Information System Operations

○ responsible for ongoing support for an organizations computer and IS environment

○ ensure that computer operations processing requirements are met, end user are
satisfied and informations is processed securely
Governance
● ensures that stakeholders need, conditions and options are evaluated
● monitoring performance and compliance
● responsibility of the board of directors
● may be delegated to special organizational structures at an appropriate level
Management
● plans, builds, runs and monitors activities
● responsibility of the executive management under CEO
● IS management has the overall responsibility for all operations within the IT department
IT Service Management (ITSM)
● how IT teams manage the end-to-end delivery of IT services to customers
● includes all processes and activities design, create, deliver and support IT service.

Two Frameworks for ITSM

1. IT Infrastructure Library (ITIL)
○ reference body of knowledge for service delivery good practices
○ comprehensive framework detailed over five volumes
■ service strategy
■ service design
■ service transition
■ service operations
■ continual service improvement
○ main objective is to improve service quality to the business.
2. ISO 20000-1:2011 Information Technology - Service Management
○ requires service providers to implement the plan-do-check-act (PDCA) methodology
○ main objective is to improve service quality, achievements of the standards certifies
organizations as having passed auditable practices and processes in ITSM.
Service Level and Operational Level Agreements
Service Level
● A contract between service provider and customer
● SLAs can also be supported by operational level agreements (OLAs)

Operation Level Agreement

● Agreement between the internal support groups of an institution that supports SLA
● Clearly depicts the performance and relationship of the internal service groups.
● Main objective is to ensure that all the support groups provide the intended SLA

Tools to monitor efficiency and effectiveness of services provided

Exception Reports
- automated reports that identifies all application that did not successfully completed or otherwise
malfunctioned
e.g.
1. Poor understanding of business requirements
2. Poor application design, development or testing
3. Inadequate operation instruction and report, operator training, sequencing of task, system
configuration, and capacity management

System and application logs

- logs generated from various systems and applications.
- auditor can carry out test with this software to ensure
1. Only approved programs and authorized IT personnel can access sensitive data
2. Software utilities that can alter data files and programs libraries - authorized purpose only
3. Approved programs are run only when scheduled. Unauthorized runs do not take place
4. Correct data file generation for production purposes only
5. Data files are adequately protected.

Operator problem reports

- manual report used by helpdesk to log computer operations problems and resolutions

Operator work schedules

- report maintained manually by IS management to assist in human resource planning to ensure
proper staffing of operation support
Incident Management
● Incident - event that could lead to loss/disruption of organization's operations, services or
functions.
● Activities of an organization to identify, analyze, and correct hazards to prevent a future re-
occurrence
● Incidents are normally dealt by and IRT or IMT (incident management team)
● Is reactive and its objective is to respond to and resolve issues restoring normal service as
quickly as possible

Problem Management
● Process responsible for managing the lifecycle of all problems that happen or could happen in
an IT service
● Primary objective are:
○ to prevent problems and resulting incidents from happening
○ To eliminate recurring incidents
○ To minimize the impact of incidents that cannot be prevented
Incident Management
Incident Management
- Objective is to restore the service as quickly as possible

Problem Management
- Deals with solving the underlying cause of one or more incidents
- Resolve the root cause and to find permanent solutions

Problem
- Cause of one or more incidents (ITIL v3)

Basic Concepts:
1. Root Cause
- fault in the service component that made the incident occur.
2. Workaround
- way of reducing/eliminating the impact of an incident for which a full resolution is not
yet available

Two Major sub processes:

• Reactive problem management
- analyzing and resolving the causes of incidents
• Proactive problem management
- aims to detect and prevent future problems/ incidents.
- includes the identification of trends or potential weaknesses.

Problem Management Policy

Policy
- All incidents with a Priority 1 (critical) or Priority 2 (high) that involve a major outage
require a Problem Record opened and the problem management process followed

"always open a Problem Record for incidents that continually reoccur so that root cause can be
determined and permanent solution be put into place.

ROLES & RESPONSIBILITIES

1. Problem Manager
- accountable for the overall problem management process across all of IT
Responsibilities:
○ Ensures that process is defined, documented, maintained and communicated
○ Review monthly metrics and taking action where necessary
○ Facilitate post major problem review meetings
 ○ Act as an escalation point regarding any problem management process issues
○ Drive forward the integration of the problem management process with other
service management processes
○ Coordinates and chairs the regularly scheduled problem management process
committee meetings

2. Problem Coordinator
- representatives from each functional group or problem category.
- responsible for the operational and managerial tasks required by the problem process
flow.
Responsibilities:
○ Process within their unit and working with the problem manager to ensure
compliance and process maturity
○ Oversees the effort of documented problems within their unit
○ Works with necessary support groups in IT to ensure swift resolutions of
problems
○ Analyzes recurring incidents and identifies problems
○ Act as training resource within unit
○ Participates in the regularly schedule problem process committee meetings

3. Technical Experts
- staff who work on the problem records to investigate and diagnose them, devise
workarounds and permanent solutions
Responsibilities:
○ Investigates and resolves problems under the coordination of the problem
manager and problem coordinator
○ Ensure that problems are managed within their teams, provide workarounds
and devise permanent solutions
○ Diagnose the underlying root cause of incidents
○ Ensure that wok on problem is accurately recorded in the problem record
○ Ensures that optimal solutions are devised
○ Attends major incidents reviews and provide accurate and complete incident
details

4. Problem Management Process Committee - responsible for reviewing and approving

all problem management process and tool improvements. - members include the problem
manager and problem coordinators
Responsibilities:
○ Review/approval of all problem management process improvements
○ Review/approval of all problem management tool enhancement request.

Inputs that trigger the Problem Process

 • Incident Management Process - a problem record should be opened when incidents
are resolved with a workaround but the root cause is never addressed. These problems can be
opened by the service desk or service provider group after incident trend analysis is done
• Major Incident Process - a problem record should be opened for all major outages.
These problems are triggered automatically when the major incident process is followed.
• Proactive Problem Management - problem records can be opened before an incidents
occurs. Proactive problem record can be opened to replace the drive or purge old data before
an incident occurs.

Activity 1: Detection and Logging

1. Detect a Problem
2. Log the problem in ServiceNow - is critical as all the necessary information from the
incident has to be captured
3. Assign the Problem to the appropriate Support Group

Activity 2: Categorization and Prioritization

1. Categorize the Problem - essential to avoid ambiguities and makes it simpler to
search incidents
2. Prioritize the Problem - determine the impact and urgency to determine the priority

Activity 3: Investigation and Diagnosis

1. Collect problem history by investigating related incidents
2. Identify symptoms and root cause
3. Suggest and document a workaround, and change the Problem to a known error
4. Identify a permanent solution to resolve the problem

Activity 4: Resolution
1. Implement the solution

Activity 5: Major Problem Review and Closure

1. A major problem review must be held to examine:
a. Things that were done correctly and incorrectly
b. Items that can be improved in the future
c. How to prevent reoccurrence
d. Whether follow-up actions are required
2. No review is require for minor problems
3. Post review, update the problems with lessons learned
4. Close the problem record