Session 709 Wednesday, October 23, 9:00 AM - 10:00 AM Track: IT Governance and Security Framework Fusion Andrew Bream Senior Director, IT, L-3 ommunications drew@andrewbream.com Session Description A myriad of IT service management frameworks are available to today s IT professionals:, OBIT, MOF, and MMI, just to name a few. So how do you choose the framework that s best suited to your organization s needs? The truth is, each framework is limited, covering only a few of the processes today s IT departments need to deliver desired outcomes and business value. In this session, attendees will learn how various frameworks overlap and how they can be effectively and efficiently fused to form an integrated process framework that increases coverage without adding significant cost or effort. Andrew Bream will explain how one lean IT organization adapted the best of OBIT, ISO, and MMI to maximize process implementation and reduce costs and risk. Some of the takeaways include a repeatable process for evaluating and integrating different frameworks, lessons learned, and sample framework integrations. (Intermediate) Speaker Background Andrew Bream is the senior director of IT at L-3 ommunications. He has twenty years of experience in IT leadership, and in that time he s overseen all phases of service the service lifecycle, from strategy and design to transition and operation. Andrew has overseen many successful ITSM improvement projects, including leading his team to a successful ISO certification in 2009. In addition to being a certified ISO onsultant, Andrew is a certified v3 Expert and Trainer.
Framework Fusion SESSION 709 Andrew Bream Sr. Director of IT, L-3 ommunications 18 Years in IT Management Role v2 Service Manager & v3 Expert ertified Project Management Professional ertified Process Design Engineer ertified onsultant Instructor Lean Six Sigma Green Belt Trained Lead General Dynamics ISO Team Lead MMI -SV Implementation
Why is fusion a good idea? Target value-added services Build a framework with best fit to services Align processes to organizational goals Utilize frameworks to meet standards Gain competitive advantage Efficient use of resources Frameworks, libraries and standards, oh my! Standard 27001 Framework MMI -SV OBIT 5 MOF TOGAF Six Sigma Body of Knowledge PMBOK EABOK Standard Documented requirements, specifications, or code of practice that can be used consistently to ensure that materials, products, processes and services are fit for their purpose. Framework An organized set of good practices and high-level processes that can be used as a template to define a new or existing process. Body of Knowledge A complete set of concepts, terms and activities that make up a professional domain, as defined by the relevant professional association. Framework used generically in this presentation
Standard Overview :2011 IT Service Management (ITSM) Standard Minimum requirements for ITSM system Great starting point for implementing 27001:2005 Security Techniques Minimum requirements for security management system Framework Overview ITSM good practices Strategy, Design, Transition, Operation, ontinual Improvement OBIT 5 Enterprise IT governance MMI -SV Model for delivering services Implemented either ontinuous or Staged TOGAF The Open Group Architecture Forum Enterprise architecture framework Six Sigma /Lean Six Sigma Process improvement methodology ISO 31000:2009 Risk Management Risk management principles and guidelines NIST ybersecurity Framework Framework of standards, guidelines, and best practices for protecting critical infrastructure
Body of Knowledge PMBOK Project Management Body of Knowledge Project management good practices EABOK Enterprise Architecture Body of Knowledge Enterprise architecture good practices Standard vs Framework vs Governance Standard Proof to external organizations Instills rigor, maintains focus The What Framework an be selectively implemented Structure of effective practices The How Governance Business/IT alignment Visibility to senior leadership
Mapping frameworks to IT Availability Business Relation hange onfig Enterprise Arch Financial Governanc e Incident NIST MMI - SV MMI - SV MMI - SV MMI - SV NIST KING III TOGAF MOF TOGAF MOF EABOK MOF TOGAF MOF OBIT OBIT OBIT OBIT OBIT OBIT OBIT Mapping frameworks to IT IT Security Problem Process Improvement Project Release Risk Service Level Supplier 27001 MMI - SV MMI - SV MMI - SV MMI - SV MMI - SV 31000 MMI - SV MMI - SV NIST NIST MOF Six Sigma MOF PMBOK Prince2 MOF TOGAF OSO PMBOK OBIT OBIT OBIT OBT OBIT OBIT
MMI -SV to Mapping Maturity Process Area ategories MMI Process Areas Match ISO 2 Project & Work Supplier Agreement High Supplier 2 Support onfiguration High onfiguration 2 Engineering Requirements Low Release 2 Project & Work Work Planning Low Planning & Impl New or hanged Services 2 Support Process & Product Quality Assurance Low Release 2 Service Est. & Delivery Service Delivery Medium Service Level 2 Support Measurement & Analysis Medium Service Reporting 2 Project & Work Work Monitoring & ontrol None N/A 3 Project & Work apacity & Availability High apacity Avail & ontinuity 3 Project & Work Service ontinuity High Service ontinuity & Availability 3 Service Est. & Delivery Service System Transition High Planning & Impl New or hanged Services 3 Service Est. & Delivery Incident Resolution & Prevention High Incident / Problem 3 Project & Work Risk Low Management Responsibility 3 Support Decision Analysis & Resolution Low Problem 3 Process Org Process Definition Medium Management Responsibility 3 Process Org Process Focus Medium Planning & Impl (SIP) 3 Process Org Training Medium Management Responsibility 3 Service Est. & Delivery Strategic Service Medium Planning & Impl Service 3 Service Est. & Delivery Service System Development Medium Planning & Impl Service 3 Project & Work Integrated Work None N/A 4 Process Org Process Performance Low Planning & Impl (SIP) 5 Process Org Performance Medium Planning & Impl New or hanged Services 4 Project & Work Quantitative Work None N/A 5 Support ausal Analysis & Resolution Medium Problem Selecting your processes Pain points Integrated framework ISO : a starting place for Business priorities Senior leadership interviews IT / business strategy alignment Standard required by contract Mapping inputs & outputs
Pain Points Low customer rating for IT performance and quality Failure to meet contractual requirements High number of repeated IT incidents Multiple backed out or failed changes IT reactive instead of proactive IT limits enterprise agility Multiple failed initiatives Hidden IT factories Mapping inputs and outputs Supplier Processes Inputs Process Output s ustomer Processes SIX SIGMA - SIPO Analysis (Suppliers, Inputs, Process, Outputs, ustomers) Supplier Inputs Process Outputs ustomer Enablers
Integration putting it all together Identify a process owner Define process goals Develop meaningful metrics based on goals Determine process scope Eliminate overlap between process areas Relationship map Example: Relationship Map
Use available implementation guidance Kotter s Leading hange The ITSM Process Design Guide (Knapp, 2010) Implementation Guidance OBIT Implementation -5 Exemplar Implementation Plan Lite: A Road Map to Full or Partial Implementation (Fry, 2010) Lean Six Sigma DMAI Use Key Implementation Enablers Senior management sponsorship Stakeholder engagement Staff training Process owner buy-in Proper scoping ulture of adoption
Example: Implementation Plan Measure and Manage Implementation Establish a governance committee Establish gateways to ensure: progress business goal alignment OBIT 5 IT Related Goal Sample Metrics Process Goals and Related Metrics
Examples: Tracking Matrix MMI -SV PIID Matrix Goals Goal or Practice Organizational Unit omments (related to how the Organizational Organizational Unit PII Appraisal Appraisal Team Points and Statement Practice is met) Unit PII Direct Indirect Artifacts Team Affirmations Earned Practices Artifacts omments (0 or 1) SG 1 Estimates of project planning parameters are established and maintained. 0.0% SP 1.1 Establish and maintain Direct Artifact: Project harter template is filled out by the Project harter SRR Electronic Approval the project strategy. project manager or steering committee at the beginning of the project Indirect Artifact: The Project Owner and other stakeholders accept the Project harter at the System Requirements Review meeting via an electronic approval or a signed acceptance sheet. SP1.2 Establish a top-level Direct Artifact: Project Schedule Template in Proj Docs WBS work breakdown Library is filled out and broken down to a work product level structure (WBS) to by the project manager to estimate the scope of the project. estimate the scope of the project. Indirect Artifact: Project schedule created by the PM that lists the tasks needed to complete the project. ISO Process Documentation Matrix Project Schedule lause Date Time Section Title ISO 20K Requirement Assigned To Documentation Evidence Location Notes 3.0 2/19/2009 9:00 Requirements for a Objective: To provide a management Management System system, including policies and framework to enable the effective management and implementation of all IT services 3.1 2/19/2009 9:00 Management Through leadership and actions, top/executive Andrew Bream ISO 20K harter ISO 20K harter Audit > 4.1 Plan Responsibility management shall provide evidence of its Service commitment to developing, implementing and Management improving its service management capability (Plan) > Folder within the context of the organization s business and customers requirements. Benefits Realized ost savings in post release rework Processes are documented and measured Process dependencies are mapped Annual audits re-enforce process rigor Raised awareness of IT performance and benefits ontinual service improvement institutionalized Suppliers aligned to service levels IT aligned to business
Benefits Realized cont. Lessons Learned Identify business goals first Map ideal process upfront Map integration points early Training is critical Don t lose momentum Keep focus narrow deliver benefits Define your metrics and measure your progress Implement good enough, followed by robust SIP Terminology differences a challenge Multiple frameworks require process management tools
onclusion Framework Fusion Use all the tools in your toolbox Best suited for: Mature organizations Organizations requiring targeted improvements Standard certification required Fill gaps in existing process framework Framework How to meet standards Discussion
Resources MOF (technet.microsoft.com/en-us/library/cc506049.aspx) isoieccertification.com itsmf SIG & Bookstore American National Standards Inst (Ansi.org) itil-officialsite.com best-management-practice.com ISO (ISO.org) ISAA (isaca.org) TOGAF (opengroup.org) SEI (sei.cmu.edu) PMI.org Thank you for attending this session. Don t forget to complete the evaluation!