The EDP Audit, Control, and Security Newsletter

EDPACS The EDP Audit, Control, and Security Newsletter

more

ITIL Version 3 framework

Many organizations are looking to implement Service Operation Processes as a way to improve the structure and quality of the business.The information found within the book is based on the ITIL Version 3 framework, specifically the Event Management, Incident Management, Request Fulfillment, Problem Management and Access Management processes.
The book is designed to answer a lot of the questions about IT Operations Management and provide you with useful guides, templates and essential, but simple to use assessments.
The supporting documents and assessments will help you identify the areas within your organization that require the most activity in terms of change and improvement.
Presentations can be used to educate or be used as the basis for management presentations or when making business cases for IT Operations Management implementation.
If you're like most IT business leaders, process innovation now tops your agenda. But despite all the talk and excitement about the importance of process innovation, managers have so far found scant help for innovating in a systematic way that fuels consistent growth and sustained success. In "IT Service Operations Management Guide", The Art of Service changes all that. The PDF shares the accumulated wisdom from The Art of Service--the education firm that helps clients instill IT process innovation into their very core. Drawing on a wealth of stories and examples, the PDF shows how IT Organizations of every stripe overcome the barriers to successful, profitable process innovation. You'll find parts devoted to crucial topics--such as how to organize Incident Management, Event Management, Problem management, Access Management and Request Fulfilment. Frequent hands-on tools--frameworks, checklists, probing questions--help you put the PDF's ideas into action. "IT Service Operations Management Guide" is the definitive field Guide for making innovation a core competence in your IT organization.
Get the details on this unique offer now, check out the Demo, Toolkit downloads Instantly
About The Art of Service

As a cutting edge IT Service Framework Company, The Art of Service is leading the way in providing high end, client focused Education Programs in both the local and international arena. The company has served over 800 clients and 20000 students in 33 countries. A recognized leader in the IT Service Management community, The Art of Service is quickly becoming the IT Specialist's Educator of Choice.

With a passion for IT Service Management and having first hand experience in seeing business improvement benefits as a result of implementing IT service frameworks, the founders had a vision to be "Enablers of IT Service Management Excellence". Today their vision is a reality.

The Art of Service has grown into a respected education company and now provides high quality education services and products worldwide. The "Best-of-Breed" approach is evidenced through the quantity and calibre of our partnership networks and resellers.


Top Sellers
01
The ITIL V3 Factsheet Benchmark Guide
02
ITIL V3 eLearning Bundle - Foundation, Book, Exam Prep
03
Service Catalog Process Kit
04
A Must: The Complete ITIL V3 Readiness Assessment Kit
05
Release and Deployment Management Toolkit
06
All Files - Service Level Management Process Kit
07
ISO/IEC 20000 Online Learning Foundation
08
How to Develop, Implement and Enfore ITIL V3
09
All Files - Change Management Process Kit
10
The CMDB Creation and Maintenance Toolkit

Getting a product or service from The Art of Service means to your organization that you will get:
Quality, before, during and after the purchase
Flexibility in education options and creation and delivery of products to meet your needs
A personal approach to sales and clients
Delivery of results
Everybody in the office is available to you. We're here to help.
Specialists in a niche market


50 Commercial Road, Newstead QLD 4006

whether all the servers on site had to be compliant

I was talking to a customer who was about to go through ISO27001
certification and I was asked whether all their servers on site had to
be compliant or whether some are overlooked from an auditing point of
view? For an example would print servers or development server fall
under the same scrutany as email or main file servers?

I have seen how a previous customer who wanted to reach PCI compliance
only have to audit servers that house the secure credit card
information and I was not sure whether ISO27001 works on a similar
principle or whether all network servers would come under the same
remit?

NO
To expound a bit, one needs to look at the scope of the ISMS implementation. It could not be for the whole company.

The decision on which servers or networks or information assets to be made compliant to "some" of the controls would depend a lot on the risk management process. The risk management process provides a structured framework on the selection of controls.

With risk management, organizations do not have to buy a "$10 fence to protect a $5 horse."


Dave
--~--~---------~--~----~------------~-------~--~----~

IT Risk Management

Volume 1

Business risks can range from everyday operational shortcomings to rare cataclysmic failures. Over the past decade, Information Technology (IT) systems have become critical to every aspect of business resulting in a level of dependence on IT not seen in the past. As a result, IT Risk, once a minor component of operational risk, is emerging as a major hazard for organizations to identify and manage. IT Risk includes security, availability, performance and compliance elements, each with its own origins and capacity for harm.
Symantec's IT Risk Management Report analyzes the results from a year-long study that examines IT Risk, based on interviews with more than 500 IT executives and professionals around the world. The report is designed to help organizations understand the fundamental elements of IT Risk Management and provide best practices to begin managing those risks.
The Report outlines a five-step process for organizations to follow to manage IT Risks and become best-in-class. Best-in-class is defined in the study as the top quartile of performance based on reported effectiveness in implementing 16 control areas. The five-step process helps organizations formalize their approaches and avoid problems by prioritizing and quantifying risk, sustaining Risk Management efforts and continually measuring IT Risk Management effectiveness.
Symantec has also published two "mini" IT Risk Management Reports, which drill down on more specific risk management topics. The first, Information Lifecycle Management, finds that while organizations rate their current ILM efforts as generally effective, supporting and related controls often fall short. This may indicate fragmentation in ILM initiatives that organizations may overcome by deploying ILM within the framework of effective IT Risk Management. The second, Public Sector IT Risk Management, highlights that public sector organizations rate themselves effective at classifying and managing IT assets, less effective at securing information assets throughout their lifecycle—and particularly weak in secure application development.

more

IT service management: is it now too important to leave to the IT department alone?

How and why the IT function needs to change its relationship with the business
IBM Global Technology Services

Contents
3 Focus on management

4 Pressure on services
5 Need to evolve
6 Break down barriers
7 Unclear responsibilities
8 Challenges of interdependence
9 Understand the architecture
10 New strategic approaches
11 Pricing IT services
12 Value of the infrastructure
13 On-the-ground excellence
14 Significant benefits to be unlocked
15 Time is right for the next phase

Highlights
IT service management must become more focused on business needs if it is to facilitate the necessary combination of speed-tomarket, flexibility, control and improved efficiency required for enterprises to compete effectively in the marketplace.
The rising importance of IT in virtually every aspect of business has engendered a matching rise in the cost and complexity of the IT infrastructure. This has both made IT an easy target for cost-cutting exercises and put pressure on times-to-market for new services delivered to the business.

The business function expects IT to tighten its belt and to streamline IT service provision, for improved responsiveness to changing business requirements. Simultaneously, the expectation is for higher resilience, control, availability and quality of service. The challenge for the IT organisation is to balance these potentially conflicting demands: high speed-to-market and flexibility versus auditable control and low costs.

As the business looks to build new composite services at high speed – in particular through the service-oriented architecture (SOA) model – the IT organisation must align itself more closely with business goals and change the way it manages IT service provision.

Now that IT plays such an important role in the overall success or failure of any organisation, the business rightly expects the IT department to broaden its focus and to take a more mature and holistic attitude to IT service provision. Fundamentally, the IT function needs to step out of the shadows and start taking responsibility for understanding and meeting the business requirements.



Growing pressure for higher quality IT services requires the IT organisation to radically change its outlook.

The first phase of IT service management as a discipline was based on the core IT Infrastructure Library (ITIL) processes, and focused largely on tactical service support processes such as incident management and change management. ITIL Version 3 has introduced new processes and concepts to broaden the scope of IT service management, enabling it to cover business processes, organisation, governance, technology and data. In combination with the Val IT and COBIT best practices from the IT Governance Institute, ITIL Version 3 provides a powerful set of tools for extending the service management capabilities.
While these tools certainly provide a solid grounding for the next phase of IT service management, there is also a need for deeper strategic thinking about how the whole IT organisation should function and evolve. In particular, the IT function will need a far greater awareness of how IT service provision relates to the overall goals of the business.
Businesses of all kinds are under increasing pressure to build smarter, more reliable, more responsive infrastructures.

Customer expectations for “always-on” service are growing, as is the complexity of the regulatory framework. Commoditisation and globalisation in the market are eroding margins, and innovation in products and services is key to maintaining competitive advantage. All of these factors drive the need for an IT organisation and infrastructure that can respond rapidly, flexibly and at low cost to new requirements from the business.

The challenge that faces the typical IT organisation is how to gain speed-to-market across an infrastructure that is fragmented, opaque, inflexible and hard to manage. The infrastructure will most likely have grown in a relatively unplanned and unstructured manner, with numerous tactical implementations to meet pressing new business and regulatory requirements. Corporate acquisitions will contribute to the fragmentation of the infrastructure, imposing disorder on even the bestorganised IT departments. The resulting hotchpotch of systems will inevitably eat up most of the department’s resources in fire-fighting and trouble-shooting – leaving little time or focus for strategic development.


IT organisations need to evolve their attitudes to IT service management.
Beneath the technological challenge is a more significant organisational one – most IT organisations are simply too disconnected from the business to even know precisely what it wants, let alone be able to deliver it as rapidly as required.

Before the IT organisation can really address the issue of the disconnect with the business, it needs first to put its own house in order. In most cases, there is likely to be a significant internal division between the development and operational sides of the IT organisation. The first step is to bridge this division and build a coherent, integrated IT organisation that seeks to serve the business rather than focusing on internal silos of responsibility.

Part of the maturation process that characterises the second wave of IT service management is a willingness to take a step back and see how business processes map to the IT infrastructure and IT management processes. The IT organisation needs to emerge from its silo and understand the challenges the business faces, then adopt new tools and methodologies to benchmark its service against these challenges. Adopting these new, second-wave IT service management techniques will transform the IT organisation from a fragmented, reactive, tactical cost-centre into a holistic, proactive, strategic centre of innovation.

The first phase in the adoption of IT service management as a discipline focused largely on service support processes, covering areas such as incident management, change management, first-generation configuration management and performance management. Based on ITIL best practices, these services covered day-to-day service support, with relatively little by way of strategic thinking about how the whole IT organisation should function and evolve. This approach to IT service management is outdated: there has been no clear framework governing the totality of service management, and in particular, too limited an awareness of how IT service provision relates to the overall goals of the business.


Breaking down the barriers between IT and the business.
In the past, attempts to create a more holistic form of IT service management were frustrated by technical difficulties and by a lack of clear processes and methodologies. The need for cultural change – both inside the IT organisation and externally, in its relationship with the business – also proved a significant barrier.

As businesses look to respond and adapt faster to external market pressures, the unwieldy, fragmented, distributed IT architectures that underpin them are increasingly the main obstacle. Managing effective service provision across these complex environments is certainly technically difficult, but there is a growing awareness that redefining the IT service management processes is an equally important task.

Today, the technology, methodologies and – crucially – the willingness to change are all coming into effect. The second wave of IT service management mirrors the steady maturation of IT as a profession. More and more IT practitioners are likely to have business-focused qualifications and experience to supplement their technological skills. Professional qualifications in IT are also changing to focus more on how IT can serve the business and less on pure technical and architectural considerations. For example, ITIL Version 3 now provides a holistic service-lifecycle framework for service management that recognises the importance of an end-to-end view of service management across all processes, technology elements and organisational parts of the enterprise, including the business. ITIL Version 3 also includes more rigorous certification standards.

With a new breed of IT specialist who also understands the business, IT service management can now evolve to become much more in tune with the business requirements.

Unknown risks and unclear responsibilities in distributed infrastructures.
The push for integration between the business and IT organisations in part reflects the emergence of IT as a profession, and is in part a response to external pressures. So there is both bottom-up pressure from business-savvy IT executives keen to break out of the “backroom”, and top-down pressure from business executives who recognize that flexible and responsive IT service provision is the key to competitive advantage.

Formerly, the IT organisation has been, to a degree, autonomous: the business gave it systems to run, and the IT function executed to agreed service levels. In a legacy environment, each new business requirement is met by introducing a new service, often built from the ground up. As a result, most legacy environments include significant duplication of functionality – making them inefficient as well as complex and more costly to manage. Equally, it is difficult to ensure adequate controls, auditability and risk management in a fragmented and siloed legacy environment.

The advent of service-oriented architecture (SOA) is breaking down the barriers between the two sides, encouraging the business to take a greater interest in the potential benefits of new technology, and enhancing the value that the IT organisation can bring to strategic business discussions. This coincides with a new-found confidence in the IT department to articulate the value of technology to the business. SOA aims to componentise the functional architecture, so that business processes developed in one area can be re-used in another area, increasing flexibility, boosting speed-to-market for new services, and reducing cost by enabling the “recycling” of existing functionality. This means that a component of the IT architecture may support a number of different business processes.

Defining and managing interdependent services across a distributed IT infrastructure.

In an SOA approach, the requirements of all the different business services are analysed and broken down into process components. These components are generalised and abstracted as far as possible to enable their re-use across a variety of services. Creating a new business service is then as easy as linking together the necessary components, enabling rapid time-to-market with a high degree of control and at low risk.

Of course, the reality of SOA is more complex than this brief summary suggests, but the key point is that the technology already exists to make it possible. In most cases, the obstacle to adoption is precisely the weak links between the IT and business organisations. The new wave of IT service management can strengthen these links, providing a better understanding of how IT services map to business processes.

In a typical distributed IT infrastructure, it can be difficult to precisely define and manage the interdependency of services. If a power supply for a group of servers is about to fail, is it possible to say precisely which business services will be affected? Is there a way to predict the overall impact on the business, and to take the appropriate actions to set up alternative services?

The tendency to split IT service management into separate elements has aggravated the physical complexity by promoting a fragmented view of the infrastructure. The siloed approach to IT service management has also encouraged a culture of taking responsibility only for the immediate, narrowly defined SLAs within each team’s own area.

A holistic approach to IT service management is crucial for the successful adoption of SOA, which is all about building composite business services from disparate underlying systems. The underlying systems and sources of information might be running on the same server, or on different servers in the same data centre, or even in different data centres. Equally, they might be running on servers hosted and managed by a partner organisation. They might even be owned and managed by a different legal entity – for instance, a supply chain partner.


Understanding how the IT architecture fits together and how its processes map into the underlying IT systems.

The fragmentation in the ownership of data and systems makes it crucial to understand the interdependencies that underpin IT service provision, and requires the IT organisation to forge much closer links with the people who understand the business services that are being supported. It is no longer enough to say, “we’re keeping all of these servers running”, since the business process itself may be dependent on a service managed by another company. The second wave of IT service management understands that it is no longer possible to manage IT service provision from a diagram of the network, and that it is much more important to define and promulgate an understanding of the dynamic processes, tools and responsibilities that govern the end-to-end availability of business services.

Many major organisations are moving to strengthen and bring to maturity several IT service management processes that have received less attention in the past: configuration management, release management, strategy and architecture management, and financial management. The need to improve configuration management is driven largely by the increasingly complex and demanding legislative frameworks in which organisations must operate. In the past, IT could be thought of as a black box – which suited the IT organisation rather well, and perpetuated both the disconnect from the business and the disjointed standards for IT service provision.

Now, every organisation needs to understand all the components of its business process architecture, which includes all the elements of the infrastructure and all aspects of IT service provision. The IT department needs to be able to show, in an auditable fashion, all the complex interdependencies of the architecture, to understand where risks may be present, and to assess what impact those risks might have. For its part, the business needs to understand how the IT architecture fits together, and how its processes map into the underlying IT systems, so that it can clearly understand the inherent risks. To enable this, the IT function needs to work more closely with the business, helping it to untangle the technical complexity and reveal the interdependencies. In IT service management terms, a more holistic approach is required -one which recognizes the need for configuration management and risk mitigation throughout the full IT service provision lifecycle.


Applying new strategic approaches to release management and architecture management.
The need to improve release management is also driven to a certain extent by the desire to mitigate risk, and it aims to balance speed-tomarket with adequate IT controls. The second wave of IT service management recognises that every organisation needs to define and enforce standards across every part of the infrastructure. When properly defined and executed, release management will ensure that new applications are delivered on time, within budget, without disruption or risk, and to the agreed business specification.

In the brave new world of the second wave of IT service management, this presupposes a far greater understanding of the business requirements within the IT organisation, and much closer teamwork. Well-handled release management also requires the healing of the rift between development and operations teams within the IT organisation itself.

The need to improve strategy and architecture management stems largely from the desire for greater flexibility and responsiveness. In the early days of IT service management, there was no consistent high-level view of the architecture; rather, everything in the realm of service provision was seen in terms of managing a particular service or application. Duplication and redundancy were either unnoticed or explicitly tolerated, leading to ballooning IT costs and the proliferation of silos, as the same functionality was built up in different systems in different ways.

Effective strategy and architecture management calls for the componentisation and commoditisation of the architecture – and these are also the first steps towards SOA. By looking at the architecture not in technical terms but in terms of the business processes it must support, an enlightened IT organisation can build a more flexible, simple and efficient architecture based on common standards. In this idealised architecture, components can be re-used to increase flexibility and speed to market while reducing costs.


Putting a price on IT services, and highlighting their value to the business.
Financial management is an extremely mature discipline in most businesses, but is likely to be a relatively new concept in the context of how the IT organisation interacts with the business. Server consolidation as part of the first phase of IT service management may have delivered cost savings, but the more critical element of cost control is on the operational side.

In an IT organisation that is driven by the requirements of the business – and that is even evolving to anticipate those requirements and deliver innovation for competitive advantage – there needs to be a better link between the provision of services and the cost to the business of those services.

In ITIL terms, much of this comes down to how the IT function charges the business – are there charge-back schemes, and is it possible to create on-demand, utility-model pricing?
A more proactive IT service management approach will look to create new ways to measure and increase the value of IT services to the business.

Implementing a structured approach to financial management will increase the perceived value of the work done by the IT organisation, as well as enabling the business to understand the real cost of IT. Charge-back mechanisms will help to make the IT organisation more accountable, transparent and professional, and will act to reduce the cultural divide between IT and the business.

What is the real cost – and value – of the IT infrastructure?
Without a clear understanding of the financial aspects of IT service provision, the IT budget will remain an easy target for cost-cutting initiatives. The more accurately the IT organisation can measure the value of IT service provision, the more the business will see that IT is a valuable contributor rather than just another overhead. If the business understands the cost of IT services and chooses to buy them, this has an important positive effect on the perception of the IT organisation within the business as a whole.

On the operational side, if there is no mechanism to assign value to IT work, and no overall view of work in progress, it is easy for business-critical development or support work to be queued behind less important work.

By implementing financial and service dashboards for IT service level agreements, charge-back arrangements and other aspects, and by providing different views according to job function, an organisation can more easily quantify the financial impact of an IT outage. This information can then be fed back into the setting of priorities for IT service management. This is a key aspect of the second wave of IT service management: it is all about feedback and evolution, and is no longer a static world of applied ITIL processes.

Improved financial management can also help the IT organisation to focus on the end-to-end availability of business processes, rather than on the availability of each individual component of the architecture. If the business is paying for specific services from the IT organisation, feedback will be faster and clearer when things go wrong, and IT staff will quickly gain a deeper understanding of how the quality of IT service provision translates into effective support for business processes.

Thought leadership and on-theground excellence from IBM.
IBM is uniquely positioned to lead in IT service management, with 25 years of continuous experience in managing global, heterogeneous, multi-vendor environments for organisations of all sizes. With more than 5,000 professionals, including operational managers, system architects, consultants and software engineers, IBM combines the best in people, assets, technology and methodology to help organisations move up to the next level of IT service management. IBM is a single-source supplier offering services across all phases: consultancy, design, development, testing, training, delivery, management, maintenance and enhancement.

IBM has very strong consulting credentials, and unmatched breadth and depth of industry experience. As expectations for 24x7 availability of services fan out from banking into areas such as retail, the experience gained by IBM in helping the early-adopter sectors is now feeding into best practices that can be applied across other sectors. IBM also has a vast reservoir of intellectual capital behind its on-the-ground experience, with skills and tools covering the full spectrum of the IT infrastructure and IT service management processes. The thought leadership of IBM filters down into best-practice tooling and capabilities. On the technology side, IBM has the tools to enable a composite view of IT services, with real-time graphical representations of the flow of transactions. This enables businesses to model expected changes in load, and drive automatic provisioning of new computing resources to take up the strain – delivering “infrastructure on demand”. IBM technologies also enable the introduction of charge-back schemes for usage-based services.

The automation of monitoring and provisioning enables pre-set, policy-driven responses, using easily customisable tools that offer known outcomes. Market-leading software assets, including IBM Tivoli, Rational and WebSphere solutions, and advanced virtualization technologies eliminate the current reliance on in-house tooling that may be undocumented and difficult to maintain. By providing an easy-tosupport, low-risk, low-cost solution that works out-of-the-box, IBM technologies share the philosophy that drives SOA: componentise the tools, standardise the solutions and processes.

IBM also offers tools that can capture development requirements and provide a full audit trail linking through to the completed application. If there are issues with the code, the IT function can then rapidly highlight the potential impact on the delivery of the original business requirements.


Significant benefits to be unlocked in four key areas.
There are significant benefits to be unlocked in each of the four key areas examined in this Point of View. By adopting best-practice IT service management approaches in each area, organisations can speed time-to-market, reduce costs, improve the quality of service and increase the responsiveness of the IT architecture to changing business requirements.
Configuration management

. Understand and mitigate the risks of the IT infrastructure . Develop new solutions faster through a better understanding of the current architecture and of the business requirements . Document and streamline IT management processes; build comprehensive knowledge management resources . Reduce business risk across operations and development. Release management

. Balance speed-to-market with adequate IT controls . Formalise, document and enforce standards from development through to production and beyond . Reduce both the risk and the potential impact of failure . Match release cycles to the business requirements. Strategy and Architecture management

. Govern approaches and define standards, for reduced risk . Reduce complexity and costs by componentising the architecture . Achieve faster time-to-market through a better understanding of business requirements . Automate operations and shift focus to long-term strategy. Financial management
. Match quality of service to perceived business value . Provide pricing models that fit with overall business goals . Prioritise work according to value, to make the best use of limited IT resources . Enable the business to understand the cost of IT and appreciate its value. IBM


The time is right for the next phase of IT service management.
As more business sectors move into the “always-on” age, the reliability of IT service provision will become ever more critical. Moreover, as IT becomes the primary source of competitive differentiation, IT service management will move from a role of reactive house-keeping into one of dynamic, proactive business development. If the IT organisation cannot adapt to this new role, then IT service management will indeed be too important to leave to the IT organisation alone.

The IT organisation must prepare to take a more proactive and prominent role in the delivery of business services. The challenges it faces are significant; not the least of them is the need for major organisational and cultural change. The IT organisation needs to build closer links with the business, and adopt new methodologies to benchmark its performance against real commercial objectives rather than against arbitrary and fragmented technical parameters.
The business function’s growing interest in SOA requires a greater degree of openness and cooperation from the IT organisation, with the ability to explain technology in terms of its business value. Since SOA will bring a greater interdependency in the infrastructure, and a greater likelihood that some elements of each composite business service will be sourced from external partners, the IT organisation must embrace a more holistic approach to IT service management.

Any enterprise that cannot resolve the disconnect between the IT and business organisations is likely to lose significant ground to the more focused, adaptable and fast-moving competitors that have got it right. By taking on the tools and methodologies of the second phase of IT service management, the IT organisation can emerge from its silo and act as a true partner, providing dynamic support to the business.

More information For more information on infrastructure solutions from IBM United Kingdom Limited 76 - 78 Upper Ground South Bank IBM Global Technology Services, please visit: ibm.com/uk/services London SE1 9PZ The IBM home page can be found on the Internet at ibm.com IBM and the IBM logo are trademarks of International Business Machines in the United Contributors Ian Salvage, IT Services Consultant, i_salvage@uk.ibm.com Inderpal S Dhanda, IT Architect , inderpal.dhanda@uk.ibm.com States, other countries, or both. Other company, product and service names may be trademarks or service marks of others.

The top 10 IT disasters of all time

Following the loss of the personal records of some 25 million child benefit recipients by Her Majesty's Revenue & Customs this month, the UK government will be acutely aware of how quickly mismanagement of technology can lead to serious problems.

more

Disaster Recovery

go here

ITIL, CoBIT and ISO: Overlap Or Complement?

go here

salient features of ISO 20000

ISO 20000
Where quality meets technology
Information is the most important strategic asset an organization has at its disposal. But all too often, information technology (IT) systems are overlooked or only superficially addressed as a technology issue. In reality, an IT system is a critical business resource which must have the right support processes and management in place in order to be successful.

IT service management is a top-down, business-driven approach to the management of IT. Specifically, it addresses the strategic business value generated by IT and the need to deliver high quality IT services - not only in the back end, but also for customers and their interaction with the IT system.

ISO/IEC 20000:2005 is the first international standard for IT service management and promotes the adoption of an integrated, interrelated process approach to delivering managed services. The standard is aligned with and fully compatible with the ITIL (Information Technology Infrastructure Library) framework.

ISO/IEC 20000:2005 consists of two parts under the general title Information Technology - Service Management:
ISO/IEC 20000:1:2005 (Part 1) is comprised of a number of specifications, including Planning and Implementing Service Management, Requirements for a Management System, Planning and Implementing New or Changed Services, Service Delivery Process, Relationship Processes, Control Processes, Resolution Processes, and Release Process.

ISO/IEC 20000:2:2005 (Part 2) is a "code of practice" that describes the best practices for service management within the scope of ISO/IEC 20000 Part 1. Part 2 helps those organizations looking to adopt ISO/IEC 20000:2005.

ISO/IEC 20000:2005 specifies integrated processes in these major sets, while following the PDCA (Plan-Do-Check-Act) methodology:
1. Service Delivery and Support: includes the services that the IT infrastructure provides in order to adequately support business functions and fulfill customer needs (both stated and implied). This includes service level management, continuity and availability management, capacity management, budget management, incident management, and problem management.

2. Planning to Implement Services: includes services that IT management plans to implement or upgrade at an agreed cost and quality. This includes change management, service delivery management, and release management.

3. Security Management: includes the security controls that are implemented and maintained to address the impact and likelihood of incidents at various stages. Services are planned to identify, control, and protect assets used in connection with the storage, transmission, and processing of information.

4. Business Perspective: this approach to the delivery of IT services focuses on the key principles and requirements of business organization and operation, in order to understand the relationship between the service provider and the customer or supplier. This includes business relationship management, supplier management, and service level management.

5. Resolution Management: includes restoring agreed services to the organization, and minimizing disruptions to business through proactive detection and analysis of cause and actions for improvements. This includes incident management, problem management, change management, configuration management, and service reporting.

6. Control Process Management: focuses on managing changes and configuring services to support the business and its customers. An integrated approach to changes and configuration includes identifying, controlling, assessing, approving, and tracking versions of service components and infrastructure. This includes configuration management, change management, incident management, and problem management.

7. Release Management: focuses on the roll-out of new or changed services, systems, software and hardware. It also focuses on the manner in which releases are recalled or remedied if unsuccessful. This includes development environment, controlled test environment, and live environment.

ISO/IEC 20000:2005 RegistrationIntertek is formally approved by the itSMF (Information Technology Service Management Forum) to provide registration and certification services for ISO/IEC 20000:1:2005 (previously BS 15000).

An organization seeking formal registration to this scheme must be assessed by an itSMF registered certification body (RCB) such as Intertek. We'll use our knowledge, expertise, experience, and industry insight to help you achieve your certification smoothly and cost-effectively.

Intertek Testing Services India Private Limited is accredited by itSMF

more

ITIL V3 exam prep

The Art of Service's ITIL V3 Foundation exam prep offers all the 7 modules for the ITIL Foundation V3 exam comprising of 80 questions in total designed to help candidates pass the ITIL V3 Foundation Exam.
It begins with a full-length diagnostic test that identifies where candidates should be focusing their efforts.
Candidates then can review weaker topics in the individual process area modules.
At the end of each module, candidates complete a progress-tracking test. At the end of the program, The Art of Service provides a final, full-length test to assess ITIL V3 exam readiness.The ITIL V3 exam prep contains full details of the Official ITIL V3 Qualification. Suitable for those taking the foundation exam, it provides an overview of the purpose, objectives, and format of the examination. This online exam preparation offers a top level introduction to understanding the Service Lifecycle and each of the five components of the Lifecycle to help candidates pass the foundation exam.Key features:
Uses terminology consistent with the ITIL Service Management Practices and the ITIL Glossary, acronyms and definitions.
The structure of the ITIL V3 exam prep is aligned with the structure of the exam syllabus.
Contains a Mock Exam with an Answer Key with rational to help the candidate pass the ITIL Foundation Exam.
It contains a full answer guide to give students more information and support.Click HERE to Read More...

For those of you who use ICICI Bank / SBI Internet Banking regularly, take care.
DUPLICATE SITE
Genuine Site

SAME IS THE CASE WITH STATE BANK OF INDIA SITE

Hi All,
An important piece of information.
Surprising both the sites have secured SSL from Verisign !!!! beware !!
This is one of the worst phishing scam ever seen. Here are the both the URLs, they are same, except there is a space (%20) at the end of the phishing URL. The wrong one
.in/BANKAWAY?Action.RetUser\u003cWBR\>.Init.001\u003dY&AppSignonBankId\u003cWBR\>\u003dICI&AppType\u003dcorporate&abrdPrf\u003cWBR\>\u003dN%20\u003c/span\>\u003c/font\>\u003c/a\>\u003cfont face\u003d\"Arial\"\>\u003cspan style\u003d\"font-family:Arial\"\> \u003c/span\>\u003c/font\>\u003c/p\>\n\n\u003cpre\>\u003cb\>\u003cu\>\u003cfont size\u003d\"4\" color\u003d\"navy\" face\u003d\"Courier New\"\>\u003cspan style\u003d\"font-size:13.5pt;color:navy;font-weight:bold\"\>Actual ICICI Site\u003c/span\>\u003c/font\>\u003c/u\>\u003c/b\>\u003cfont size\u003d\"4\"\>\u003cspan style\u003d\"font-size:13.5pt\"\> \u003c/span\>\u003c/font\>\u003cu\>\u003cfont color\u003d\"blue\"\>\u003cspan style\u003d\"color:blue\"\>\u003cbr\>\n\u003cbr\>\n\u003c/span\>\u003c/font\>\u003c/u\>\u003c/pre\>\u003cpre\>\u003cfont size\u003d\"2\" face\u003d\"Courier New\"\>\u003cspan style\u003d\"font-size:10.0pt\"\>\u003ca href\u003d\"https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001\u003dY&AppSignonBankId\u003dICI&AppType\u003dcorporate&abrdPrf\u003dN\" target\u003d\"_blank\" onclick\u003d\"return top.js.OpenExtLink(window,event,this)\"\>\u003cfont size\u003d\"4\"\>\u003cspan style\u003d\"font-size:13.5pt\"\>https://infinity.icicibank.co\u003cWBR\>.in/BANKAWAY?Action.RetUser\u003cWBR\>.Init.001\u003dY&AppSignonBankId\u003cWBR\>\u003dICI&AppType\u003dcorporate&abrdPrf\u003cWBR\>\u003dN\u003c/span\>\u003c/font\>\u003c/a\>\u003c/span\>\u003c/font\>\u003cfont size\u003d\"4\"\>\u003cspan style\u003d\"font-size:13.5pt\"\> \u003cbr\>\n\u003cbr\>\n\u003c/span\>\u003c/font\>\u003c/pre\>\u003cpre\>\u003cfont size\u003d\"4\" face\u003d\"Courier New\"\>\u003cspan style\u003d\"font-size:13.5pt\"\>\u003cbr\>\n\u003cbr\>\n\u003c/span\>\u003c/font\>\u003c/pre\>\u003cpre\>\u003cfont size\u003d\"4\" face\u003d\"Courier New\"\>\u003cspan style\u003d\"font-size:13.5pt\"\> \u003c/span\>\u003c/font\>\u003c/pre\>\u003cpre\>\u003cfont size\u003d\"2\" color\u003d\"navy\" face\u003d\"Arial\"\>\u003cspan style\u003d\"font-size:10.0pt;font-family:Arial;color:navy\"\> \u003c/span\>\u003c/font\>\u003c/pre\>\u003c/div\>\n\n\u003c/div\>\n\n\u003c/div\>\n\n\u003c/div\>\n\n\n\u003ctable\>\u003ctr\>\u003ctd bgcolor\u003d\"#ffffff\"\>\u003cfont color\u003d\"#000000\"\>\u003cbr\>\nDisclaimer:\u003cbr\>\n");
//-->
http://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N%20 Actual ICICI Site
https://infinity.icicibank.co.in/BANKAWAY?Action.RetUser.Init.001=Y&AppSignonBankId=ICI&AppType=corporate&abrdPrf=N

For those organisation seeking end-to-end advise Coral provides a comprehensive 10-step methodology to help your organisation build a comprehensive Business Continuity Management System.
Scope Determination
Mission Critical Activities
Business Impact Analysis
Risk Assessment
Strategy Roadmap
Design and Development of BC Plan
Crisis Management
Internal Audit
Testing and Maintenance

Benchmarking
Roadmap Formulation
Gap Analysis/Benchmarking
Milestone Review
BCM Review
BCM Metrics

more

List of ISO 20000 certified organizations

The ITIL Open Guide is maintaining a voluntary list of ISO 20000 certified organizations. These are listed by location.
Any organization which has obtained a certificate, may enter their detail in the appropriate section. Please also enter your certificate number if it is available.
ISO 20000 China
ISO 20000 India
ISO 20000 Japan
ISO 20000 South Korea
ISO 20000 USA
ISO 20000 UK
ISO 20000 Rest Of World

http://www.itlibrary.org/index.php?page=ISO_20000_Certification_Register

List of IT Companies

Welcome to the ultimate source of authentic and reliable information about the IT Companies on the net. The links in this directory will guide you to the official sites of the IT Companies that you are looking for.

Click on the respective alphabet to begin your search for a particular IT Company or scroll down to the appropriate section beginning with that alphabet. Once you click on the link, it will directly take you to the official homepage of the particular IT Company. In case of non-availability of of a particular official site, we have screened a number of sites and selected the most informative site on the subject.

http://www.123world.com/itcompanies/

IT Security from Microsoft

TechNet Security Center
The TechNet Security Center provides links to technical bulletins, advisories, updates, tools, and prescriptive guidance designed to help IT pros keep Microsoft servers, desktops, and applications up to date and secure.
Register for the security newsletter
Get the Malicious Software Removal Tool
Sign up for technical security notifications
Get the Microsoft Security Intelligence Report

http://www.microsoft.com/technet/security/default.mspx



Regulatory Compliance Planning Guide
Introduction to the Guide
Published: June 14, 2006
Download
Get the Regulatory Compliance Planning Guide
Update Notifications
Sign up to learn about updates and new releases
Feedback
Send us your comments or suggestions


IT professionals who must ensure regulatory compliance for the IT systems of the organizations in which they work can be in a difficult position. Most regulations do not clearly state what is required from an IT perspective. Moreover, often many different regulations apply to a given organization. Unclear requirements and regulatory complexity make it hard for IT managers to know what they need to do to meet their compliance goals. And because the consequences of noncompliance can be quite severe, including fines and even jail time for egregious offences, many IT managers are understandably apprehensive about this important subject.
To help address these needs, Microsoft has created the Regulatory Compliance Planning Guide. The guide is designed to help IT professionals and others interested in regulatory compliance in a number of ways. Specifically, the guide:
•
Introduces a more efficient way to address regulatory requirements in your organization.
•
Outlines the leading thinking in regard to specific IT control requirements related to a number of major regulations and standards.
•
Demonstrates how currently available Microsoft software and guidance can help address immediate regulatory compliance issues for your organization.
The guide was developed, reviewed, and approved by a team of authoritative experts in IT controls and regulatory compliance. This guide and other security guidance topics are available at the Security Center at www.microsoft.com/security/guidance. Please send questions or feedback about this guide to secwish@microsoft.com.
The guide comprises four sections.

http://www.microsoft.com/technet/security/guidance/complianceandpolicies/compliance/rcguide/default.mspx?mfr=true

ITIL, BS15000 & ISO 20000

Your Gateway to IT Service Management
The importance of quality IT service management is becoming ever more apparent. It is an area which in the modern area demands clear focus and attention. For this reason recent years have seen a recognized and professional structure emerge to support this: ITIL. ITIL, the IT Infrastructure Library delivers a host of benefits, and has become globally used and followed

Not far behind this development, a standard has also started to emerge: ISO20000.
This is specifically dedicated to IT service management, and comprises two parts: ISO 20000-1 and ISO 20000-2. This was originally published by BSI as BS15000 (parts 1 and 2) and it too is now being widely deployed and followed.

This portal is designed to support both these initiatives. It was devloped to provide information and background, and also to provide a medium for peer to peer communication and assistance for IT professionals. Enjoy...




What is ISO 20000?
Posted by bs15000 on Thursday, December 15 @ 13:57:17 CST (4588 reads) (Read More... Score: 3.10)

Formally: ISO 20000-1 "promotes the adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements".

It comprises ten sections:
Scope; Terms & Definitions;
Planning and Inplementing Service Management;
Requirements for a Management System;
Planning & Implementing New or Changed Services;
Service Delivery Process;
Relationship Processes;
Control Processes;
Resolution Processes;
and Release Process.

ISO 20000-2 is a 'code of practice', and describes the best practices for service management within the scope of ISO20000-1.

It comprises nine sections:
Scope;
Terms & Definitions;
The Management System;
Planning & Implementing Service Management;
Service Delivery Processes;
Relationship Processes;
Resolution Processes;
Control Processes;
Release Management Processes.

Together, this set is the first global standard for IT service management, and is fully compatible and supportive of the ITIL framework. It will undoubtedly have a significant impact upon the whole ITSM landscape.

The standard itself can be obtained from the sources listed in the right hand column.






What is ITIL?
Posted by bs15000 on Friday, August 13 @ 05:32:50 CDT (4121 reads) (Read More... Score: 3.7)

Formally: ITIL defines the organisational structure and skill requirements of an IT area and documents a set of operational management procedures to allow management of an IT operation and infrastructure. Importantly, the operational procedures are supplier independent.
The ITIL framework itself comprises seven 'sets' (or volumes):
Service Support;
Service Delivery;
ICT Infrastructure Management;
Security Management ;
Planning To Implement Service Management;
The Business Perspective;
Applications Management;

The two most commonly used are the first two, Service Support and Service Delivery. These comprise of a number of 'disciplies':

Service Support:
Incident Management;
Release Management;
Problem Management;
Configuration Management;
Change Management;
Service Desk.

Service Delivery:
Service Level Management;
IT Service Continuity Management;
IT Financial Management;
Capacity Management;
Availability Management;
IT Security Management

Supporting this approach is a structure of examination and certification.
The three levels of certification are:
Foundation Certificate,
Practitioners Certificate
and Managers Certificate.

http://www.15000.net/


What is ITIL?· Of what, specifically, does it comprise?· How any books are there?· Who runs the qualification schemes?· Is ITIL copyrighted?


ITIL V3

IT Management

IT Management Frameworks
http://www.itgovernance.co.uk/page.mgmt_frameworks

Symantec products

about symantec

Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information and interactions by delivering software and services that address risks to security, availability, compliance and performance. Headquartered in Cupertino, California, Symantec has operations in 40 countries. More information is available at www.symantec.com
http://www.symantec.com/en/aa/about/index.jsp


Symantec provides complete circle of protection against today's evolving security threats with Norton 360
All-In-One Security Service Featuring PC Security, Transaction Security, Backup and PC Tuneup Now Available

http://www.symantec.com/en/au/about/news/release/article.jsp?prid=20070227_01




“As IT has evolved, quality of IT infrastructure services has become the prime business differentiator—the ISO 20000 provides clients with independent, third party assurance of the quality of service providers’ IT management capabilities,” explained Jayanta Lahiri, IT lead, India, Accenture Technology Infrastructure Services. “ISO 20000 Certification implies that clients will benefit from high quality, consistent and predictable IT infrastructure services at an optimized cost. Achieving the ISO 20000 is a remarkable achievement for Accenture Technology Infrastructure Services and for Accenture.”
Advantage over the competition
The ISO 20000 helps companies to align IT services and business strategy, to create a formal framework for current service improvement projects and provides a benchmark comparison with best practices. To qualify for the standard, Accenture Technology Infrastructure Services had to demonstrate management intention towards Service Management and Process Compliance across 12 domains including:
Service Delivery Processes (including service level management, availability management, service continuity, service financials and capacity management)
Service Support Processes (including incident management, problem management, change management, configuration and release management)
Relationship Processes (meaning the interfaces between the service provider, customers and suppliers)
Security Management Process through documentation and implementationIn addition, Accenture needed to establish documented processes for continuous improvement across these 12 domains. Clients served through the delivery centers in India on a range of outsourcing and systems integration engagements now will reap the benefits of both improved IT infrastructure service results and cost effectiveness of the services that Accenture delivers. “Achieving ISO 20000 is a firm demonstration of high quality IT services within Accenture and ensures effective business continuity and planning,” said Everett Dyer, senior executive-Accenture Technology Infrastructure Services and Global Delivery lead. “In addition to being a real demonstration that our service delivery processes and capabilities are consistent with industry recognized best practices, it is a further demonstration that we are seriously in the IT infrastructure outsourcing business, and will give Accenture an edge over its competitors in outsourcing and systems integration engagements.” As part of Accenture’s global delivery strategy, the company now is focused on ensuring that all Accenture Delivery Centers achieve ISO 20000 certification
June 2006

http://www.digitalforum.accenture.com/DigitalForum/Global/ViewByTopic/eAI/0607_First_Bus_Org_ISO

ISO/IEC 20000 has replaced BS 15000
ISO/IEC 20000, the new IT service management standard was published by ISO on 15th December 2005. This new standard has replaced the world renowned British Standard, BS 15000. AimsISO/IEC 20000 has been developed in order to meet the needs of the wider international audience and to provide a common understanding of the management of IT services worldwide. It covers the aspects of IT service management that are the cause of 80% of the total spend on IT by most organizations.
StructurePart 1 is ISO/IEC 20000-1:2005 Information technology service management. Specification for Service Management. This provides requirements for IT service management and is relevant to those responsible for initiating, implementing or maintaining IT service management in their organization. Organizations can have their IT service management systems independently certified as conforming to the requirements of ISO/IEC 20000-1:2005.
Part 2 is ISO/IEC 20000-2:2005 Information technology service management. Code of Practice for Service Management. This gives guidance to internal auditors and assistance to service providers planning service improvements or preparing for audits against ISO/IEC 20000-1:2005.
Differences between ISO/IEC 20000 and BS 15000There is very little difference between ISO/IEC 20000 and the original BS 15000. Changes were made to make it more applicable for an international audience. These changes were made to the format and structure; consistency between parts 1 and 2; alignment of objectives; standardization of terms and clarification of text. The international status of ISO/IEC 20000 is seen as key to its adoption worldwide. There is clear evidence that achieving certification against the standard delivers real value - whether it is demonstrating in-house quality or enabling the selection of suitable external partners.
BSI has produced a Guidance Document on the Changes from BS 15000 to ISO/IEC 20000. Download this guidance document.
What do BS 15000 registered clients need to do?BSI has produced a Transition Statement document explaining how the change from BS 15000 to ISO/IEC 20000 affects registered clients.
Read the ISO/IEC 20000 Transition Statement (pdf)
Contact Us to discuss your transition requirements.

http://asia.bsi-global.com/IT+Service+Management/ISOIEC20000/index.xalter

free literature

IT Infrastructure Library
http://www.itil.co.uk/


[PDF]
ISO-IEC 20000.xpd
File Format: PDF/Adobe Acrobatassessment Workbook (BIP 0015). This publication is an updated version ... BIP 0015. The Self-assessment Workbook is a checklist that ...www.vanharen.net/images/ISO-IEC%2020000_UK_SMPL.pdf - Similar pages
Welcome to Van Haren Publishing
IT Service Management A Self-assessment Workbook : 2005 (BIP 0015) (English Version). 03. A Managers Guide to Service Management. ...www.vanharen.net/index.php?cPath=66 - 69k - Cached - Similar pages
BIP 0015:2006
IT service management. Self assessment workbook. 2nd edition.www.bsistandards.co.uk/shop/products_view.php?prod=25344 - 16k - Cached - Similar pages
Search Results
IEC 15504-4, ISO/IEC 15504-5, ISO 10007, ISO 9000, ISO 9001:2000, ISO/IEC 90003, BIP 0005, BIP 0015, BIP 0030, BIP... BS ISO/IEC 20000-2:2005 Information ...www.bsi.org.uk/.../?q=ISO+9001%3A2000&no=0&d=N)04294965339(Ne)4294965339&c=10&f= - 35k - Cached - Similar pages
Information technology. Service management. Specification
... 9000*ISO 9001:2000*ISO/IEC 90003*BIP 0005*BIP 0015 *BIP 0030*BIP 0031*BIP 0032*BIP 0033 *BIP 0034*BIP 0035*BIP 0036*BIP 0037 *BIP 0038*BIP 0039* ...www.techstreet.com/cgi-bin/detail?product_id=1252133 - 29k - Cached - Similar pages
British Standards Institution, Management, Law, Quality
Includes BS ISO/IEC 20000-1, BS ISO/IEC 20000-2, BIP 0005 and BIP 0015. Keywords: Management, Computer networks, Computers, Management operations, ...www.dandybooksellers.com/acatalog/BSI_GBM04_V.html - 136k - Cached - Similar pages
The IT Service Management Forum UK (itSMF) - News - Full News Story
A Self-assessment Workbook (BIP 0015). AND ADDITIONALLY two items with regards to translations :. Firstly, our ever popular IT Service Management pocket ...www.itsmf.com/news/news.asp?NewsID=236 - 10k - Cached - Similar pages
Welcome to Van Haren Publishing
40,00EUR, IT Service Management A Self-assessment Workbook : 2005 (BIP 0015) (English · IT Service Management A Self-assessment Workbook : 2005 (BIP 0015) ...https://vanharen.net/catalogue.php - 146k - 28 Feb 2007 - Cached - Similar pages

BS 15000 certificates will be invalid after 15th June 2007
Any organization previously certified to the BS 15000 standard will need to undergo a surveillance audit to "upgrade" their certificate to ISO/IEC 20000, a full certification audit is not required.

The surveillance audit will concentrate on all new or changed requirements.
www.pro-attivo.com/mini/iso.php

FAQ's

BS 15000 and ISO 20000 Frequently Asked Questions (FAQs) -->

ISO/IEC 20000-1:2005 defines the requirements for a service provider to deliver managed services. It is based on BS 15000-2, which has been superseded.
It may be used by businesses that are going out to tender for their services;
to provide a consistent approach by all service providers in a supply chain;
to benchmark IT service management;
as the basis for an independent assessment;

to demonstrate the ability to meet customer requirements;

to improve services.

ISO/IEC 20000-1:2005 promotes the adoption of an integrated process approach to effectively deliver managed services to meet business and customer requirements.

For an organization to function effectively it has to identify and manage numerous linked activities. Co-ordinated integration and implementation of the service management processes provides the ongoing control, greater efficiency and opportunities for continual improvement.

Organizations require increasingly advanced facilities (at minimum cost) to meet their business needs. With the increasing dependencies in support services and the diverse range of technologies available, service providers can struggle to maintain high levels of customer service. Working reactively, they spend too little time planning, training, reviewing, investigating, and working with customers. The result is a failure to adopt structured, proactive working practices. Those same service providers are being asked for improved quality, lower costs, greater flexibility, and faster response to customers.

In contrast, effective service management delivers high levels of customer service and customer satisfaction. It also recognizes that services and service management are essential to helping organizations generate revenue and be cost-effective. The ISO/IEC 20000 series enables service providers to understand how to enhance the quality of service delivered to their customers, both internal and external.

The ISO/IEC 20000 series draws a distinction between the best practices of processes, which are independent of organizational form or size and organizational names and structures. The ISO/IEC 20000 series applies to both large and small service providers, and the requirements for best practice service management processes are independent of the service provider's organizational form. These service management processes deliver the best possible service to meet a customer's business needs within agreed resource levels, i.e. service that is professional, cost-effective and with risks which are understood and managed.
Corrigenda, Amendments and other parts
ISO/IEC 20000-2:2005

http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=41332&scopelist=PROGRAMME


What is BS15000?
What is ISO20000?
I have been working to achieve BS15000 – is this wasted effort?
How does the transition from BS15000 to ISO20000 certification work?
I have a BS15000 consultant/auditor qualification - what happens to that?
Isn't ITIL Best Practice?
How is conformance with BS 15000/ISO20000 demonstrated?
I Already Have ISO 9000 Certification So Why Do I Need BS 15000/ISO20000?