning
question
The PPO lifecycle in context to continual service improvement
answer
the processes covered in this course are subject to improvement; metrics and measurements used by continual service improvement must be built into new and changed services by the design processes
question
business value of the design coordination process
answer
- design activities at acceptable risk and cost levels - higher customer and user satisfaction - ensure consistent architecture, allowing integration between services and systems -improved focus and achievement of business value through well designed services -greater agility and higher quality in the design of services
question
demand management purpose
answer
-identify, understand, and influence demand for services - ensure that adequate capacity exists to meet demand
question
demand management objectives
answer
-understand PBAs -identify user profiles -ensure that services are designed to meet PBAs -ensure resource availability -anticipate cases where demand exceeds capacity
question
scope of demand management
answer
-identify the variable aspects of business -manage variance in demand
question
business value of demand management
answer
-understand and prepare for the variable aspects of business -influence and shape demand -ensure that available capacity meets demand
question
Policies, principles, and basic concepts of demand management
answer
-supply and demand -gearing service assets -demand management throughout the lifecycle
question
Demand management supply and demand
answer
-supply must be matched to demand -understand demand and impact to service assets -incentives can be used to influence demand -supports capacity management where PBAs inform capacity planning and it optimizes performance and cost
question
Demand management gearing service assets
answer
demand is dynamic; identify signals of increasing/decreasing demand; manage assets to meet demand through: identifying services supported; quantify PBAs; specify appropriate architecture; plan capacity and availability; manage performance
question
demand management through the lifecycle
answer
-service strategy: identify services and outcomes; forecast demand and estimate activity levels -service design: confirm requirements; ensure capacity and availability designed to requirements -service transition: test and validate ability to meet and mange demand -service operation: monitor demand; perform tuning or corrective actions as required -continual service improvement: identify trends in PBAs; initiate changes and improvements as necessary
question
process activities, methods, and techniques of demand management
answer
-identify sources of demand forecasting -PBAs -UPs -activity-based demand management -develop differentiated offerings -management of operational demand
question
Demand management activity: identify sources of demand forecasting
answer
-understand business activity -determine how activity impacts service demand -potential sources of information that include: business plans; marketing plans and forecasts; production plans (in manufacturing environments); sales forecasts; new product launch plans
question
demand management activity: patterns of business activity
answer
PBA profile contains the following information: -classification: some method of flagging the type of PBA, whether it is automated or user generated, as well as what types of business outcomes the PBA supports -attributes that include: frequency; volume; location; duration -requirements: relevant to any performance, security, availability, privacy, latency or tolerance concerns -service asset requirements: utilization information about service assets related tot he PBA, such as what assets are utilized, when they are utilized, and the extent of the utilization
question
demand management activity: user profiles
answer
-based on organizational roles and responsibilities which include automated processes and applications can have UPs -associated or mapped to one or more PBAs -under change management control
question
user profile (UP)
answer
a pattern of user demand for IT services; each includes one or more patterns of business activity
question
Triggers of demand management
answer
-request for a new service -request for a change to an existing service -strategy driving the creation of a new service -requirement to define a service model -requirement to define PBAs and UPs -utilization rates affecting performance or causing a breach to an SLA -any exception to a forecast PBAs
question
inputs of demand management
answer
-initiative to create a new service -initiative to change an existing service -validation of service models -validation of PBA -customer portfolio, service portfolio, and customer agreement portfolio -charging models -chargeable items -service improvement plans
question
outputs of demand management
answer
-user profiles -PBAs in the service and customer portfolios -policies for management of demand -policies for how to deal with situations where service utilization is different than customer expectations -documentation of differentiated offerings that can be used to formulate service packages
question
process interfaces with demand management service strategy
answer
-strategy management -service portfolio management -financial management for IT services -BRM
question
process interfaces with demand management service design
answer
-service level management -capacity management -availability management -IT service continuity management
question
process interfaces with demand management service transition
answer
-change management -service asset and configuration management (SACM) -service validation and testing
question
process interfaces with demand management service operation
answer
event management
question
information management in demand management
answer
-service portfolio -customer portfolio -project portfolio -meeting minutes between BRM and customers -service level agreements -configuration management system
question
CSF: the service provider has identified and analyzed the PBAs and is able to use these to understand the levels of demand that will be placed on a service
answer
KPI: patterns of business activity are defined for each relevant service KPI: patterns of business activity have been translated into workload information by capacity managment
question
CSF: the service provider has defined and analyzed UPs and is able to use these to understand the typical profiles of demand for services from different types of users
answer
KPI: documented UPs exist and each contains a demand profile for the services used by that type of user
question
CSF: a process exists whereby services are designed to meet the PBAs and business outcomes
answer
KPI: demand management activities are routinely included as part of defining the service portfolio
question
CSF: an interface with capacity management ensures that adequate resources are available at the appropriate levels of capacity to meet the demand for services
answer
KPI: capacity plans include details of PBAs and corresponding workloads KPI: utilization monitors show balanced workloads with minimal over-utilization and a maximum amount of unused capacity to prevent technical groups from over-investing in capacity to avoid being blamed for over-utilization
question
CSF: there is a means to manage situations where demand for a service exceeds the capacity to deliver it.
answer
KPI: techniques to manage demand have been documented in capacity plans and, where appropriate in SLAs KPI: differential charging has resulted in more even demand on the service over time
question
challenges related to the demand management process
answer
-the availability of information about business activities -difficult for customers to break down activities in terms that make sense to the service provider -lack of a formal service portfolio management process or a formal service portfolio
question
risks related to the demand management process
answer
-lack of, or inaccurate, configuration information -failure of SLM to define, negotiate, and agree to commitments for minimum and maximum service utilization levels
question
Responsibilities of Demand Management Process Owner
answer
-generic process owner role for demand management -ensures that demand management is integrated with other processes
question
responsibilities of demand management process manager
answer
-carries out generic process manager role for demand management -identifies and analyzes PBAs to understand the levels of demand for services from different types of users -helps design services to meet the PBAs and business outcomes -ensures that adequate resources are available at the appropriate levels of capacity to meet the demand for services -anticipates and prevents or manages situation where demand for a serive exceeds the capacity to deliver it -gears the utilization of resources that deliver services to meet the fluctuating levels of demand for those services
question
capacity management process
answer
-extends across the lifecycle -aligns capacity with demand -influenced by: PBA, lines of service, service level packages -capacity needs must be considered during the design stage -capacity continues throughout all lifecycle stages
question
purpose of capacity management
answer
provide a focal point for all capacit- and performance-related issues for services and components
question
objectives of capacity management
answer
-produce and maintain capacity plans describing current and future capacity needs -guide the business and IT on capacity-related issues -manage the performance of services and components -ensure that service performance meets or exceeds all agreed targets -assist incident management and problem management -assess the impact of changes on service and component capacity -ensure that cost-justifiable capacity management measures are in place
question
scope of capacity management
answer
-focal point for all IT performance and capacity issues -encompasses all areas of technology -handles some aspects of human resources including scheduling and staffing levels
question
business value of capacity management
answer
-effective resource planning and control in order to meet required levels of service -ensure that required capacity is delivered cost-effectively -improved performance and availability of services and components -improved customer satisfaction -efficient and effective design and transition of new or changed services -more accurate capacity-related budgeting -environmental consciousness -directly contributes to the business through the following activities: monitoring PBA and service level plans; production of regular and ad hoc reports on services and component capacity and performance; tuning and optimization of services and components; producing capacity forecasts based on the agreed needs of the business; influencing customer behavior; regularly producing a capacity plan; resolving capacity-related incidents and problems; analyzing capacity-related trends and making improvements
question
policies of capacity management
answer
ensures that capacity and performance of IT services and components matches agreed existing and future demands of the business in a cost-effective and timely manner; balancing act between balancing supply against demand and balancing against resources
question
capacity management processes and planning must be involved in all stages of the service lifecycle
answer
-strategy: service portfolio contains resources and capabilities -design: requirements driven capacity plans to ensure service meets their expected performance targets -transition: verifying utilization and performance -operation: monitoring and maintaining forecasts -continual improvement: ongoing tuning and optimization
question
capacity management must understand
answer
-current business operations and their requirements -patterns of business activity -future business plans and requirements -agreed and planned service targets -all areas of IT and its capacity performance
question
planning and managing complexity
answer
-managing the capacity of large IT environment is a difficult task -capacity management simplifies this task by: -determining which components need to be upgraded -determining when an upgrade is required -managing the cost of an upgrade -evaluating the capacity-related risk of change -evaluating whether or not a proposed SLR is achievable -helping solve capacity-related problems -ensuring that adequate capacity exists in any continuity environments
question
business capacity management
answer
-assist with agreeing service level requirements -design, procure, or amend service configuration -verify service level agreements -support service level agreement notification -control and implementation
question
design related activities of capacity management
answer
-exploitation of new technology -designing resilience
question
ongoing iterative activities of capacity management
answer
-monitoring: threshold management; response time monitoring -analysis -tuning -implementation
question
modeling and trending activities of capacity management
answer
-baselining -trend analysis -analytical modeling -simulation modeling
question
service capacity management
answer
focus of this sub-process is the management, control, and prediction of the end-to-end performance and capacity of the live, operational IT services usage and workloads; ensures the at the performance of all services, as detailed in service targets within SLAs and SLRs, is monitored and measured, analyzed, and reported; in order to meet agreed performance levels of services, it may be necessary to instigate proactive and reactive actions -identify and understand the IT services, their use of resources, working patterns, peaks, and troughs -ensure that the services meet agreed targets as defined in SLA -identify any service breaches or near misses through monitoring and comparing actual targets against agreed targets -must be proactive and predictive
question
component capacity management
answer
focus of this sub-process is the management, control and prediction of the performance, utilization and capacity of individual IT technology components underpinning IT services; ensures that all components within the IT infrastructure that have finite resource are monitored and measured, analyzed, and reported -identify and understand the performance, capacity, and utilization of individual components -ensure optimal use of IT components -monitor hardware and software components and collect information -forecast issues where possible -monitor changes to services to estimate hardware and software upgrades -balance services across existing components
question
demand management in capacity management
answer
activities specifically focused on understanding the variable aspects of business and planning for an appropriate response to those variable aspects
question
proactive activites
answer
-pre-empting performance issues -producing trends of the current component utilization and estimating the future requirements -modeling and trending the predicted changes in IT services -ensuring that upgrades are budgeted, planned, and implemented before SLAs and service targets are breached or performance issues occur -actively seeking to improve service performance wherever it is cost-justifiable -producing and maintaining a capacity plan -tuning (optimizing) the performance of services and components
question
reactive activities
answer
-monitoring, measuring, reporting, and reviewing the current performance of both services and components -responding to all capacity-related "threshold" events and instigating corrective action -reacting to and assisting with specific performance issues
question
triggers of capacity management
answer
-service breaches -capacity or performance events and alerts, including threshold events -exception reports -periodic revision of current capacity and performance -review of forecasts, reports and plans -new and changed services requiring additional capacity -periodic trending and modeling -review and revision of business and IT plans and strategies -review and revision of designs and strategies -review and revision of SLAs, OLAs, contracts, or any other agreements
question
inputs of capacity management
answer
-business information -service IT information -component performance and capacity information -service performance issues -service information -financial information -change information -performance information -CMS -workload information
question
outputs of capacity mangement
answer
-CMIS -capacity plan -service performance information and reports -workload analysis and reports -ad hoc capacity and performance reports -forecasts and predictive reports -thresholds, alerts, and events
question
capacity management interface service strategy
answer
demand management -capacity plans responses to PBAs -understanding and evaluating PBAs for their effect upon the capacity-related aspects of services and components
question
capacity management interface service design
answer
SERVICE LEVEL MANAGEMENT -service information with details of the services from the service portfolio and the service catalog and service level targets within SLAs and SLRs and possibly from the monitoring of SLAs, service reviews and breaches of the SLAs -reporting and reviewing of service performance and the development of new SLRs or changes to existing SLAs IT SERVICE CONTINUITY MANAGEMENT -capacity management assists with business impact assessment AVAILABILITY MANAGEMENT -works with capacity to support required resources for availability commitments
question
capacity management interface service operation
answer
incident and problem management -service performance issues relating to poor performance
question
capacity management process uses...
answer
the CMIS to store capacity-related information
question
CMIS is used to perform several activities that include
answer
-review current capacity and performance -improve current service and component capacity -assess, agree, and document new requirements for capacity -plan new capacity
question
capacity CSF: accurate business forecasts
answer
KPI: Production of workload forecasts on time KPI: Percentage accuracy of forecasts of business trends KPI: Timely incorporation of business plans into the capacity plan KPI: reduction in the number of variances from the business plans and capacity plans
question
capacity CSF: Knowledge of current and future technologies
answer
KPI: increased ability to monitor performance and throughput of all services and components KPI: timely justification and implementation of new technology in line with business requirements (time, cost, and functionality) KPI: Reduction in the use of old technology, causing breached SLAs due to problems with support or performance
question
capacity CSF: Ability to demonstrate cost effectiveness
answer
KPI: reduction in last-minute buying to address urgent performance issues KPI: reduction in the over-capacity of IT KPI: accurate forecasts of planned expenditure KPI: reduction in the business disruption caused by a lack of adequate IT capacity KPI: relative reduction in the cost of production of the capacity plan
question
capacity CSF: Ability to plan and implement the appropriate IT capacity to match business need
answer
KPI: percentage reduction in the number of incidents due to poor performance KPI: percentage reduction in lost business due to inadequate capacity KPI: all new services implemented to match SLRs KPI: increased percentage of recommendations made by capacity management are acted on KPI: reduction in the number of SLA breaches due to either poor service performance or poor component performance
question
challenges of capacity management
answer
-getting information from the business -making sense of component capacity management -different tools and different information formats -information overload
question
risks of capacity management
answer
-lack of commitment to the capacity management process -lack of appropriate information on future plans and strategies -lack of resources, budget, or senior management commitment -service capacity management and component capacity management are performed in isolation -processes become too bureaucratic or manually intensive -processes focus too much on the technology and not enough on the services and the business -reports and information are too technical and do not give appropriate information
question
capacity management process owner
answer
-accountable for the capacity management process -works with other processes to ensure capacity management is integrated with the overall service lifecycle
question
capacity management process manager
answer
p. 3-49; responsible for the process coordinates activities between capacity management and other service management processes
question
availability management purpose
answer
-to be the focal point for management of availability-related issues -ensure that availability targets are set, measured, and achieved
question
availability management objectives
answer
-produce and maintain availability plans reflecting the current and future needs of the business -ensure that service availability achievements meet or exceed agreed targets -assist with diagnosis and resolution of availability-related incidents and problems -assess the impact of changes on the availability plan and availability of services -advise and guide other areas of the business and IT -implement cost-justifiable measures to improve the availability of services
question
scope of availability management
answer
-covers the design, implementation, measurement, management, and improvement of IT service and component availability -ensures that services and components are designed and delivered in line with business needs -includes the availability of business processes -availability drivers of future business plans and requirements -service availability targets agreed in SLAs -performance and availability of the IT infrastructure, data, applications, and the environment -business impacts and priorities for services
question
business value of availability management
answer
-ensures that availability matches the evolving needs of the business -ensures customer satisfaction with reliability and availability -provides high-quality stable services in support of business needs -evaluates new or changed service requirements -supports business needs to follow environmentally sound strategies
question
guiding principles for availability management
answer
-service availability is at the core of customer satisfaction and business success -business, customer, and user satisfaction and recognition can be achieved even when services fail, provided that the reaction to failure is handled well -understanding how services support the business drives improving availability -availability is only as good as its weakest link -the more proactive the process, the better service availability will be -it is less expensive to design availability into services than to add it at a later date
question
service availability involves
answer
-all aspects of service availability and unavailability -impact of component availability -potential impact of component availability -impact of the availability of collection of components
question
component availability involves
answer
component availability and unavailability
question
aspects of availability
answer
-availability -reliability -maintainability -serviceability
question
availability equation
answer
((agreed service time AST)-downtime)/AST) *100%
question
reliability equation
answer
(MTBSI in hours)= (available time in hours)/(number of breaks)
question
reliability equation 2
answer
MTBF in hours = ((available time in hours-total downtime in hours)/(number of breaks))
question
maintainability
answer
MTRS in hours=((total downtime in hours)/(number of service breaks))
question
vital business functions
answer
-parts of the business process that are critical to success -influence availability design and cost-effectiveness -the more vital the function, the higher level of resilience required -availability requirements determined by the business, not IT -special VBFs: High Availability, fault tolerance, continuous operation, continuous availability
question
reactive availability management techniques
answer
-monitor, measure, analyze, and report service and component availability -unavailability analysis -expanded incident management lifecycle -service failure analysis
question
proactive availability management techniques
answer
-requirement definition -designing for availability -service availability design -CFIA(component failure impact analysis) -SPOF (single point of failure) -FTA (fault tree analysis -simulation, modeling, and load testing -risk analysis and management -availabiltiy testing schedule -planned and preventative maintenance -production of projected service outage -reviewing all new and changed services -continual review and improvement
question
triggers of availability management
answer
-new or changed business needs or new or changed services -new or changed targets within agreements such as SLRs, SLAs, OLAs, or contracts -service or component breaches, availability events and alerts, including threshold events, exception errors -periodic activities of availability management such as reviewing, revising, or reporting -review of availability management forecasts, reports and plans -review and revision of business and IT plans and strategies -review and revision of designs and strategies -recognition or notification of a change of risk or impact of a business process of VBF, an IT service or component -request from SLM for assistance with availability targets and explanation of achievements
question
inputs of availability management
answer
-business information -business impact information -previous risk analysis -service information -financial information -change and release information -configuration management -service targets -component information -technology information -past performance -unavailability and failure information
question
outputs of availability management
answer
-AMIS -the availability plan for the proactive improvement of IT services and technology -availability and recovery design criteria and proposed service targets for new or changed services -service availability, reliability, and maintainability reports of achievements against targets, including input for all service reports -component availability, reliability, and maintainability reports of achievements against targets -revised risk analysis reviews and reports and an updated risk register -monitoring, management, and reporting requirements for IT services and components to ensure that deviations in availability, reliability, and maintainability are detected, actioned, recorded, and reported -an availability management test schedule for testing all availability, resilience, and recovery mechanisms -the planned and preventative maintenance schedules -the PSO in conjunction with change and release management -details of the proactive availability techniques and measures that will be deployed to provide additional resilience to prevent or minimize the impact of component failures on the IT service availability -improvement actions for inclusion within the SIP
question
process interfaces with availability management service design
answer
SLM Capacity management ISM information security management ITSCM
question
process interfaces with availability management service transition
answer
change management
question
process interfaces with availability management service operation
answer
incident and problem management access management
question
information management in availability mangement
answer
AMIS: contains information used and produced by availability management availability plans that describe: -current and future availability needs of the business -how availability shortfalls are being addressed -details of new availability requirements -schedules and reviews of SFA assessments -information about the availability benefits of future technology
question
availability CSF: manage availability and reliability of IT service
answer
KPI: percentage reduction in the unavailability of services and components KPI: percentage increase in the reliability of services and components KPI: effective review and follow-up of all SLA, OLA and UC breaches relating to availability and reliability KPI: percentage improvement in overall end-to-end availability of service KPI: Percentage reduction in the number and impact of service breaks KPI: improvement in the MTBF KPI: improvement in the MTBSI KPI: reduction in the MTRS
question
availability CSF: satisfy business needs for access to IT services
answer
KPI: percentage reduction in the unavailability of services KPI: percentage reduction of the cost of business overtime due to unavailable IT KPI: percentage reduction in critical time failures KPI: percentage improvements in business and users satisfied with service
question
availability CSF: Availability of IT infrastructure and applications as documented in SLAs, provided at optimum costs
answer
KPI: percentage reduction in the cost of unavailability KPI: percentage improvement in the service delivery costs KPI: timely completion of regular risk assessment and system review ....P 4-69
question
challenges of availability management
answer
-meeting and managing the expectations of the business -integration of all availability-related information -convincing the business of the need for proactive availability management
question
risk of availability management
answer
-a lack of commitment from the business to the availability management process -a lack of commitment from the business and a lack of appropriate information on future plans and strategies -a lack of senior management commitment or a lack of resources and/or budget to the availability management process -labor-intensive reporting processes -the processes focus too much on the technology and not enough on the services and the needs of the business -the AMIS is maintained and isolation is not shared or consistent with other process areas, especially ITSCM, information security management and capacity management
question
availability management process owner
answer
-carry out the generic process owner role for the availability management process -working with management of all functions to ensure acceptance of the availability management process as the single point of coordination for all availability-related issues, regardless of the specific technology involved -working with other process owners to ensure there is an integrated approach to the design and implementation of availability management, service level management, capacity management, IT service continuity management, and information security management
question
availability management process manager
answer
-manages the interface between availability management and other processes -ensures that services meet agreed levels of availability -assists in the investigation and diagnosis of availability-related incidents and problems
question
ITSCM purpose
answer
-align with and support the overall business continuity management process -ensure that minimum agreed business continuity-related service levels can be provided -understand and reduce risk to IT services to levels acceptable to the business -plan and prepare for the recovery of IT Services
question
ITSCM objectives
answer
-manage and maintain a set of IT service continuity plans and IT recovery -ensure that continuity and recovery mechanisms are in place to meet the agreed business continuity targets defined in SLAs -conduct complete and regular BIA -conduct regular risk analysis and management, in conjunction with businss availability management process, and security management process -provide advice and guidance on continuity- and recovery- related issues to business and IT -assist the change managment process to assess the impact of all changes on IT service continuity plans and IT recovery plans -assist in proactive measures for improving availability of services -negotiate and agree the necessary contracts with suppliers, in conjunction with the supplier management process for provision of the planned recovery capability
question
scope of ITSCM
answer
-focus on significant business events: disasters, significant interruptions beyond normal daily operation, identified through a BIA, business impact and loss through financial loss, damage to reputation, regulatory breaches -agreement with the business of scope of ITSCM -ITSCM policies -conducting BIA to quantify the impact a loss of IT services would have on the busines -risk identification, assessment, and management -production of an ITSCM strategy and integration with overall BCM strategy -production, management, and maintenance of ITSCM plans -testing and validation of continuity plans
question
business value of ITSCM
answer
-supports the BCM (business continuity managment) and BCP (business continuity plan) -used to raise awareness of continuity and recovery requirements -often used to justify and implement a BCM and BCP -should be driven by business risk -identified by business continuity planning -ensures recovery arrangements for IT services are aligned to business impacts, risks, and needs
question
production of business continuity strategy is based on:
answer
-involvement of ITSCM in initiation and requirements stages to support the BCM activities -understanding the relationship between the business processes and the impacts of loss of IT services on these activities -becomes the basis for producing an ITSCM strategy
question
the business continuity strategy should
answer
-focus on business processes and associated issues such as business process continuity, staff continuity and building continuity
question
effective implementation of ITSCM is through
answer
-identification of critical business processes -analysis and coordination of the required technology and supporting IT services -the situation may be even more complex in outsourcing situations
question
4 stages within ITSCM lifecycle
answer
1. initiation 2. requirements and strategy 3. implementation 4. ongoing operation
question
Stage 1 of ITSCM
answer
initiation-this stage deals with policy setting, specifying terms of reference, and scope of the project
question
Stage 2 of ITSCM
answer
requirements and strategy- this stage includes requirements analysis and developing strategy for risk reduction based on BIA
question
Stage 3 of ITSCM
answer
ITSCM implementation- once the strategy has been approved, the IT service continuity plans need to be produced in line with the business continuity plans; the ITSCM plans need to be develped to enable the necessary information for critical systems, services, and facilities to either continue to be provided or to be reinstated within an acceptable period to the business
question
Stage 4 of ITSCM
answer
Ongoing operation-this stage focuses on education, awareness, training of service continuity-specific items, testing of ITSCM plans, ongoing operation, and any changes coordinated through change management process
question
initiating - policy setting
answer
specifying managment intent and clarifying roles and responsibilities rlevant to continuity activities
question
initiating - defining scope and all terms of reference
answer
defining the scope of all staff in the organization, as well as conducting resk assessment and business impact analysis
question
initiating - initiating a project
answer
allocating resources: acquiring the necessary resources in terms of time and money defining the project organization and control structure: following accepted best practice for complex project managment, such as PMBOK (Project Management Body of Knowledge) or PRINCE2(PRojects IN Controlled Enviromnents) Agreeing to project and quality plans: providing an understanding of the overall project deliverables and serving as means to control variance; quality plans ensure that acceptable levels of quality are present in project deliverables
question
M_o_R
answer
management of risk- a standard management framework used to assess and manage risks witin an organization
question
M_o_R principles
answer
essential for the development of good risk management practice and are derived from corporate governance principles
question
M_o_R approach
answer
an organization's approach to M_o_R principles, which needs to be agreed and defined within the following living documents: -risk management policy -process guide -plans -risk registers -issue logs
question
M-o_R processes
answer
the following main steps describe the inputs, outputs, and activities that ensure that risks are controlled: -identify: the threats and opportunities within an activity that could impact the ability to reach its objective -assess: the understanding of the net effect of the identified threats and opportunities associated with an activity when aggregated together -plan: a specific managment response that will reduce the threats and maximize the opportunities -implement: the planned risk management actions, montior their effectiveness, and take corrective action where responses do not match expectations
question
Invocation of ITSCM
answer
processes should be: -fit for purpose; interface correctly with other relevant invocation processes decisions: -often made by a "crisis management" team -must consider: extent of damage; scope of invocation; likely length of the disruption; potential business impact; retrieval of required documentation, workstation images, etc.; mobilization of personnel; alerting suppliers and vendors -guidance and plans must be available to key staff, both within and outside the office
question
the objectives of invocation are to:
answer
-build up the business to normal levels at the recovery site -conducts short-term operation from recovery site -leave the recovery site in the shortest possible time
question
triggers of ITSCM
answer
-new or changed business needs, or new or changed services -new or changed targets within agreements, such as SLRs, SLAs, OLAs, or underpinning contracts -the occurrence of a mjor incident that requires assessment for potential invocation of either business or IT continuity plans -periodic activities such as the BIA or risk analysis activities, maintenance of continuity plans or other revieiwing, revising , or reporting activities -assessment of changes and attendance at CAB(change advisory board) meetings -review and revidsion of busines and IT plans and strategies -reivew and revisioin of designs and strategies -recognition or notification of a change of risk or impact of a businesss process or VBF (vital business function), an IT service, or component -initation of tests of continuity and recovery plans
question
inputs of ITSCM
answer
-business information -IT information -a businesss continuity strategy and set of business continuity plans -service information from the SLM process -financial information -change information -CMS -business continuity mangement and availability management testing schedules -IT service continuity plans and test reports
question
outpus of ITSCM
answer
-a revised ITSM policy and strategy -a set of ITSM plans, including all crisis management plans, emergency response plans and disastor recovery plans, together with a set of supporting plans and contracts with recovery service providers -BIA exercieses and reports, in conjunceiton with BCM and the busines -Risk analysis and mangement reviews and reports, inconjuction witht he buisness, availability management, and security managemnet -An ITSCM testing schedule -ITSCM test scenarios -ITSCM test reports and reviews -forecasts and predictive reports are used by all areas to analyze, predict and forecast particular business and IT scenarios and their potential solutions
question
purpose of Information Security Management (ISM)
answer
-provide a focal point for all aspects of IT security -manage IT security activities -align IT security with business security -provide strategic direction for security activities -ensure that information security is effectively managed in all service management activities; objectives are achieved; risks are managed
question
objectives of ISM
answer
-availability and usability- information available and usable when required -confidentiality- information disclosed to those who have a right to know -integrity- information is complete, accurate, protected -authenticity- trusted business transactions and information exchanges between enterprises and partners
question
scope of ISM
answer
-should be the focal point for all IT security issues -establish and maintain ISMS to guide the development and management of an information security program -must ensure that an information security policy is produced, maintained, and enforced -needs to understand total IT and business security environment; policies and plans; existing and future requirements; obligations and responsibilities; business and IT risks
question
ISM process should include:
answer
-Information security policy -current and future needs -policy and plans -security controls -contracts -management of security breaches -improvements -integration
question
ISM provides value to the business by
answer
-maintaining and enforcing an information security policy that fulfills: *needs of the business security policy *requirements of corporate governance
question
ISM manages all aspects of IT and information security
answer
-through appropriate security controls it provides assurance that *IT services underpinning business processes are in line with business and corporate risk management processes and guidelines
question
information security must be aligned with
answer
-business security -business needs -business objectives
question
all IT service providers must ensure that
answer
-all processes within the IT organization include security considerations -comprehensive information security policy or policies exist -necessary security controls are in place to monitor and enforce the policies
question
to develop a cost-effective information security program an organization requires
answer
-security framework -policy -ISMS
question
ISM framework generally consists of the following components
answer
-information security policy -security management information system -security strategy -organization structure -security controls -security risks -monitoring processes -communications strategy -training and awareness strategy and plan
question
five elements of ISMS
answer
1. control- establish management framework, organization structure, and responsibilities 2. plan- devise and recommend the appropriate security measures 3. implement- appropriate procedures, tools, and controls in place 4. evaluate- supervise and check compliance and auditing 5. maintain- improve security agreements and implement security measures and controls
question
information security governance should provide 6 basic outcomes
answer
1. strategic alignment 2. value delivery 3. risk management 4. performance management 5. resource management 6. business process assurance
question
Outcome 1: strategic alignment
answer
-security requirements should be driven by enterprise requirements -security solutions need to fit enterprise processes -investment in information security should be aligned with the enterprise strategy and agreed-on risk profile
question
Outcome 2: value delivery
answer
-a standard set of security practices, for example, baseline security requirements that follow best practices -properly prioritized and distributed effort to areas with greatest impact and business benefit -institutionalized and commoditized solutions -complete solutions, covering organization and processes as well as technology -a culture of continual improvement
question
Outcome 3: risk management
answer
-agreed-on risk profile -understanding of risk exposure -awareness of risk management priorities -risk mitigation -risk acceptance/deference
question
Outcome 4: performance management
answer
-defined, agreed, and meaningful set of metrics -measurement process that will help identify shortcomings and provide feedback on progress made resolving issues -independent assurance
question
Outcome 5: resource management
answer
-knowledge is captured and available -documented security processes and practices -developed security architecture to efficiently utilize infrastructure resources
question
key activities within the ISM process
answer
-production, review, and revision of an overall information security policy and a set of supporting specific policies -communication, implementation, and enforcement of security policies -assessment and classification of all information assets and documentation -implementation, review, revision, and improvement of a set of security controls and risk assessment and responses -monitoring and management of all security breaches and major security incidents -analysis, reporting, and reduction of the volumes and impact of security breaches and incidents -scheduling and completion of security reviews, audits, and penetration tests
question
ISM activities
answer
-produce, review, and revise security policies -assess and classify information assets -establish security controls -establish security incident procedures -conduct audits and testing -produce security strategy
question
Security controls
answer
threats- Prevention/Reduction & Evaluation/Reporting incident- Detection/Repression & Evaluation/Reporting damage- correction/Recovery & Evaluation/Reporting control
question
security measures
answer
-preventive- prevent a security incident from happening -reductive-minimize any possible damage from occurring in advance -detective- detect when a security incident occurs -repressive- counteract any continuation or repetition of the security incident -corrective-repair the damage as far as possible
question
triggers of ISM
answer
-changed business needs or services -changed targets: SLRs, SLAs, OLAs, or contracts -service or component breaches -availability events and alerts -periodic activities -review and revision of ISM policies, reports, and plans -review and revision of business and IT plans and strategies -change of risk or impact of a business process or VBF -request from SLM -new or changed corporate governance guidelines
question
inputs of ISM
answer
-business information -service information -change information -configuration management -technology information -risk analysis process and reports -corporate governance and security policies -IT information -details of all security events and breaches
question
outputs of ISM
answer
-an overall information security management policy -SMIS -revised security risk assessment processes and reports - a set of security controls -security audits and audit reports -security test schedules and plans -a set of classified information assets -reviews and reports of security breaches and major incidents -policies, processes, and procedures
question
CSF and KPIs of ISM
answer
p. 6-38
question
challenges of ISM
answer
-ensure adequate business support from the business, business security, and senior management -establish appropriate information security policy with effective supporting processes and controls -ensure ongoing alignment and integration of information security management with business security management, including policies and plans
question
risks of ISM
answer
-increased availability and robust requirements -growing potential for misuse and abuse of information and information systems -external dangers from hackers and compromise of information and information systems -a lack of business and senior management commitment -processes focused on technology and overlooking services and business needs -risk assessments performed in isolation -bureaucratic or outdated information security management policies and processes, or policies that add no business value
question
responsibilities of ISM process owner
answer
-carrying out generic process owner role for the information security management process -working with the business to ensure proper coordination and communication between organizational (business) security management and information security management -working with managers of all functions to ensure acceptance of the information security management process as the single point of coordination for all information security related issues, regardless of the specific technology involved -working with other process owners to ensure there is an integrated approach to the design and implementation of information security management, availability management, IT service continuity management, and organizational security management
question
responsibilities of ISM process manager
answer
p.6-44 & 6-45
question
generic requirements for technology to assist service design
answer
-the underpinning nature of tools and technology -effective service design technology -validates inputs and outputs -tool selection and design decisions
question
evaluation criteria for technology and tooling for process implementation
answer
-out of the box -configuration required -customization required