Icds 2011 0 40 90014 PDF
Icds 2011 0 40 90014 PDF
Icds 2011 0 40 90014 PDF
Mohammad Kajbaf, Negar Madani, Ali Suzanger Shirin Nasher, Mehrdad Kalantarian
ITSM department Computer Engineering Dept.
Infoamn IT Consulting Co. Iran University of Science and Technology
Tehran, Iran Tehran, Iran
{m.kajbaf, n.madani, a.suzangar}@infoamn.com {nasher, kalantarian}@vc.iust.ac.ir
Abstract—In this paper, an IT service reporting framework performance indicators (KPI) for different IT services and
has been presented to help organizations in implementing IT processes. Although ITIL describes policies and rules for
service improvement process in accordance with service reporting process in the CSI book [3], it does not
ISO/IEC 20000 PDCA-cycle and reporting requirements. It clearly define how the process must work.
defines six types of reports and includes guidelines for Organization that are implementing ITIL for the first
automation of these different types. Afterward, a process for time, face new challenges. One of them is taking the correct
reporting by focusing on defining report templates based on approach in defining performance indicators, and measuring
the organization requirements is provided. Proposed report KPIs and reporting them. For most organizations the
types, process flow, ARCI matrix, and, process integration
implementation of true common cross-organizational
points as a general IT service reporting framework, helps
organizations to organize their communication using reports.
management processes may be the most difficult aspect of
the ITSM project [7]. They need to know how to find which
Keywords-IT service management; continual service processes are working and which are not.
improvement; service reporting. Keel at al. [8] discuss some main challenges in adopting
ITSM. It suggests that successful implementation of ITSM
strategy relies on the quality of processes.
I. INTRODUCTION Keeping sight of return on investment (ROI) and balance,
of cost, time and quality is of a very high importance for
A. Service Improvement in Different ITSM Frameworks
companies [9]. Lahtela et al. [10] suggest an ITSM
Different ITSM frameworks and standards have measurement system to support improvement activities.
discussed service measurement and improvement. Lima et al. [11] propose a model to quantify IT service
ISO 20000 requires continual improvement of IT services quality, to enhance the “Check” phase of PDCA cycle.
via the PDCA cycle. It also defines requirements for service In Section II, description of the problem is provided.
reporting to measure, analyze and communicate observations Main aspects of the provided framework are defined in
to help improvement of organization activities [1]. Section III, and the process flow is presented in Section IV.
The continual service improvement (CSI) is one of the Section V lists terms and definitions, and Section VI
main aspects of ITIL v3; it includes a 7 step process for IT describes future works.
service improvement [2].
The CSI process includes 3 main activities: (1) defining II. DESCRIPTION OF THE PROBLEM
metrics for measurement of activities and service Many problems would arise during implementation of IT
performance; (2) monitoring, measuring, reviewing and security and service management frameworks for customers,
reporting defined performance metrics; and, (3) taking especially if they are implementing a business process model
corrective actions to improve service performance [3]. for the first time. Employees do not know what they must do,
In MOF v4, the improvement concept is inherent in the and managers do not know what to expect from them. One of
MOF lifecycle, but there is no explicit process or service the main areas of ambiguity is the improvement process. By
management function (SMF) in charge. Two management investigating problems in implementing ITSM for customers,
reviews cover measuring performance of IT services and we established a reporting structure to decrease ambiguities.
processes, and taking corrective actions: the Policy and At the first sight, the structure seems like some extra
Control review and the Operational Health review [4]. work required from employees. At final steps of the project,
In COBIT, the Monitor and Evaluate domain covers all parties can relate their day-to-day activities to concepts
reviewing, monitoring and continual improvement of IT they were familiarized with during their ITIL/ISMS classes.
services. It includes defining performance indicators and For successful implementation, reports must be such that all
reporting them, acting upon deviations, third-party reviews, parties have a common understanding on them.
and, integrating IT reporting with business reporting [5]. The proposed service reporting framework is a tool for
B. Toward an ITSM Management Model organizations to clarify their internal communications and
simplify defining and monitoring KPIs and metrics, and thus
The ITIL® framework is a major source of good practice
the CSI process. The reporting process helps managers to
in IT service management (ITSM) used by organizations
define clearly what they expect in each activity.
worldwide [6]. ITIL defines many policies and key
III. IT SERVICE REPORTING FRAMEWORK owners of related monitoring processes, and, the incident
Our proposed service reporting framework contains 2 manager, are included.
parts. First, a hierarchy of reports for different activities of In the case of normal events, summaries and number of
ITSM is defined. This hierarchy includes six types of reports different events are included in the report. In the case of
for different activities of operational, tactical, and strategic major events, descriptions of events, decisions made,
types. Then, a Service Reporting process is proposed for activities done, and the results gained, and some calculations
defining report templates according to the reporting on impacts and costs may be required. Normal reports on
requirements of the organization. This process could be events are scheduled mostly for small periods of time, from
implemented as a sub-process of ITIL continual service daily up to weekly. Reports on major events are not
improvement process. scheduled but reactive due to the nature of events.
4) Reporting on services
A. Report Types
This category is of a tactical level and is about service
There are different types of reports in an organization. status data. The included data are gathered and analyzed in
Some contain low level details of daily observations, while monitoring and service management activities. The reports
the others are based on high level analysis and contain include current and predicted service levels, statistical
conclusions required for decision makers. Considering all the analysis and trends, user complaints and customer
activities in the ITIL framework, and by investigating satisfaction measures, measurement of metrics defined in
different types of reports communicated internally in our SLAs, OLAs and contracts, and breaches in agreed levels, as
customer companies, six generic types of reports have been well as prediction of required resources and capacities
identified. Then, they were refined based on the level of against target levels.
activities, the material included in each report, required level Audiences include service managers and the portfolio,
of analysis on each and required competency for it. service level and CSI managers, as well as business or
1) Reporting routine tasks external customers about status SLA-signed services. The
This category of reports is of operational level, about scheduled periods are of a medium level, from weekly up to
happenings, successes and failures in on-going daily once in some months. For business and external customers,
activities of operation and monitoring type. Audiences reporting schedules are defined in agreements. Out-of-
include section managers or process owners, whom are schedule reports may be required due to proactive
accountable for the task. Low amount of analysis is required, monitoring or where service level breaches.
and, the report must include patterns, frequencies, time 5) Reports on review meetings
intervals, inconsistencies and extermums in observations. These reports are of a strategic or tactical level and are
They are often scheduled for small periods of time, from a produced after review meetings in different phases of IT
few times a day up to once in a few weeks. service management. They always contain summary of
2) Reporting assigned tasks discussions, ideas presented by different parties, and details
This category is of tactical level, about the progress of of decisions made, tasks assigned, and further
projects (for teams) or assigned tasks (for persons). These activities/meetings scheduled. Decisions must often be
reports are usually in design, development, deployment and reflected in other types of documents, such as policies, plans,
implementation activities. Audiences are project or function contracts, etc. Therefore, the report must include all required
managers, or the change advisory board (CAB) (in the case details discussed in the meeting. Report schedules depend on
of new or change services). They contain some basic meeting schedules.
analysis on the progress of the project/task, achievements, Audiences include all attendant parties, as well as, CSI
pitfalls, remained works, estimations, lessons learned, etc. manager, and other relevant IT managers. If decisions
They are always pre-scheduled based on the project/task include changes to the existing documents, IT services or the
steps or small periods of times from once in a few days up to infrastructure, the report must be provided to the change
once in a few months. manager as well.
Two types of reports discussed above were about measuring The meetings include, but are not restricted to, CAB and
activities in IT processes. The next two types, in contrast, are emergency CAB (eCAB) meetings, portfolio management
mostly about IT service measurement. meetings, service and technology designers meetings,
meetings between development teams, meetings with
3) Reporting on events suppliers and business or external customers, post
This type of report is of operational level and is about implementation reviews, non-conformances, etc.
low level data on events. The data are usually gathered in
6) Management reports
operation, monitoring and support activities and contain
summaries of different types of events in IT services, This category of reports is of strategic level and is about
specially security events, or details of a major/critical event. all high level aspects of IT services and ITSM framework.
Detailed data included in reports are defined in the Event Audiences are top IT and business management officers, the
Management process. CSI manager, and other parties as defined in the report
Audiences are operation and related service managers. In template. Management reports contain analytical data on the
the case of major events, managers of affected services, performance of IT services, trends, suggestions and
prospects, costs, risks and values, performance and These tools are often used to provide required data to
achievements of IT processes and functions according to operators to compose event reports. Therefore, audience of
defined KPIs, demand and market analysis, new methods automated event reports is the operator/administrator in
and technologies, etc. Analysis on business achievements charge. In the case of major events, automated systems could
against strategies and objectives or new suggestions may be alert the incident resolver in charge, the service owner, or
required. event trigger an automated troubleshooting system.
In summary, this category of reports reflect all the other Automated performance measurement systems could be
types of reports to the top IT and business managers. All six used to gather and analyze service level data and help the
types of reports are presented in the table below. report owner in composing the service status reports. they
TABLE I. SUMMARY OF DIFFERENT REPORT TYPE SPECIFICATIONS can automatically measure service levels and identify SLA
breaches [15-16]. These systems could also alert service
Different Report Types manager and person in charge, when a critical service fails.
Report Type Types of Types of Included Analysis
Activities Audiences Material level
Reports on ITSM framework are hard to automate.
Routine operational, section happenings, low Different systems exist to gather and analyze data, draw
Tasks monitoring managers, summaries, charts and even analyze different aspects of a decision and
service owners inconsistencies, suggest a choice. However, decision making is one of a few
observations
Assigned development, project/section progress, medium
activities which still require a human in charge and cannot be
Tasks deployment managers achievements and fully automated.
pitfalls, learnings Table II demonstrates possibility of using automated
Events operational, section summaries, medium tools for each type of report.
monitoring, managers, descriptions,
support service owners actions done TABLE II. POSSIBILITY OF AUTOMATION IN EACH REPORTING TYPE
Service service service service status, high
Status management, managers, statistics, Possible Usual type of automation
Report Type
monitoring business customer automation level
customers satisfaction Routine tasks Medium Form-based automation programs
(against SLAs)
Review management, Top decisions on high Assigned Pre-defined templates
Low
Meetings planning, management, policies, plans, tasks
relationships, design and objectives, Automated event notification
Events High
development planning teams, strategies, systems
customers agreements, … Automated service level
Service status Medium
ITSM planning, Top IT/business measured KPIs, low, measurement
Framework strategy, service managers trends, costs and medium, Review Pre-defined templates
management benefits, high
Low
meetings
conclusions ITSM Pre-defined templates
Low
framework
B. Automation Level
Another factor which can be defined for reports is IV. IT SERVICE REPORTING PROCESS FLOW AND
possibility of using automation tools. Different automatic ACTIVITIES
tools for reporting network and security events and A detailed discussion of the processes and activities in
measuring service performance exist. Using these tools for the Report management process are provided in this section.
reporting, helps employees in measurement and reporting
and decreases human errors. They also ease scheduling of A. Service Reporting Policies
reports. Therefore, we suggest customers to use automated Service reporting policies must be clearly defined, and
reporting systems, as long as it helps IT personnel in doing communicated to all IT personnel.
their activities at best. Each report and report template must have a unique
For routine tasks, automated tools are widely present identifier. Reports must contain reference to their
which provide data forms for employees to fill. These tools report template.
help employees to generate reports on schedules and usually Report templates should define purpose, audience,
help to communicate them directly to audiences. person in charge, required metrics and data sources
A similar approach for reports on assigned tasks and of reports.
review meetings could be taken. However it could not cover All report templates must be clearly defined, agreed
all aspects of these reports, because they include many upon by all parties, and recorded in the configuration
analytical data. Therefore, often templates are prepared and management database (CMDB). Also, all changes to
rules are defined to fill them. report templates are subject to change management
High levels of automation could be used in event policies.
reporting. Different tools for network and security events All reports must be generated in time and contain
reporting exist. They automatically gather data and generate accurate data, according to their report template.
reports on their summaries, using different methods like
web-services or intelligent agents [12-14].
Portfolio
manager
Security
Report
Report
CIO
CSI
Reporting process activities
A. Plan
1 Define goals and objectives A/R C C C
2 Determine scope A C R C
3 Select report type A C R C
4 Review prior identified requirements A C R C C
B. Design
5 Define the measures and metrics A C R I
6 Specify data sources A C R C
7 Review related schedules A C R C
8 Specify audience A R C
9 Report scheduling A R I
C. Communication
10 Select communication methods A C R C
11 Determine access levels A C R C C
12 Review and approve A/R I C I
A= Accountable,
Legend R= Responsible,
C = Consulted,
I = Informed.
Event
-Event schedules VI. CONCLUSION AND FUTURE WORK
-Events related to inadequate reporting
Measurement and reporting is a key requirement of
Incident -Incidents related to inadequate reporting
service improvement, which in turn is required for value
Problem -Problems related to inadequate reporting creation and success in a competitive market. The proposed
Request
-The customer report requirements
reporting framework helps organizations to define reports in
fulfillment a way that eases service improvements.
Access -The access levels for each report Many of the proposed concepts could be used for
CSI -The collected, processed and analyzed data external reports, which are reports on service levels to
clients. Further works can be done to classify and clarify
Table V lists all information generated in the service external reports. More works are required to identify
reporting process. different types of reports required in different IT process and
TABLE V. SERVICE REPORTING PROCESS OUTPUTS types of metrics and measures which can be defined for each
of them.
Outputs of reporting process
-performance against service level targets; REFERENCES
-non-compliance and issues, [1] International Standard Institute, "ISO/IEC 20000:2005 Information
e.g. against the SLA, security breech; technology — Service management standard." 2005.
-workload characteristics, [2] The Office of Government Commerce (OGC), "ITIL Service
Report
e.g. volume, resource utilization; Management Practices v3 - Core Books", The Stationary Office, UK, 2007
Template for:
-Performance reporting following major events,
[3] The Office of Government Commerce (OGC), "Service Improvement
e.g. major incidents and changes;
Book", in ITIL v3 Service Management Practices, The Stationary Office,
-Trend information;
UK, 2007
-Satisfaction analysis. etc.
[4] Microsoft® Operations Framework v4: Microsoft Publications, 2008.
E. Service Reporting Process KPIs [5] The IT Governance Institute®, ITGI, "COBIT 4.1 - IT Governance
Framework." 2007.
Reduction in the number of issues caused by
[6] ITIL® V3 : Managing Across the Lifecycle Best Practices: The Art of
inadequate reports. Service Pty Ltd, 2007.
Improved decision making supported by efficient [7] M. Jantti and K. Kinnunen, "Improving the Software Problem
and effective reporting. Management Process: A Case Study," in the 13th European Conference on
Decrease gaps between the expected reports and the Software Process Improvement, Joensuu, Finland, 2006, pp. 40-49.
provided reports. [8] A. J. Keel, M. A. Orr, R. R. Hernandez, E. A. Patrocinio, and J.
Reduction in the number of unauthorized access to Bouchard, "From a technology-oriented to a service-oriented approach to
IT management," IBM Systems Journal, vol. 46, pp. 549-564, 2007.
reports.
[9] L. Haber. (2003). How do you measure ITSM success. ITSM Watch,
Increase of relevant information reported to relevant http://www.itsmwatch.com/itil/article.php/3291421/How-Do-You-
audience. Measure-ITSM-Success.htm, (Dec 14, 2010).
Reduced reporting costs. [10] A. Lahtela, M. Jantti, and J. Kaukola, "Implementing an ITIL-based
IT Service Management Measurement System," in Fourth International
V. TERMS AND DEFINITIONS: Conference on Digital Society, St. Maarten, 2010, pp. 249-254.
KPI: Key performance indicators are important [11] A. S. Lima, J. N. de Sousa, J. A. Oliveira, J. Sauve, and A. Moura,
"Towards business-driven continual service improvement," in Network
metrics and measures used to report on the Operations and Management Symposium Workshops (NOMS Wksps),
performance of process, IT service or activity. 2010 IEEE/IFIP, 2010, pp. 95-98.
PIR: Post implementation review takes place after an [12] C. A. Carver, J. M. Hill, J. R. Surdu, and U. W. Pooch, "A
activity has been completed and evaluates the methodology for using intelligent agents to provide automated intrusion
success of the activity. response," in Proceedings of the 2000 IEEE Workshop on Information
Assurance and Security, 2000, pp. 110–116.
ARCI: A Table that helps defining roles and
[13] K. Nakajima, Y. Kurata, and H. Takeda, "A web-based incident
responsibilities. ARCI stands for Accountable, reporting system and multidisciplinary collaborative projects for patient
Responsible, Consulted and Informed. safety in a Japanese hospital," Journal of Quality and Safety in Health Care,
Report template: A template is defined for each vol. 14, p. 123, 2005.
reporting purpose required in the organization. A [14] S. Natarajan, A. Harvey, H. Lee, V. Rawat, and L. Pereira,
report template is the result of the report "Technique for providing automatic event notification of changing network
management process. conditions to network elements in an adaptive, feedback-based data
network," Google Patents, 2003.
Report designer: Is a role assigned by the CSI
[15] T. Fahringer, M. Gerndt, et al., "Knowledge specification for
manager which is mainly responsible for preparing automatic performance analysis, APART Technical Report," vol. FZJ-
the report template. ZAM-IB-2001-08, FORSCHUNGSZENTRUMJÜLICH GmbH,
Report owner: A role responsible for reporting based Zentralinstitut für Angewandte Mathematik, 2001.
on the determined and assigned report template. [16] A. Sahai, V. Machiraju, M. Sayal, A. Van Moorsel, and F. Casati,
"Automated SLA monitoring for web services," Management Technologies
for E-Commerce and E-Business Applications, pp. 28-41, 2002.