Service Management Document System

A few words about the service management document system. Whether you implement ITIL processes or a complete ISO/IEC 20000 service management system, your documents and records have to live somewhere. What is the best practice here?


Let's keep the main thing the main thing. What document system is already at place in your organization? Use it. If your organization has reached the level of maturity to implement the Service Management System, odds are that you already have some kind of a sensible document management software.

Introducing a new feature, no matter how seductive it may seem, will just prolong the learning curve and increase the resistance to the change. You don't want that. Try to stick with what you have. Implement the system with what you've got and let it live for some time. At the end of the first year, you will know what's missing, and you can take it from there.



Service Management Document System

So, the only thing you have is a file share system? No sweat. It can work very well for you. You have implemented a Wiki in your company? Even better. Even with the hype of wiki fading away and reducing it below its measure, it can be utilized ideally for specific purposes. You have a real document management system, open source or from a renowned vendor? Cool, we will put it to work.

Documents
Internal documents - when we talk about basic service management documents like policies, processes and procedures, these are the documents which won't change frequently. The ideal place for them is where you already keep this kind of documents. File share, document management system, collaboration applications, even paper versions might work. Of course, I'm not very serious about this last one :)

What you have to have in mind with these documents is that:

• they must be easily accessed by the authorized personnel,
• they have to be found and identified quickly
• approved by authorized people
• only the last approved version should be accessible to the audience
• versioning might come in handy.

If you are kind of halfhearted here, my recommendation for document management here is the Wiki. Any kind of a decent open source or Wiki as a part of some document management system you have deployed. Documents open quickly in any browser, everything is indexable and searchable, and versioning is easily traceable. A bunch of advantages compensate well for the minor difficulties in text formatting.

External documents - unstructured documents like customer and vendor agreements and contracts, legal documents, laws, norms, company and employee certificates etc. can be in paper or electronic form. For some of them the organization has to conform to legal requirements of keeping and archiving.
For efficient service provider operation most of the paper documents shall be converted to electronic form and accessible to employees according to their user rights. This is where it gets a bit tricky. Not everyone should be able to see every bit of information.
Financial parts of contracts should be accessible on a need to know basis. But other operational parts like contact lists, SLA parameters and operation rules should be availyble to everyone involved. How to deal with that?

Records
In the course of your service manageemnt thrench-line battle, you tend to produce a lot of records. These can be records in your application database or nonstructured records like periodic or on-demand reports. Records, as well as documents, should be legible, readily identifiable and retrievable. Also, they have to conform to requirements for retention and disposal.

Application records- various service management applications will create records, probably in some kind of relational database.  By their nature, they are not too demanding for space, so they should be retained in operational state as long as needed, sometimes even longer.

If your Service desk application has trouble indenxing and operating a large number of records, you will move all your older data into an archive (warehouse) database in order to improve the application speed. This way you can easily access your history data for reporting purposes, and keep a swift application operation. Incidents, problems and changes historycal data can come in very handy when you get a request for a report of all the incidents on Apache server since 2007, and their relation to problem records.

Other, more practical use of long record retention would be very practical: disregarding the implemented Knowledge Management system, Service Desk analysts tend to search for existing incidents and problems in order to find a previous solution to an existing issue. 

Non-structured records are created every day, these are mostly electronic form documents acompanying the operative or reactive actions in service management. E-mail messages, written documents, spreadsheets and screenshots tend to take a bit more space. Nevertheless, they should be kept according to regulatory and statutory requirements, or longer.

The best location for them would be an indexed, full text searchable document management system, or at least a shared folder with an indexing option.

In the end, a piece of advice: anything you can do to avoid the overhead is a good effort. Auditors are reasonable people most of the time. If you have any kind of basic document management system with versioning and approval workflows, you should defend the existing functionality without additional work.

No use of keeping additional records, versioning tables, approval sheets and stuff if minimal requirements can be satisfied with what you got. Even if something is missing, the auditor will respect your willing not to fake the unnecessary records in order to keep your processes more efficient. Yeah, you'll get a nonconformity or two, a few improvement recommendations, but it will help you to move in the right direction. Have faith.

 

Customer Satisfaction Survey Grading

What grades do you use in customer satisfaction surveys? How are grades influenced by the culture of the country? What to do if you perform surveys in different countries with different background?

I have been discussing customer satisfaction here a few times. Related to that, let me share a brief anecdote with you:

We implemented a new Service Desk SW on a customer's site. They are a managed services company providing support all over the world, 24x7. After the resolution of every ticket, contact person on a ticket receives a mail notification with a link to a short web-based survey.

There were just a few questions regarding speed of resolution, communication, competence of support people and overall satisfaction with the ticket resolution.

Grades were 1-5, with the above explanation that 1=poor and 5=excellent.

We received quite a bunch of survey results at the beginning, which was the intention. Here and there, a low score was received, but we were not alarmed, you can't please everyone. Service Manager was in charge to treat all grades below 3 as a customer complaint and to follow up with customers to raise their satisfaction.

Then one day we received two very bad results, averaging below 2. Both from the same market. Alert! We are doing something wrong.

So Service Manager sent apologetic mail with a inquiry what went wrong and how can we improve, blah...
The answer came quickly, from both customers, saying they are sorry, but they thought 1 is better and 5 is poor.

Was something wrong with the survey code? Customers sent us their screenshots, everything is fine, the explanation at the form header clearly stated "1=poor and 5=excellent". Both customers were from Germany. On a request to explain how they misunderstood this clear instruction, they said: "German school grading system is 1 to 5, a one being the best grade (Sehr gut), and five the worst - insufficient (Nicht genügend)". So they didn't bother looking at explanations, they automatically presumed that this survey from another country complies to their long-term grading experience in German scholar system. Can't blame them.

Therefore we looked arround, what are grading standards in school systems around the world?

USA and influenced states use ABCDEF grades. Europe differs very much depending on history, somewhere 1 is bad, under the German skirt it is excellent (Chezh republic and Slovakia also).
Eastern European countries, Asia and Oceania use either Russian 1-5 system or percentage system 0-100%.

Interesting details:

• Venezuela uses rather exotic 0-20 grading system
• Ecuador and Serbia (opposite hemispheres) use similar 5-10 grading systems where 5=fail and 10=excellent.
• A lot of countries use different grading systems for primary, high school and university grades.

So what approach to take in grading customer satisfaction in order to make it intuitive regardless of their local education background?

 

We had only two solutions:

• Go to using 1, 2, 3, 4 grades, where customers won't be able to relate to their finer graded school system. 1-4 is also good because it eliminates the indifferent middle grade, and it forces a customer to decide for better or worse 2 or 3.
• Take the -2, -1, 0, 1, 2 grading approach. Good: it is self-explanatory, negative numbers can't be good. Bad: it leads the customer to a mediocre "0" grade, suggesting that it is OK.

For now, we are using the second proposed grading system, accepting the downside that some customers see nothing bad in selecting a "0", which is a neutral grade.

An additional tweak would be to change grades to -1, 0, 1, 2, which would "push" a customer towards positive grades some more.

What metod do you think is most apropriate for you?


Related articles:

Customer Satisfaction 
How bad do we need it in IT Service Management? Where is it mentioned and where is it dealt with in ITIL V3? How do we manage it in real life?

Customer Satisfaction Survey: What Methods To Use?
How to gather customer satisfaction data? What methods are there? What ITIL says? What methods will work for you?

ISO 9000 - ISO/IEC 27001 - ISO/IEC 20000: How do They Fit Together?

 -
With newly refreshed ISO/IEC 20000 alignment to ISO 9001 and ISO/IEC 27001, I thought it would be nice to have a set of more detailed information about relations between these three, all in one place.

Think, there is a great chance that a Service Provider aiming for 27001 or 20000 already implemented ISO 9001. And once we have two standards out of these three, how much more work is it to get the third one?

For new people here:

• ISO 9001 is a Quality Management standard
• ISO/IEC 27001 is an Information Security norm
• ISO/IEC 20000 is dealing with Service Management. It was developed on ITIL V2 basis and is now in a second edition. Have a look at posts:
• ISO/IEC 20000 Rediscovered
• ISO/IEC 20000 Brief History
• ISO/IEC 20000 Refreshed

If a company already adopted a Quality Management mindset from 9001, then going either for 27001 (Information Security Management) or 20000 (Service Management) is a natural thing. Usually the order of implementation is determined by local market demand and governmental regulation of the core business (Financial organizations, Service providers, military...).

Implementation of ISO/IEC 27001 brings a significant market advantage to a Service Provider, since it is often a requirement in tenders, especially in European countries. It will make you care about security, both yours and of your customer. In the beginning it will feel a bit restraining, but for a good reason. It will significantly reduce risks of losing contracts due to information security reasons.

ISO/IEC 20000 requires a broad specter of implemented processes, but if you are a service providing organization with some experience and knowledge of ITIL (could it be otherwise?), then it shouldn't be a problem. It will only make you define neglected or less cared for aspects and Service Management processes.

Here is a simple diagram I use in presentations to communicate a quick win-win feeling to the audience:

How ISO 9001, 27001 and 20000 overlap

And here is a table of more detailed relations.

ISO 9001 - ISO/IEC 27001 - ISO/IEC 20000 Mapping

This is still a working version of the table, but still pretty usable. Hope you enjoy it. If it displays too small for you when clicked on, you can copy it with rightclick and paste it to your favorite text or picture editor. Or, click here on my Google pages.

ISO/IEC 20000 Refreshed

As we all probably know, in February this year a new edition of ISO/IEC 20000-2 (Guidance on the application of service management systems) was published, following the last year's (April 15.) new edition of ISO/IEC 20000-1. Now that we have Requirements and Code of practice, we can talk more on what's new and how it fits in what we already have.

I would like to shortly outline main new moments that happened to ISO20k during last year.

First, as expected, standard is more mature and seasoned. After 5-6 years in production, bottlenecks and most of logic-defying points are corrected.

There are more requests (256 "SHALLs" vs. previous 170) but they are more reasonable, understandable and even somewhat less demanding then before.

Language is "internationalized", in a way that you don't have to be born in UK to understand most of it.

Also, terminology and content is made more compatible with ISO 9001 and ISO/IEC 27001 since these standards are likely to coexist in Service Support organizations.

ISO/IEC 20000 Process Schema

Some changes reflect a shy alignment to ITIL 3, although the overall concept indicates major divorce from ITIL altogether. Prior to pre-release info, this was a subject of guesswork: is the new edition going to be aligned to ITIL V3? So we got our answer-a firm NO.  It would be difficult to align to ITIL's new 'I want to be all and encompass everything' philosophy. So ITIL is now more aligned to ISO20k then vice versa.

Additionally, ITIL is now lifecycle-oriented framework of best practices (or wannabe best :) and ISO20k is a process-oriented standard, so the intentions behind each one are basically different.

Clause 3 Terms and definitions now has 37 terms instead of 15 from previous edition. Two items are removed: service desk, and change record. Service Desk since it refers to a function, and ISO20K is process oriented with no other organizational references.  Change record probably to remove potential ambiguity with ISO9000 records.

• Some additions to clause 3 are for additional compliance with ISO 9001: continual improvement, corrective and preventive action, customer, nonconformity etc.
• Some other additions refer to ISO/IEC 27000 family: information security and information security.
• Also a few are here to refer flirting with ITIL 3: service, service request, transition...

Previous clauses 3 Requirements for a management system and 4 Planning and implementing service management are now merged to 4 Service management system (SMS) general requirements. Introduction of SMS is the main indicator of alignment with ISO9000 (Quality Management System - QMS) and ISO/IEC27000 (Information Security Management System - ISMS).

ISO/IEC 20000 with number of SHALLs for every clause

Former Incident management now became Incident and service request management, one of small concessions to ITIL 3.

A significant tribute to ITIL 3 is clause 5 Design and Transition of new or changed services. Which represents a serious chunk of 20k, but that's about it, if we are looking for an expansion of ITIL ISO20K love story.

There is no release module any more, and Release management is now in 9 Control processes, logically  together with it's sisters Change and Configuration management, now called Release and Deployment management, just to be sure everyone understands what is it all about.

Catalogue of services is not just a recommendation in part 2, it is required in clauses 4, 5 and 6.

Clause 4.2 Governance of processes operated by other parties is added in order to make SP demonstrate management of his external suppliers and internal business organizations which participate in service delivery.

These are the basic changes I've noticed. My opinion: ISO/IEC20000 goes in the right direction. Requirements are more mature and aligned with the real world. ISO20k is a very useful formal framework for service improvement, aligned with industry best practices. Especially when used in synergy with ISO 9000 and ISO/IEC 27000. If you are a serious service provider (as my company is), then 20000 is the way to go. It is good for you and your company too.

Configuration Management Basics

Mission
To identify, record and report on configuration items and their relationships that underpin IT services.

Goals

• To account for all IT assets, configurations and services within organization
• To provide accurate information and documentation on configurations and assets to other SM processes
• To provide a sound basis for Incident, Problem, Change and Release management
• To verify configuration record and correct exceptions

Configuration Management Mind Map

Definitions
Configuration Management: The process of identifying and defining Configuration Items in a system, recording and reporting the status of Configuration Items and Requests for Change, and verifying the completeness and correctness of Configuration Items.
CMDB - Configuration Management Database: database which contains details about the attributes and the history of each CI and details of the important relationships between CIs.
CI - Configuration Item: basic CMDB element. Component of an infrastructure that is under the control of Configuration Management. CIs may vary widely in complexity, size and type, from an entire system (including all hardware, software and documentation) to a single module or a minor hardware component.
DSL - Definitive Software Library: a physical library or storage repository which contains authorized master copies of software versions. May consist of one or more physical software libraries or filestores, and can include physical store to hold master copies of purchased software, disaster safe.
DHS - Definitive Hardware Store: secure storage of definitive hardware spare components and assemblies. Details of these components and their builds and contents should reside in CMDB. DHS items can be used on demand for additional systems or in the recovery from major Incidents.

Objectives

• To provide accurate configuration information
• To define and document processes and procedures
• To identify, label and record CI
• To control and store authorized specifications documentation and software
• To report on status and history of CIs
• To record changes to CI in a timely way
• To audit physical items and reconcile any differences between them and the CMDB
• To educate and train in control processes
• To produce metrics on CI, changes and releases
• To audit and report and exceptions to standards and procedures

Process

• Planning
• Identification
• Control
• Status accounting
• Verification and auditing

Benefits

• Accurate information on CIs and their documentation
• Controlling valuable CIs
• Adherence to legal obligations
• Financial and expenditure planning
• Making software Changes visible
• Contributing to contingency planning
• Supporting and improving Release Management
• Improving security by controlling the versions of CIs in use
• Enabling the organisation to reduce the use of unauthorised software
• Allowing the organisation to perform impact analysis and schedule Changes safely, efficiently and effectively
• Providing Problem Management with data on trends
  

Possible Problems

• Wrong CI detail level
• Adequate initial analysis and design
• Configuration Management implemented in isolation
• Lack of commitment to maintaining accuracy

Critical Success Factors

• Managing Configuration Item information
• Providing capability to perform risk analysis of changes and releases

Key Performance Indicators
Managing CI Information

• Number of CIs logged and tracked
• Number of CIs with attribute failures
• Number of changes to CI attributes
• Number of additional CIs
• Number of deletions of CIs
• Number and frequency of exceptions in configuration audits

Providing Capability To Perform Risk Analysis Of Changes and Releases

• Number of incidents caused by inaccurate configuration data
• Percentage of Services tracked with CIs versus known products and services

Incident Management Mind Map

I have process mind maps, and I am looking for a free tool to display them on the web. Until then, here is a JPG of Incident Management mind map.

About IT Service Management

IT Service Management, as a primary enabler of IT Governance objectives, deals with IT systems from a customer's view: "What and how can my IT contribute to my business?"

ITSM is a discipline for managing enterprise IT. It's task is to defocus IT practitioners from technology and put customer deliverables on a first place.

Definition: “Service Management is a set of specialized organizational capabilities for providing value to customers in the form of services.”

IT Service Management is a discipline which deals with transforming resources into value for a customer, according to definition of a service. Main capabilities in Service Management are functions and processes for managing services through the service lifecycle.

By purchasing or using a service customers get the outcomes they want to achieve. Perceived quality of these outcomes determines the value of the service to the customer.

A process “is a set of coordinated activities combining and implementing resources and capabilities in order to produce an outcome, which, directly or indirectly, creates value for an external customer or stakeholder.”

Business wants  IT to support its existing business processes effectively and dynamically. Business managers often lack the insight on complexity and problems of supporting the business process within the realm of IT resources. IT people, on the other hand, do not exactly understand goals of business managers. Service Management principles are used to reduce this gap. Among others these principles are specialization and coordination, agency principle, encapsulation etc.

As said earlier, main Service Management capabilities are functions and processes:

Functions
Functions are “units of organizations specialized to perform certain types of work and be responsible for specific outcomes.” Functions are self-contained  units with their work methods, processes and body of knowledge. They can be viewed like, and often they are, organizational business units.

Service Desk is the oldest known ITIL function. It provides a single point of contact for Customers while dealing with restoration of normal operational service with minimal business impact on the Customer. Other functions are Application, Technical and Operations management.

To improve cross-functional coordination and evade pitfall of silo-mentality, service management needs well defined Processes.

Processes
Process has actions, dependencies, sequence, inputs and outputs. Process is measurable, it has specific results and its own customers (owners). Also, process is usually event driven.
For Example, Incident Management is a process:

• It starts by incoming call or operations control tool notification (Event)
• We can count incidents, resolved in a first call or specific types (Measurable)
• We know the results of all closed incidents (Output result)
• Every incident has a contact person, (Customer) and Service Desk is the Owner

Operations Management is not a process, it’s a day-to-day activity which interacts with processes. On the other hand, some organizations can define some functions as processes if it suits their business and organizational requirements.

ITIL Processes in Lifecycle stages

Service Management

Have been thinking about service management a lot lately. Since the core bussines of my company is SM, we are educated in most of the known methodologies and implementing most of the best practices from ITIL, MOF, COBIT, ISO...
Blogging about it could be a good way of setting some basic knowledge points for the new people in the business. I will take the liberty of reshaping and adding to previous posts according to comments and sugestions of the People.