Tải bản đầy đủ - 0 (trang)
2 The TIPA for ITIL PAM: The Standard Description of the ITIL Processes in the TIPA Framework

2 The TIPA for ITIL PAM: The Standard Description of the ITIL Processes in the TIPA Framework

Tải bản đầy đủ - 0trang

88



S. Cortina et al.



Fig. 3. TIPA for ITIL process map



“ITIL-oriented”, the TIPA for ITIL PAM embeds much more technical and marketoriented jargon such as: “Return On Investment”, “Strategic Assessment”, or “Vision

and mission”).

The TIPA for ITIL PAM has been built using Goal Oriented Requirement Engi‐

neering techniques [30]. These techniques permit to trace in the model the multiple links

that exist between one practice and several outcomes. In other words, each base practice

can support more than one outcome which represents multiple heritages between this

outcome and the set of related requirements. From an ITSM domain practitioner stand‐

point, this permits to depict the complex relations that today exist between the process

activities and its expected results. Consequently, the assessment indicators contained in

the model are seen as more representative of current working habits. The TIPA for ITIL

PAM is thus more closely aligned with the business constraints and specificities of the

ITSM domain.

To help us understand to which extent the TIPA for ITIL PAM covers the require‐

ments from ISO/IEC 20000-1, we have analyzed the new ISO/IEC 20000-11 [31] titled

“Guidance on the relationship between ISO/IEC 20000-1:2011 and service management

frameworks: ITIL ®”. Published in 2015 as part of the ISO/IEC 20000 series, this docu‐

ment provides guidance on how ITIL can be used to support efforts to demonstrate

conformity to the requirements specified in ISO/IEC 20000–1. It also clearly correlates

each of these requirements to one of the five ITIL core books. However, these correla‐

tions sometimes appear to be outside the perimeter of a process and consequently out

of the scope of the TIPA for ITIL PAM (which only addresses the process-related chapter

of each ITIL core book).



Process Assessment Model to prepare for an ISO/IEC 20000-1 Cert.



89



More precisely, we have analyzed all of the 419 elementary requirements contained

in ISO/IEC 20000-1. This list of requirements has been built during the design of our

maturity model for ISO/IEC 20000-1 (presented in [32]). For each requirement, we have

examined how the related process is described within the TIPA for ITIL PAM. We have

then determined if this particular requirement is addressed by one of the base practice

of the TIPA PAM. This work was facilitated by the fact that the TIPA for ITIL PAM

embeds a strict traceability between each base practice and the different ITIL core books.

This analysis permitted us to determine that the TIPA for ITIL PAM covers 67 % of the

requirements contained in ISO/IEC 20000-1 (mainly those included in clauses 5 to 9

addressing ITSM processes). Indeed, 282 requirements (out of a total of 419) are directly

addressed by one of the 26 ITIL processes included in the TIPA for ITIL PAM. This

results in a partial coverage of the content of ISO/IEC 20000-1 by the TIPA for ITIL

PAM.

3.3 Comparison Between the Two Process Assessment Models

The Table 1 below summarizes the five characteristics of the two ITSM PAMs that have

been analyzed.

Table 1. Key characteristics of the ISO/IEC 15504-8 and TIPA for ITIL PAMs

ISO/IEC 15504-8

Source

ISO/IEC 20000-1

documents

ISO/IEC 20000-2

ISO/IEC 15289

Process Groups

SMS General processes

Design and Transition of New or

Changed Services

Control processes

Service Delivery processes

Relationship processes

Resolution processes

Vocabulary used

ISO oriented

Building Technique used Model built by mapping each

requirement from ISO/IEC

20000-1 to an indicator that

belongs to capability level 1

ISO/IEC 20000-1

Fully (100 %)

Requirements coverage



TIPA for ITIL PAM

ITIL 2011



Service Strategy

Service Design

Service Transition

Service Operation

Continual Service Improvement

Market oriented

Model built using a specific

TIPA transformation process

(Goal-Oriented Requirement

Engineering techniques)

Largely (67 %)

(282/419)



When using a PAM for preparing a certification, the key characteristic that should

be taken into account is the level of coverage of this model regarding the set of require‐

ments against which the certification will be evaluated. However, the existence of a

common vocabulary as well as of a common structure (clause names, process group

titles…) between the set of requirements and the PAM should also be considered.



90



S. Cortina et al.



For all these reasons, the ISO/IEC 15504-8 model will provide more value compared

to the TIPA for ITIL PAM, when preparing an ISO/IEC 20000-1 certification.



4



Discussions



The analysis of the two PAMs studied in this paper permits to highlight, for each of

them, the strengths, weaknesses and opportunities described in the following sections.

4.1 ISO/IEC 15504-8: Strength, Weakness, and Opportunity

The key strength of the ISO/IEC 155504-8 PAM is its full coverage of all the require‐

ments contained in ISO/IEC 20000-1 (as depicted in Table 1 of ISO/IEC 15504-8). Thus

it is de facto the most appropriate tool that should be used by any organization willing

to prepare for a certification of its SMS against the requirements of this standard.

However, due to the way the ISO/IEC 15504-8 processes have been designed (strictly

following the requirements of ISO/IEC 15504-2) some of them can be difficult to assess.

Indeed, each source requirement from ISO/IEC 20000-1 has been translated as an indi‐

cator of capability level 1 in ISO/IEC 15504-8. This implies that some business-process

activities were included in the scope of non-business processes (to avoid them from

being considered as indicators of a capability level > 1). As an example, in 15504-8 the

definition of a procedure to record, classify, assess and approve Requests for change

has been translated as a base practice of the “SMS.8 Establishment and Maintenance”

process to avoid being considered as an indicator of capability level 3 of the “CON.1

Change Management” process. Another example is the maintenance of a Capacity

plan, which falls under the scope of the “SMS.3 Information Item Management” process

instead of being addressed by the capacity management process. Thus, when assessing

the change management or the capacity management process, key business aspects such

as the definition of the Request for change procedure or the maintenance of the capacity

plan will not be scrutinized. From an ITSM practitioner point of view, this can be

considered as a weakness of the ISO/IEC 15504-8 model.

The ISO/IEC 20000-1 standard is currently under revision. Indeed, since 2012, ISO

has required that all the MSSs should be harmonized. For that, they should strictly follow

the identical core text provided by the high level structure contained in the Annex SL

[20]. Consequently, all the process assessment models targeting these harmonized MSSs

will now include the same twelve management system processes. Such generic processes

have already been described and included in the PAM for Information security manage‐

ment (ISO/IEC 33072 [33]). Thus, in the coming months, once the ISO/IEC 20000-1

will be reviewed and improved, it will be the opportunity for the ISO editors to update

the associated PAM accordingly. This reviewed model (that will replace ISO/IEC

15504-8) will probably be included within the new ISO/IEC 33000 series of standards

(whose long-term objective is to host a library of process models targeting various

domains, including many management systems). Subsequently, this future ITSM PAM

should benefit from both improvements: the revision of ISO/IEC 20000-1 on the one



Process Assessment Model to prepare for an ISO/IEC 20000-1 Cert.



91



side, and the enhancements related to the new process assessment series of standards

(ISO/IEC 33000) on the other side.

4.2 TIPA for ITIL PAM: Strength, Weakness, and Opportunity

The key strength of the TIPA for ITIL PAM is its market orientation. It is based on ITIL,

the popular library of ITSM best practices. Being goal-oriented, the processes contained

in the TIPA for ITIL PAM are both easy to understand by process practitioners, and

easy to use by assessors. Aligned with the “adapt and adopt” philosophy advocated by

ITIL, this model fits for many purposes. On the one side it can be used for supporting a

pragmatic implementation of robust ITSM processes, based on a proven set of best

practices. On the other side, the TIPA for ITIL PAM can also be used periodically, to

both determine the initial starting point and evaluate the results of an improvement

program.

Nevertheless, the analysis of its coverage rate regarding the SMS requirements

showed the limits of the TIPA for ITIL PAM for preparing an ISO/IEC 20000-1 certif‐

ication. Indeed, as exposed in Sect. 4.2, one third of the requirements contained in ISO/

IEC 20000-1 (spread across Sects. 4, 6.3, 6.6, 7.1, 8.1, 8.2, 9.1, 9.2, and 9.3) is not

covered by the TIPA for ITIL model. This is mainly due to the fact that the definition

of the management system is not tackled by the ITIL publications and the TIPA for ITIL

PAM is strictly aligned with ITIL processes. For example, the entire clause 4 of

ISO/IEC 20000-1, which details the SMS general requirements, is obviously not

addressed by any of the processes from the TIPA for ITIL PAM.

However this weakness can be mitigated by combining the TIPA model with

management system processes such as those derived from the ISO annex SL. Expanding

the TIPA for ITIL PAM with these common processes can considerably reduce the gap

in term of coverage of the ISO/IEC 20000-1 requirements. Indeed, by doing so the

number of elementary requirements covered would increase from 282 to 397 (which

corresponds to a coverage rate of 95 %), and only 22 requirements (mainly related to

the Change, Release, and Configuration management processes) would remain orphan.

To address this problem, one solution could be to enrich the TIPA questionnaires (part

of the TIPA for ITIL framework) for these three processes with new indicators targeting

these orphan requirements. This would thus allow to use this expanded PAM (ITIL +

management system processes) in a complete ISO/IEC 20000-1 certification context.



5



Conclusion



Assessing a process is a recognized means to get a clear view on the way it is imple‐

mented and on the way it is performed within an organization. A process assessment

can thus be used for various purposes such as: certification preparation, capability deter‐

mination, improvement follow-up, or supplier selection. Therefore, when applied to the

ITSM domain, such assessments are helpful for preparing an ISO/IEC 20000-1 certifi‐

cation, providing they are based on the appropriate process assessment model. This paper

studied and compared two publicly available ITSM models: ISO/IEC 15504-8 and TIPA



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

2 The TIPA for ITIL PAM: The Standard Description of the ITIL Processes in the TIPA Framework

Tải bản đầy đủ ngay(0 tr)

×