Sign in

An example ITIL®-based model for effective Service Integration and Management White Paper

White Paper

An example ITIL®-based model for effective Service Integration and Management White Paper

White Paper

  • White Paper
  • Governance
  • Service management
  • ITIL

Author  Kevin Holland

April 21, 2015 |

 19 min read

  • White Paper
  • Governance
  • Service management
  • ITIL

This webinar (recorded on the on 20 August 2015) provides an overview of the recently published White Paper on An example ITIL-based model for effective Service Integration and Management, written by Kevin Holland and published by AXELOS. It describe examples of proven concepts and techniques to effectively manage a complex multi-supplier environment.

Foreword

ITIL® has always, quite rightly, promoted the primary importance of managing the end-to-end service that IT delivers to their customers. The increasing complexity of the IT value chain and the rise of multi-vendor supplier eco-systems has led to the rise of Service Integration and Management (SIAM) as a new approach.

SIAM is a relatively new, and fast evolving concept, but it is far from being theoretical. SIAM providers are being established as part of some of the largest strategic sourcing initiatives around the world and across many different sectors.

In his first White Paper on SIAM, ‘An introduction to Service Integration and Management and ITIL’, Kevin Holland cogently argues that a successful implementation of SIAM rests upon the guidance provided by ITIL whilst also highlighting the need to adopt and adapt the guidance it contains to reflect the multi-tenant model. He also provides an overview of the drivers for developing a SIAM strategy and the specific challenges that it generates.

As Kevin states in that White Paper the IT industry has yet to develop an authoritative model for describing SIAM, and the objective evidence does not yet exist to reliably assess whether any specific option for SIAM is more or less effective.

In this second White Paper Kevin describes one example model for effective SIAM. This model is based on an implementation already in use within the UK public sector.

The two White Papers are a major step forward in the global, industry wide dialogue that needs to precede the development of an authoritative set of SIAM guidance.

James Finister, Tata Consultancy Services

Introduction to Service Integration and Management

The first White Paper on SIAM, ‘An introduction to Service Integration and Management and ITIL’, provided a detailed introduction to the topic, and should be read before this White Paper. Some of the key aspects are reproduced in this White Paper to assist the flow and to aid understanding.

The purpose of this White Paper is to provide one example model for effective Service Integration and Management (SIAM), including example functions and techniques. This model is founded on one that has proven its value in managing a complex multi-supplier environment since 2003. The benefits described in the first White Paper have been achieved through the application of this example model, and are reproduced in chapter 9 of this White Paper. Other models are also in use.

This paper is intended for:

  • IT Service Management (ITSM) professionals already using ITIL in a multi-supplier environment
  • ITSM professionals who understand ITIL and its benefits, and want to adopt ITIL for their multi-supplier management requirements
  • IT service providers (internal and external to an organization)
  • SIAM providers
  • SIAM consultants
  • ITSM practitioners and consultants.

What is Service Integration and Management?

Service Integration and Management (the abbreviation SIAM will be used from this point for brevity) is an adaptation of ITIL that focuses on managing the delivery of services provided by multiple suppliers.

SIAM is not a process. SIAM is a service capability and set of practices in a model and approach that build on, elaborate, and complement every part of the ITIL practices.

The aim of SIAM is to provide a single point of visibility and control for the service management and delivery of all services provided by suppliers, by:

  • Taking end-to-end accountability for the performance and delivery of IT services to the users, irrespective of the number and nature of suppliers
  • Coordinating delivery, integration, and interoperability across multiple services and suppliers
  • Assuring suppliers performance
  • Ensuring that the services effectively and efficiently meet the business need
  • Providing the necessary governance over suppliers on behalf of the business.

Adopting a SIAM model will require changes to ways of working in the business, the suppliers, and the SIAM provider. This White Paper provides examples of the nature of some of the changes that may be required, but is not exhaustive.

An example SIAM model

High level conceptual model

Figure 2.1 provides a high level conceptual illustration of SIAM. This shows the SIAM provider in the centre, acting as the bridge between the users (service consumers) and the suppliers of the services. The SIAM provider provides a SIAM capability as a set of services.

A homogeneous SIAM model provides consistency for the governance, management, and coordination for all services, irrespective of the type of services, organizational relationships with the suppliers, type of supplier, type of service consumers, or number of different parties.

Image of Figure 2.1 High-level conceptual illustration

Add image 

Figure 2.1 High-level conceptual illustration

The SIAM provider may be provided from within the business, outsourced to one of more SIAM providers, or a combination. The SIAM component model helps to determine the most appropriate approach.

SIAM component model

SIAM is not one thing. SIAM is a set of capabilities each of which has its own processes, functions, activities, and principles. A SIAM model logically groups these capabilities into related components. This grouping aids the understanding of what SIAM is, supports informed sourcing decisions, and ensures that focus is given to the activities essential for effective SIAM.

A SIAM provider cannot operate in isolation. As well as the suppliers of the IT services, a SIAM provider also needs specific support from the business organization in areas that typically include:

  • Enterprise architecture: The process of translating business vision and strategy into effective enterprise change by creating, communicating, and improving the key principles and models that describe the enterprise’s future state and enable its evolution1
  • Programme management: Managing a set of related projects that delivers a strategic goal in order to realize specific benefits, including managing realization of those benefits
  • Project management: Planning and organizing individual business projects to achieve specific goals
  • Systems integration: Getting solutions, differing technologies, applications, and infrastructure to work together, with a focus on technology integration
  • Commercial procurement: The coordination and management of buying goods and services, including the formulation, negotiation, and agreement of legal contracts
  • Business analysis: The capture and analysis of business requirements for new and changed services.

External organizations can provide assistance to the business for these support areas, but the overall accountability and control must remain within the business.

Figure 2.2 illustrates one example of a SIAM model that has been broken down into components. This is based on the UK Public Sector’s SIAM Enterprise Model, which was first created in 2012. This model and variations of it have been widely adopted in UK public sector organizations. The example model can be used when designing or reviewing specific SIAM models to initiate detailed review and discussion, and to ensure that all of the aspects included are considered.

Other SIAM models are in use, but many of them share a similar set of components.

Image of Figure 2.2 SIAM component model

Figure 2.2 SIAM component model

‘Core’ SIAM components have the title highlighted. See chapter 3.1 for further information.

Integrating services is in itself a service, and each component of this SIAM model can be delivered as a service.

The delivery of each component may be sourced from within the business or externally sourced, or in combination. External sourcing can be to a single or multiple specialist providers of SIAM services. The sourcing choice depends on:

  • The existence of SIAM capability in the business
  • The maturity of that SIAM capability
  • The capacity of the SIAM capability
  • The size and complexity of the business
  • The size and complexity of the services
  • The size and complexity of the supplier landscape.

It is becoming increasingly common to have one principle provider for the SIAM components, but also use other specialist providers for some of the components, either to:

  • Use best of breed, specialist providers for specific components (for example, performing security penetration tests)
  • Increase capacity (for example, using a specialist provider of testing services to meet a peak in demand)
  • Address gaps in capability and maturity for specific components (for example, knowledge management specialist providers).

Where this is the case, the principle SIAM provider will have the responsibility for integrating the other SIAM providers, and will retain overall accountability.

SIAM component descriptions

The SIAM Enterprise Model includes a number of individual SIAM components, each of which focuses on specific related processes and activities. A summary of these is provided below. Chapter 4 includes some key examples of use and adaptation of ITIL processes and techniques.

The model is not intended to be an organizational model, although some of the components are often aligned to specific organizational units where these require specific focused skills. Typical examples of aligned components are:

  • IT information security
  • Service validation and testing
  • Service desk
  • Operations bridge.

To illustrate this, it is perfectly feasible and acceptable for a single person to execute activities that span several SIAM components. For example, a specialist in IT service continuity (ITSC) could be involved in providing the capability for all of the following SIAM components:

  • Supplier and service assurance: conducting a maturity assessment of a suppliers ITSC capability
  • Service validation and testing: reviewing the test results from a suppliers disaster recovery test
  • Business and service continuity: Creating the top level plan that integrates all of the suppliers ITSC plans, determines the overall risks to the customer organization, and establishes mitigation
  • SIAM design: designing the service configuration to mitigate against risks, for example by specifying the use of two different providers of Infrastructure as a Service with live instances of critical applications shared across them.

The components must be fully integrated. For example, although IT information security includes security incident and event management, this must be fully interfaced to the incident management process of the Service Desk, and the event management process of the Operations Bridge so that security incidents and events can be managed through the lifecycle, irrespective of how they are initially detected and reported.

Core SIAM

The first sets of components are grouped into what is often referred to as ‘Core SIAM’, as these are common to every SIAM model and form the heart of what a SIAM provider should do.

SIAM Design

This component is concerned with the creation, updating, and improvement of the specific SIAM operating model. This includes the design of necessary processes policies and templates, information exchanges necessary for integration, SIAM organizational structures, impact assessment of new services against the model, design of appropriate metrics, and the design of service level models.

There must be a single documented design for SIAM. Where the SIAM capability is provided externally to the business, the business should have rights to use the design in order to avoid lock-in to the particular SIAM provider. This design must be subject to change management, with any changes being impacted by the SIAM provider, the business, and the suppliers.

The processes are:

  • Design coordination
  • Availability management design
  • Capacity management design.

Service Catalogue and Portfolio Management

This component is concerned with the creation and management of the Service catalogue and portfolio management that are used by the SIAM provider, the suppliers, and the business to support delivery of the services.

The principles, methods and techniques for design and creation of these catalogues are not elaborated here as they are fully described in the ITIL Service Strategy and Service Design publications.

The processes are:

  • Service portfolio management
  • Service catalogue management.

Toolset integration

This component is concerned with the integration of the toolsets used by the SIAM provider and the suppliers. This includes the selection, implementation, and configuration of appropriate SIAM tools to support the SIAM model. SIAM tooling includes:

  • Tools to support the execution of processes within the SIAM provider
  • Service alerting and monitoring tools
  • Decision support systems
  • Diagnostic tools
  • Discovery tools
  • Security tools
  • Reporting tools
  • Analytical tools.

The component is also responsible for integrating the supplier’s toolsets with all of the above. The tooling strategy must consider the impact on replacing any of the suppliers of the services or the SIAM components.

Most suppliers will already have their own tools, used to serve multiple customers and often also multiple service integrators. This presents challenges to integrating these toolsets with other suppliers and with the SIAM provider. See the first White Paper, ‘An introduction to Service Integration and Management and ITIL’, for information on strategies for tooling.

Multi-supplier coordination

This component is concerned with the activities necessary to coordinate the process execution across multiple suppliers to ensure seamless operation of the services to the users. This includes providing the capability to highlight the potential impact of the activities of one supplier on the services of another supplier, so that any adverse impacts can be predicted and prevented.

The processes include:

  • Change management for changes that affect multiple suppliers (see ICAB in chapter 6)
  • Release planning and release conflict resolution (see R&MP, chapter 6.4)
  • Capacity management providing the demand to all affected suppliers
  • Major incident management for major incidents involving multiple suppliers (see Service Bridge, chapter 6.5)
  • Problem management for problems involving multiple suppliers
  • Innovation
  • Continual service improvement.

Business and service continuity

This component is concerned with the activities necessary to create and maintain the integrated business and service continuity plans, including design, implementation and improvement of processes, creation, maintenance and testing of the integrated continuity plans, testing, and maintenance.

The processes are:

  • IT service continuity management
  • Business continuity management.

Remaining SIAM Components

The other SIAM components are:

  • Business/customer relationship management
  • Financial management
  • Knowledge management
  • Supplier and service assurance
  • IT Information Security
  • Service transition planning and support
  • Service validation and testing.

Business/customer relationship management

This component is concerned with building and maintaining the relationships between the SIAM provider, the business, and the customers of the services. The concept of Service Owners is used to support this (see chapter 4.2).

Having positive and productive relationships with the business and the customers is crucial to effective SIAM. The SIAM provider acts as the agent of the business, and must be seen to be part of it and represent its views. Ideally the SIAM provider will have representation on the management board of the business.

Some businesses choose to retain customer relationship management. This is perfectly acceptable, however the precise responsibilities for specific activities must still be defined (see chapter 4).

The processes are:

  • Business relationship management.

Financial management

This component is concerned with financial management of the SIAM provider, the suppliers, and the services, including understanding and monitoring the costs against budgets, accounting, and charging.

Typically the business will establish and own the budget, ideally with support from the SIAM provider. The SIAM provider then has responsibility for working within the budgets to deliver the service.

One critical aspect is establishing a robust cost model so that the cost of each service, including the SIAM overhead for the service, are known, measured, and monitored. The SIAM provider must be able to justify the costs of its service against its responsibilities and the quality of service delivered.

The processes are:

  • Financial management.

Knowledge management

This component is concerned with the creation, maintenance, analysis, publication, and sharing of all knowledge necessary for effective operation of the SIAM model. It also includes managing shared information repositories that can be accessed by all suppliers, customers, and the SIAM provider using appropriate access controls. The knowledge is sourced from, and should be shared between, all suppliers and the SIAM provider, and should include:

  • Documentation describing the processes, policies, and templates
  • User manuals
  • Known errors from every supplier and service
  • Descriptions and illustrative diagrams of the services
  • Service interfaces, both within a supplier and between suppliers
  • Operational data
  • Reports on achievement of service levels, for individual services and for the end-to-end services
  • Key performance indicators for the services, the suppliers, and the SIAM provider.

The processes are:

  • Knowledge management
  • Service asset and configuration management.

Supplier and service assurance

This component is concerned with the assurance of the suppliers, services, and the SIAM provider itself, managing the performance of the suppliers and the services against service levels and ensuring adherence to agreed requirements. This includes carrying out:

  • Service level management
  • Audits to ensure that processes are being followed
  • Assessments of process maturity and capability
  • Assessments of suppliers maturity and capability
  • Test assurance of suppliers testing
  • Audits of compliance against requirements
  • Audits of compliance against standards
  • Monitoring of CSI initiatives to ensure that they are being actioned.

The processes are:

  • Service review
  • Service level management
  • Process evaluation
  • Monitoring of CSI initiatives.

If the SIAM provision is outsourced, then the business must still retain the capability for this component in-house in order to effectively manage the SIAM provider. This is required to provide the business with the confidence that the SIAM provider is meeting its obligations.

As the skills for performing supplier and service assurance over individual suppliers are largely the same, businesses should seriously consider retaining the capability for this component in-house for managing all suppliers of the IT services. This approach is becoming increasingly common.

IT Information Security

This component is concerned with all aspects of information security management for both the SIAM provider and the suppliers. This includes:

  • Security design
  • Security testing
  • Security risk assessments
  • Security incident monitoring and management
  • Security event monitoring and management
  • Audit logging
  • Protective security monitoring
  • Forensic analysis
  • Security assurance
  • Accreditation of suppliers and services.

The focus should be on creating one security community that includes the SIAM provider and all suppliers and customers. For example, if one supplier discovers a vulnerability in a particular component, they should inform the SIAM provider. The SIAM provider should then make all other suppliers aware, so that they can check if they have the same vulnerability. The SIAM provider would then manage addressing the vulnerability across all suppliers, acting as if they were all part of the same organization.

The processes are:

  • Information security management.

Service transition planning and support

This component is concerned with the integrated planning and management of the transition into live operation of new and changed services that involve multiple suppliers, the retirement or transfer of services, and the transition and introduction of new services and new suppliers into the SIAM model (see Service Introduction, chapter 6.7). Suppliers retain responsibility for the release and deployment management of their own services. This component includes:

  • Planning of the integrated releases and deployments
  • Release and deployment management of the integrated releases
  • On-boarding of new suppliers and services
  • Service acceptance, including operation of defined gateways
  • Service retirement
  • Transfer of services from one supplier to another.

On-boarding and off-boarding of suppliers needs particular focus. The processes are:

  • Release and deployment management
  • Change evaluation
  • Project management (transition planning and support).

Service validation and testing

Suppliers should be fully responsible for the testing of their own services. This component is concerned with the assurance of suppliers testing, with the SIAM provider performing a review and quality assurance role. It is also concerned with the integration testing of new and changed services that involve multiple suppliers, any system integrators, and project teams to ensure that the services will work correctly together.

Both supplier testing and integration testing should cover both utility and warranty aspects, including the testing of component and end-to-end performance and resilience. Suppliers can also conduct their own integration testing with other suppliers, and should be encouraged to do so. However, the SIAM provider should retain the overall accountability and assurance.

This component includes:

  • Design of integrated tests
  • Test planning and coordination
  • Integration test execution
  • Ownership and maintenance of common regression tests
  • Management of integration test environments
  • Management of test data for the integration tests.

The processes are:

  • Change evaluation
  • Service validation and testing.

Operational Management SIAM Components

The following components focus on operational management rather than governance. It is useful to include them in the SIAM model as this supports standardization and economies of scale. These capabilities can be provided to both internal and external suppliers.

Service desk

This component provides a service desk function for the SIAM model. This is often the sole service desk for all services. In some SIAM models users report all incidents to the SIAM service desk, who then escalate unresolved incidents to the appropriate supplier. This model provides users with a single point of contact, but may not always be the best model as it adds an additional handoff point between the user and the suppliers.

An alternative model allows users to report incidents directly to the service desk of the supplier. This removes one step from the end-to-end incident resolution process, but can only work where it is clear to the user who is the supplier of the service. This can be achieved if the service lines are aligned to the services directly consumed by the user.

The incident management and event management processes must be fully integrated with the other SIAM components, in particular the Operations Bridge and IT Information Security.

The processes are:

  • Incident management
  • Request fulfilment
  • Access management.

Operational service management

This component provides a service management capability for the processes from Service Operation and Service Transition, including those listed below, as a ‘shared service’. Any suppliers can elect to engage a SIAM capability to perform activities such as change management and problem management, but this is typically only advantageous to internal suppliers or very small external suppliers. Whilst the other SIAM components provide the necessary governance, coordination and integration capabilities, this component provides the operational capabilities. These are fully described in ITIL.

The SIAM provider must be careful not to allow a ‘flow up’ of operational service management activities into the SIAM provider from the supplier, unless this can be proven to add value and improve the service. This is particularly the case where the supplier provides a ‘managed service’, with full responsibility for delivering the service to service levels. If the SIAM provider carries out specific service management tasks, they are then taking over responsibility from the supplier, and hence now own the associated risks of poor delivery. A good example of where this has unfortunately happened in some SIAM implementations is configuration management, with the SIAM provider trying to maintain a CMS that contains all assets used by all suppliers (see chapter 6.9).

The processes are:

  • Incident management
  • Problem management
  • Change management
  • Release and deployment management
  • Service validation and testing
  • Service asset and configuration management
  • Capacity management
  • Availability management
  • IT service continuity management.

Operations bridge

This component provides a single IT operations function, carrying out activities including service monitoring and alerting, event management, housekeeping, healthchecks, and batch management as a ‘shared service’. Any suppliers can elect to engage this SIAM capability to perform these activities, but this is typically only advantageous to internal suppliers or very small external suppliers.

The processes are:

  • IT operations control
  • Technical management
  • Event management
  • Incident management.

Acknowledgements

Dave Armes, Daniel Breston, Niklas Engelhart, David Heaslet, James Finister, Peter McKenzie, Ivor Macfarlane, Steve Tuppen.

About the author

Kevin Holland is an experienced service management practitioner with a reputation for practical advice that extends the theory. For the last 10 years he has been actively involved in designing, implementing, improving, and advising on service integration and management for a wide range of organizations in the public and private sectors. He is also active in developing service management qualifications.

An example ITIL®-based model for effective Service Integration and Management