These are high-level organisational statements that all elements of the ..... has a number of security considerations, p
What do you mean, the whole business is a service provider?!? We’re not IT… Developing Business and Consumer-focussed Digital Services with the VeriSM Model Adam White-Bower Lead Training Consultant, Service Management and Compliance
quanta.co.uk
Call 01905 610600
One of the key pillars of the VeriSM approach is understanding and applying the principle that everybody is involved in the delivery of the service. This isn’t just about IT delivering services to their immediate internal business customer’s anymore. If a business process is required, it’s because
it
supports
a
wider
customer
requirement. IT supporting that business process appropriately, whether consumer-facing or not, is supporting the wider organisation’s goals. But it can only do that working with and alongside, not just for, the business. Changing the mindset that all services ultimately support a consumer of the
“The whole organisation is the
business offering is KEY to ensuring that the VeriSM development model achieves its goal and
service provider, not just IT”
delivers consumer-focussed digital services.
It starts with business governance, continual engagement with the wider business and the consumer and a culture of engagement and collaboration, not siloes. Despite years of the same principles being espoused we still see IT being siloed from the rest of the business and not delivering the services that are wanted and the value that is needed. The VeriSM approach has some of the tools that can help us change that. At the heart of VeriSM is a new approach to the development and delivery of services to support these needs.
Developing a Digital Service using the VeriSM model The VeriSM model is an end-to-end approach to developing and delivering business-aligned services in the era of digital transformation. It is part of an overall APPROACH to IT service management that is complementary to, rather than replacing, existing and new best practices. One of the challenges of VeriSM adoption is understanding how it can be applied to the lifecycle of an IT service. This example is intended to try and provide insight into the process that an organisation would go through in order to achieve this and the practices they may use. This paper won’t be trying to teach the model in detail. That level is available in the VeriSM publication. The focus is on how the model can be applied and enough of the basics to support this. This is not intended to be exhaustive and will be open to challenge, but then isn’t that the point? Different organisations will apply VeriSM in their own way, this is simply a somewhat simplified look at how it might be done.
The Organisation The Organisation in this paper is a medium sized business which sells spare parts for classic and older ‘current’ cars with a direct sales department which takes phone calls from restorers and garages all over the world. They have a small manufacturing unit but also commission a large number of small runs for parts where demand doesn’t reflect the costs of tooling up to make the parts in-house. The organisation has been listed on the AIM exchange which has successfully raised capital to acquire competing businesses across Europe. The popularity of television programmes on restoring cars in the US has raised serious questions about what opening or acquiring a US branch would look like and negotiations are ongoing with a successful acquisition expected imminently. There is a need to drive down costs through rationalisation during acquisitions and moving the business on-line is seen as key to the ongoing success of the business. Selling parts directly to small garages and consumers has worked well as a pilot. There is now a drive to sell to larger businesses and to automate the processes that underpin this part of the business, such as through automatic re-ordering. Inspection and quality control need to get sharper as the potential for returns from this process is considered to be much higher and any returned parts need to be re-sellable. This will only be possible if scrutiny of parts on sales and on returns is improved.
Applying the VeriSM Model Start and End with the Consumer This is a core principle that, although a step in the model, I take as being essential and applied throughout the whole decision-making process. This principle will need to be applied in every step of the model to some degree, whether it is in understanding the organisational goals and strategy, developing the service or in looking for feedback and improvement opportunities with a service already delivering value to consumers. The VeriSM publication provides insight into this, particularly in chapter 6, section 6.1.3. The ITIL Service Strategy publication can provide additional guidance on how to achieve this using Business Relationship Management as both a role and a process within the organisation.
Governance In order to work as a service provider, the values and drivers of the most senior organisational (internal) and regulatory (external) stakeholders needs to be articulated and translated into service-provider related goals,
principles and policies. The VeriSM publication, chapter 2, section 2.5 discusses governance in detail. The COBIT 5 framework, in particular the ‘Goals Cascade’1 and ‘Roles, Activities, Relationships model’2, is also well placed to help with understanding the relationship between these entities and the differing organisational levels required to ultimately action and deliver on organisational goals. These drivers may include some of the following: • Corporate Governance o For this example, governance may include ▪ Organisation must be legally compliant ▪ External partner requirements must be understood and implemented ▪ Keep pace with on-going move to the online space in key markets ▪ Shareholder dividends need to be paid and profitability maintained in line with market expectations ▪ Strategy for realisation of growth in markets and capabilities through acquisitions. These are high-level organisational statements that all elements of the organisation need to align with based on their role within it. This governance can be translated into principles and policies that are aligned with the remit of individual departments and seek to ensure that the whole organisation as service provider is driving in the same, correct, direction to meet the ultimate stated governance objectives. In order to be able to translate organisational goals to service provider-related goals it is also necessary to understand the overall direction and intent emerging from these internal and external bodies. These are often in the form on strategic plans. The creation of these plans is a key governance activity. These plans may include information regarding the following: • Strategic Plans o Geographical considerations o Provisioning strategies and methods o Market engagement o Organisational structures o Acquisition / divestment strategy o For this paper, examples include ▪ Organisation intends to acquire a B2B company in addition to its B2C portfolio. This company doesn’t currently have an online presence. ▪ Rationalisation of the bricks and mortar side of the organisation, retrenching some positions to head office but overall looking to maintain or reduce headcount with natural wastage being preferred to redundancies. ▪ All departments are subject to annual cost reduction and performance improvement programmes moving forwards.
Service Management Principles These governance objectives can then be used to determine the Service Management Principles which need to be in place. VeriSM looks to first create ‘principles’ on which policies can be based. Referred to as ‘Guardrails’ these can define what needs to happen and provide a test for decisions or behaviours during the VeriSM model. These principles should be BUSINESS-FOCUSSED first and foremost. The principles can then be translated into the Management Mesh and utilised throughout the four stages of the model. Using statements such as ‘…robust Change Management…’ lend themselves to selecting an appropriate framework, such as ITIL Service Transition, to support and deliver on the requirement defined against the principle.
Some example principles or ‘Guardrails’ that could be created from the above may include: SECURITY, REPUTATION PRINCIPLE: All appropriate legislation must be observed in all aspects of the organisation’s services. Non-compliance represents a clear and ongoing risk to the organisation. MANAGEMENT MESH: Information management controls, security and audit capability must be designed, built, tested and operated in line with these requirements. Appropriate technology and processes must exist in order to provide assurance of this principle. CHANGE PRINCIPLE: The organisation will not tolerate the risks associated with all but the most essential change during key trading periods. MANAGEMENT MESH: Demand for services and the criticality of those services must be understood and changes to those services must be aligned with this understanding. Changes must be planned and delivered to accommodate this principle and if change is unavoidable during these periods they must be delivered with sufficient rigor to minimise any understood risk. Said risks must be agreed with the appropriate stakeholders. QUALITY PRINCIPLE: Customers expect high levels of quality and returns represent a huge cost and risk to the business. MANAGEMENT MESH: Services must manage quality and minimise the returns without unduly increasing our costs in the process. CHANGE PRINCIPLE: The organisation always seeks rapid time to market with new services and accepts the risks that may be associated with rapid development. Service should look to support the profitability of the organisation. MANAGEMENT MESH: Services, or aspects thereof, that can be provided from 3rd parties more rapidly or more cheaply while delivering required quality should be acquired from the market in order to accelerate delivery or manage costs. All of these principles follow the first aspect of the model, ‘Start with the consumer, end with the consumer’. They are all based on an articulated aspect of governance and strategy and then translated into a fundamental requirement from a service provider perspective. The aspects of the Management Mesh that need to be brought into play will vary according to the principle and also the area of the organisation that is applying them. For example, IT may look at the design standards principle and decide that cloud hosting may be appropriate from a technical perspective whereas a marketing team may look at it and decide that outsourcing copy writing or materials production is the intended outcome from the principle, if the market supports the principle’s required outcomes. This then takes us into the Management Mesh itself.
Management Mesh The Management Mesh is somewhat akin to a management system as described on other frameworks. It has some of the same considerations that are often described particularly around the adoption of a number of different best practice frameworks, standards and methodologies where they are seen to be fit for purpose and use in the current organisation. Where the mesh differs from a framework like RESILIA and its management system, for example, is that it is also intended to be flexible and incorporate elements according to need based on resourcing, context, etc. The Management Mesh seeks to incorporate 4 distinct elements and broaden the scope from previous efforts.
These are: • Environment o The context in which the organisation exists. It may include ‘Culture’, ‘Legislation’ and ‘Competition’ but also covers ‘Service Stabilisers’ which are Tools, Processes and Measurements that are used to support the delivery of services. • Resources o Predictably these focus on time, money and people but also remind us that knowledge amongst other areas are also important resources. This is also where existing tools, processes and any measuring framework are represented. • Management Practices o This aspect covers the best practice frameworks, methodologies, standards, etc. which may be useful and relevant such as ITIL and COBIT and emerging practices, which is the VeriSM focus, such as Agile, DevOps, Lean and SIAM. • Emerging Technologies o Leveraging appropriate technology to achieve business goals can be tricky and understanding the role of Cloud and Serverless Computing, Big Data, Internet of Things amongst others is key. The application of the differing elements of the mesh will be based on the governance requirements of the organisation and the service management principles in play. Before we can start defining, developing and delivering the service this needs to be in place. In this situation, the Management Mesh may initially include elements such as: ENVIRONMENT • Legislation - Sarbanes-Oxley, GDPR, IPA, etc. • Regulation – FSCS, PCI-DSS, etc. • Culture o Used to being able to ‘work flexibly’. Likely resistance to increased controls on the way in which business is conducted. o Manufacturing are the exception, working to very strict rules and controls to maintain quality. o IT is seen as an overhead by manufacturing and not an area that contributes value. It’s a ‘necessary evil’. o Customer focus is notably absent • Service stabilisers o Change Management o Monitoring tools o Service Desk o Incident management o Availability measurement. • Staffing levels are set and understood (will be reducing in line with strategy) • Budgets are set, all departments are subject to ongoing cost-reduction exercises. • A number of long-standing 3rd party relationships exist across the IT department. • Knowledge is not currently captured consistently across the organisation. RESOURCES
• • •
•
MANAGEMENT PRACTICES Some existing capability in ITIL, Foundation-level only Manufacturing adheres to Lean principles. ISO 9001 has been audited and obtained in manufacturing processes.
Cloud-based hosting of existing, limited, on-line capability
EMERGING TECHNOLOGY
The Management Mesh isn’t set in stone and should be aligned with the needs of the organisation to support service delivery. The Management Mesh described above is based on the ‘as is’ state. The Mesh may not be adequate to meet the needs of the organisation, so may ‘flex’, be added to or subtracted from, according to need. Understanding the difference between the ‘as is’ and the required state, adjusting the Mesh accordingly and then making the best use of the combined elements is essential to achieving business objectives. In this case, there is likely to be significant scope to add to the Mesh. This is part of the benefit of the VeriSM approach. Changes to the Management Mesh could include: ENVIRONMENT • Culture • Customer focussed service culture • Service stabilisers • Change Mgmt. – expanded to the wider organisation • Monitoring tools – Develop measurement capability to ensure that all management areas are properly measured and understood • Service Desk and Incident management become standardised across the organisation. • Availability measurement is done at the level of full end-to-end service. • Service Knowledge Management System is implemented • Reduction in staffing levels is offset through greater use of automation and increased knowledge. See Emerging Technology • A number of long-standing 3rd party relationships exist across the IT department. See Management Practices. • Knowledge is formally captured through knowledge management into the formal Service Knowledge Management System RESOURCES
• • • • • • •
• • • •
MANAGEMENT PRACTICES ITIL – Service Management LeanIT – Cost cutting and efficiency ISO 9001 – Quality management ISO 27001 - secure company and customer information Agile – Deliver services in line with rapidly changing business environment DevOps – Encourage collaborative culture and support business SIAM – Better to manage the increased outsourced delivery model
Internet of Things – Remote customer support Automation – Reduce cost of delivery Cloud, Serverless Computing – Support strategy of external provision Big Data – Gain better insight into customer behaviour and analysis of manufacturing quality issues EMERGING TECHNOLOGY
The Management Mesh will be utilised through the 4 stages of the service lifecycle and is almost certain to change. The above example provides some suggestions as to what those changes may look like moving forwards.
Creating and delivering the new service 4 Stages The VeriSM model has at its heart 4 stages that, like ITIL before it, follow a sequence but are performed as much concurrently as they are sequentially. This lifecycle is shorter and more aligned with current thinking around delivering digital services using Agile and DevOps principles. It consists of 4 stages [Define, Produce, Provide and Respond] which work together and very much feed each other in order to continually develop
and improve services. In this example the 4 stages will be followed sequentially as this is a new service that is being developed.
Define Consumer Need In this stage we start by considering what the customer requires. The strategic requirement has been established earlier in this paper, but here is where the formal business case would be produced and signed off. It is important to remember VeriSM sees THE WHOLE ORGANISATION as the service provider and so rather than the business stating a requirement and just handing it off to IT, see this as being the senior management delivering a directive to the whole organisation. Now everybody has to work towards delivering it, rather than just IT. In this case, the development of an automated, B2B marketplace service has been identified and signed off as being a key requirement of the organisation.
Requirements Gathering Once this has been done, defining the required outcomes and developing towards them needs to be done. There are many ways of doing this. Two fundamental areas to cover are: • Consumer Requirements Gathering o What outcomes do consumers need from services, especially when they have the potential to be digitally transformed? Has the whole organisation, as service provider, understood the business process and where it can be developed to deliver higher performance for the consumer? • User Requirements o How will the service be consumed by those that interact with it? What are the points of interaction? How will the service design reflect these needs? In this case, customers will need to be able to browse the parts catalogue, make selections and pay for them online. They may choose to enable automated re-ordering, returns and account management activities. The user requirements may cover how easy the site is to use, whether there is an app-based option and what self-service options exist to service their account. Between the consumer (what the business needs) and user (what the end consumer needs) we can see the potential use of the emerging practice ‘Customer eXperience/User eXperience‘ and this will need to be added to and utilised from the Management Mesh.
Solution The service solution needs to meet both the functional and non-functional needs of the organisation. In this example the functional needs are related to the ability to order parts, how the returns process works, arranging payment and shipping. The non-functional elements include whether payments are secure, how their information is stored and managed, etc. in line with established governance. Looking at the design the consideration of how available and secure a service is matters hugely, as does whether there is likely to be enough capacity to go around and whether it is resilient to non-business as usual situations and therefore continuous.
There are many considerations that need to be made when designing a service and the Management Mesh for designing this service may incorporate the following, including but not limited to: ENVIRONMENT • Culture • Customer focussed service culture • Risk-focussed approach • Service stabilisers • Availability and Capacity management processes and tools • Security policies and technology • Disaster recovery facilities • CASE-based design tools
• • • • • • • •
• • • • • •
Infrastructure experts Application and web development capability Hardware, software and accommodation facilities Enterprise architects Business Analysts Departmental staff (e.g. logistics, manufacturing)
RESOURCES
• •
•
MANAGEMENT PRACTICES Use of ITIL Service Design processes to facilitate the design Lean thinking to provide assurance that the design is not ‘over-cooked’ ISO 9001 auditing for quality assurance during the design activities ISO 27001 in order to assure the appropriate design of security aspects. Waterfall as an approach to the overall design and development cycle. DevOps to encourage and align developers with the delivery capability and ensure knowledge is managed Use of COBIT to establish the measurement framework MoR or ISO 31000 for managing risk within both design and the service.
IoT, Automation - Automated part defect scanning using IP cameras Cloud, Serverless Computing - Cloudbased resources in order to balance demand for the service with the cost of provision– Automated defect identification and recording Cloud, Big Data - Component Failure Mode Analysis and Trending is being performed across all product ranges in order to identify issues with suppliers, processes, materials and customer, with on-demand computing capability as required. EMERGING TECHNOLOGY
Possible Service Management Principle and Associated Management Mesh – ‘Guardrail’ In this aspect of the VeriSM model an example service management principle could be based on the need to design for security. SECURITY PRINCIPLE: All service designs must conform to the relevant security standards and meet GDPR requirements. Information management controls, security and audit capability must be designed, built, tested and operated in line with these requirements. Appropriate technology and processes must exist in order to provide assurance of this principle. MANAGEMENT MESH: Products and services should conform to this standard. The following have been identified as enabling this – Resources; Members of the technical team with firewall and information management skills, physical and logical security controls Environment; GDPR, existing security processes and policies Management Practices; ISO27001, Information Security Mgmt., Access Mgmt., Supplier Mgmt. (ITIL), COBIT for Risk Management Emerging Technology; Cloud Getting this mix working to produce the design should lead to the service blueprint.
Service Blueprint Collecting the design specifications, plans, technical documentation produced, etc. is the service blueprint’s remit. This is then passed to the ‘Produce’ stage of the VeriSM model.
Produce This stage of the model is concerned with taking what ‘Define’ has created and turning it into a service which can be delivered to the customer. There are three distinct activities in this stage: ‘Build’, ‘Test’ and ‘Implement and Review’. All of these activities should be done under the oversight of robust and appropriate levels of Change Management. This last activity underpins the whole stage. Change Management should be proportionate and applied in line with the agreed appetite for risk across the organisation rather than just being the IT department’s ‘guesstimate’ of what is right for the consumer of the service. Change is sometimes seen is as being ‘bureaucratic’ or ‘obstructive’, particularly in organisations that are practicing Agile. The two aren’t incompatible but the matter of reconciling the control (read ‘risk management’) requirements of the organisation with the desired rate of change and establishing an appropriate operating model within projects and programmes that deliver change isn’t trivial.
Build Consider the practices involved in creating the reality from the design. There are many disciplines, such as software development, infrastructure configuration and vendor engagement that need to be done in this stage of the service creation. In this case the organisations stated aim that anything which can be done at least as well at lower cost by the market means that this last point is likely to be critical to the success of the implementation. However, a large part of this section is also involved in understanding the organisational readiness and so training, knowledge transfer and ensuring finance need to be considered here as well.
Test Assure the creation of value and delivery of consumer requirements through testing with the appropriate amount of rigor. Ensure this is aligned with the needs of the organisation and their risk appetite, remembering that assurance has an associated cost penalty (financial and time). Any new or changed service should be subject to change management as previously stated and any test results should be reviewed in line with the change process and decisions made regarding the progress, or not, of the change and whether it needs to be returned for re-work and retested.
Implement and Review Delivering the change into the live operational environment, confirming the adoption and getting the new or changed service over the ‘speed bump of acceptance’ is the last activity within this stage. Delivering outstanding training and ensuring that agreed service levels have been achieved needs to be done. Post implementation review of the delivery activity to identify lessons to be learned / improvements to practices which can be fed back into the model also needs to be completed. The Management Mesh for producing this service may incorporate the following, which is by no means exhaustive:
ENVIRONMENT •
•
Culture • Customer focussed service culture • Risk-focussed approach Service stabilisers • Software development and deployment tools • Security policies and technology • Testing software and facilities • Change management process and war room.
MANAGEMENT PRACTICES • • • • • • • •
• • • • •
Software developers Build managers Adequate time Enterprise architects Business Analysts
RESOURCES
• •
Use of ITIL Service Transition processes to facilitate the change Lean thinking to reduce waste in the build, test and deployment cycle. ISO 9001 auditing for quality assurance during the change activities DevOps to encourage and align developers with the delivery capability and ensure knowledge is managed. Waterfall as an approach to the overall design and development cycle. Agile as an approach to iterative change or complex/unknown technologies. Use of COBIT to establish the measurement and audit framework MoR or ISO 31000 for managing identified risk in testing. Automation – Automated delivery of software and infrastructure components Virtualisation, Containerisation - Rapid deployment with minimal or optimised investment in hardware and enhanced utilisation of components.
EMERGING TECHNOLOGY
Possible Service Management Principle and Associated Management Mesh In this aspect of the VeriSM model an example service management principle could be based on the need to control change effectively and rigorously. CHANGE CONTROL PRINCIPLE: All service changes must be subject to change control for business assurance and risk management while not introducing more overhead than absolutely necessary. MANAGEMENT MESH: Products and services must follow this principle and the following have been identified as enabling this – Resources; Change Manager, all relevant stakeholders in the submitted Environment; Established change management process, war-room and Change Advisory Board when required Management Practices; DevOps, Change Mgmt. Emerging Technology; Self-service and automation for requests. Once this stage is complete the service can be considered live and available for consumption. This leads into the next stage of the model.
Provide The service is now available for consumers to utilise. Here it is important to understand what value the service is providing, protect and maintain performance and identify improvement opportunities within the service. Key activities in this stage start with making the consumer population aware of the services and value opportunities that exist within the catalogue.
Marketing Having established the consumer need and developed it to this point it is important that the consumer understands what the service can offer them and why they should be interested in it. Engaging stakeholders and making these points can encourage service usage, understanding or value and discussion regarding future enhancements and features. In this context, the company needs to ensure that its global partners and customers are aware of the new features and the advantages that they offer to them. Having a marketing campaign promoting this should be high on the agenda. There are many different avenues this could take and the new digital service should be promoted more widely than just to existing customers.
Protect The business has a number of security considerations, particularly personal and financial data. The aftermarket parts they make are based on widely available designs and therefore not subject to some of the more stringent IPR considerations. The security policy and application of security technologies from the previous stages of the approach comes into play here. The management mesh will ideally reflect the security considerations that this highlights.
Maintain This is part of, but not all by any means, of what might be considered ‘operations’. It includes ensuring that new knowledge and understanding is documented and distributed. It also includes monitoring, running backups and the upkeep of the environment from which IT is delivered. In this case, the business must ensure suitable disaster recovery is performed and maintenance of the server infrastructure for the new service. Elements of the service are delivered on the manufacturing shop floor as
bespoke parts for special orders need to be fed directly to production machinery (CAD/CAM integration) and this must be managed and monitored as delays in production have a significant knock on effect and delay order provision.
Improve The whole organisation will ideally have a mindset which looks at what can be done better. In this instance, the organisation is at the beginning of the journey with the service, but UX improvements and process bottlenecks may already be emerging and potential upgrades identified. The Management Mesh for maintaining this service may incorporate the following, which is by no means exhaustive:
ENVIRONMENT •
•
• • • •
Culture • Culture that embraces security as all pervasive. • Risk-focussed approach Service stabilisers • Knowledge management facilities • Security policies and technology • Configuration Management facilities • Risk and Continual Improvement registers
Operations staff Monitoring capability Continuity / Disaster Recovery capability Marketing capability
RESOURCES
MANAGEMENT PRACTICES • • • • • • • •
Use of ITIL Service Transition and Operations practices Lean thinking to reduce waste in the build, test and deployment cycle. Use of COBIT to establish the measurement framework MoR or ISO 31000 for managing identified risk in the Provide stage. Kano model for service development and innovation. Agile for ongoing development Automation – Monitoring, backup and other ‘operations’ tasks Cloud, Containerisation – Off-premise service management solutions.
EMERGING TECHNOLOGY
Possible Service Management Principle and Associated Management Mesh In this aspect of the VeriSM model an example service management principle could be based on the same business security requirement as previously articulated in the Define stage. SERVICE IMPROVEMENT PRINCIPLE: Service changes must be implemented in line with business need while not exposing the business to an unacceptable level of risk. MANAGEMENT MESH: Products and services should be updated in line with the customer’s appetite for risk. The following have been identified as enabling this – Resources; Members of the operational and technical team, implementation tooling Environment; Risk and Configuration Management, Management Practices; ISO31000, Lean, Agile, ITIL Service Transition processes Emerging Technology; Cloud, Automation, Containerisation
Respond Requests & Issues VeriSM refers to contacts with the consumer with two terms. Consumers asking for something (a new feature, a laptop, information, etc.) are logging Requests. Consumers that are experiencing challenges in operating services or using them to execute business activities are logging Issues. In this context the issues are likely to be with the operation of the online portal, such as an inability to track orders, incomplete payment processes or other related activities for ordering parts.
Source Events Source events are typically the underlying cause of some problem or question where the key word is ‘Why…..?’. Whether that is why the service doesn’t function or why processing orders is more expensive than it should be doesn’t matter, they are both source events worthy of investigation.
Recording & Management All requests, issues and source events should be recorded and managed in some way. Without this, the ability to prioritise, categorise, escalate, identify trends, etc. is compromised. The nature of the record and the way in which the contact is managed will vary. In this instance, online logging and a degree of self-service is likely to be highly appropriate. A call-centre approach may be required (if the online facility is down) but in this instance, it may be possible to operate a single point of contact with more limited resource and leverage technical specialists (not just IT) but sales and product experts as a ‘specialist desk’ to service the needs of the global customer base. The Management Mesh for responding to concerns with this service may incorporate the following, which is by no means exhaustive:
ENVIRONMENT •
Culture • Customer-focussed service culture • Risk-focussed approach • Service stabilisers ▪ On-line self-service facility ▪ Service Desk capability ▪ Issue, Request and Source Event management processes • Service Desk software, staff and other equipment • Technical and business area specialists
RESOURCES
MANAGEMENT PRACTICES • • • •
• •
Use of ITIL Service Operations practices Lean thinking to reduce waste in operational processes and activities. Use of COBIT to establish the measurement framework MoR or ISO 31000 for managing identified risk in the Respond stage. Automation – Self-healing systems and self-service logging AI – Use of AI to facilitate service-desk type interactions online.
EMERGING TECHNOLOGY
On-going Delivery Considerations The service, once developed, must be managed and developed. This is where the model comes into its own, as there can be rapid feedback from the Provide/Respond stages and the Define/Produce stages. What that looks like would ideally be governed again by one or more service management principles and appropriate support in the management mesh. Management practices such as Agile, DevOps and SIAM could be particularly salient in this scenario. Adoption of technologies such as Big Data may accelerate the identification and analysis of improvements to the overall service and in turn, feedback into the model.
Conclusion Applying the VeriSM model to the development of a service in this way ensures that all due consideration is given to the frameworks, methodologies and technologies that are useful in this context. Using the guardrails to focus the management thinking can yield real benefits in terms of appropriate resource utilisation and timeliness of application. Using principles such as Agile and DevOps throughout the model to support development in line with customer need is aided significantly by ensuring that the right principles are in play.
Benefits to the organisation The key benefit of following the model here is that the end result should be continually aligned with the organisations goals and that identified improvement opportunities are fed rapidly into the live environment in a controlled manner. It could be said that this is Agile, but what VeriSM is bringing to the table here is a strong yet appropriate control system that provides assurance that the customer will get the service they need and which supports their objectives without bringing more baggage than is absolutely necessary. The understanding of both emerging technology and management practices that VeriSM encourages allows the wider business to buy-in to the adoption and application of services and technology as it can be shown to deliver clear customer benefits. They don’t need to be expert in its delivery but they can understand why it’s there, what its purpose is and, crucially, HOW IT ALL FITS TOGETHER as part of an end-to-end service which the whole organisation contributes to rather than just IT. If the whole organisation is bought in to delivering the service then the customer experience can only benefit and the ultimate goal of aligning the business deliverable with the end-customer experience and driving both forwards is far more likely to be achieved.
References 1
– COBIT 5 – A Business Framework for the Governance and Management of Enterprise IT, ISACA (2012), p.18, fig. 4 2 - COBIT 5 – A Business Framework for the Governance and Management of Enterprise IT, ISACA (2012), p.24, fig. 9 All other references specific to ‘VeriSM – A Service Management Approach in the Digital Age’ – Claire Agutter, et. Al.
