An information security management system (ISMS) is a framework of policies and controls that manage security and risks systematically and across your entire enterprise—information security.
The Project Management Body of Knowledge (PMBOK) is a set of standard terminology and guidelines (a body of knowledge) for project management. The body of knowledge evolves over time and is presented in A Guide to the Project Management Body of Knowledge (PMBOK Guide), a book whose seventh edition was released in 2021. This document results from work overseen by the Project Management Institute (PMI), which offers the CAPM and PMP certifications.
Much of the PMBOK Guide is unique to project management such as critical path method and work breakdown structure (WBS). The PMBOK Guide also overlaps with general management regarding planning, organising, staffing, executing and controlling the operations of an organisation. Other management disciplines which overlap with the PMBOK Guide include financial forecasting, organisational behaviour, management science, budgeting and other planning methods.
Best management practice (BMP): Methods or techniques found to be the most effective and practical means in achieving an objective (such as preventing or minimizing pollution) while making the optimum use of the firm's resources.
7 ITSM Best Practices for Service Management
Share our post
The way that businesses approach technology is changing. In fact, 70% of all organizations will have accelerated use of digital technologies by 2022, transforming business processes, according to recent research from IDC. Because of this shift, there is a greater push to streamline support.
While businesses are looking to boost the delivery of support and services, one-size-fits-all service management just isn’t cutting it anymore, leading many to examine and upgrade their service management software. Unfortunately, this can also lead to overspending. According to Gartner, “Through 2023, I&O leaders will overspend by $750 million on buying unused features of ITSM tools, up from $600 million in 2019.”1 So how can you combat overspending while still ensuring you have access to modern service management? By implementing a few key ITSM best practices for service management
EasyVista 2021 Gartner Magic Quadrant for ITSM Tools
ITIL Framework for ITSM Best Practices for Service Management
You might be thinking “Doesn't ITIL cover all of the best practices we should follow regarding service management?”
You'd be correct in thinking about ITIL as the best practice framework for ITSM, but it doesn't encompass everything.
ITIL is defined as:
“A set of best-practice publications for IT service management. ITIL gives guidance on the provision of quality IT services and the processes, functions and other capabilities needed to support them.”
ITIL also describes processes, procedures, tasks, and checklists which are not specific to any singular organization or technology. These practices can be applied to knowledge management strategies and can be used with ITSM software.
Although ITIL provides an overall set of best practices for managing IT service management, there are a few other best practices that ITIL doesn’t necessarily cover to keep in mind to set yourself up for success.
7 Best Practices for Service Management Success
IT service management, and service management as a whole, runs best when there are a few key considerations made from strategy to implementation and beyond in your IT department. These seven key best practices can help propel your service management strategy to success.
Best Practice 1: Evaluate Your ITSM Maturity and Create a Clearly Defined Strategy Toward Business Goals
Often, the biggest error for a service and support team is having an inaccurate gauge on their current ITSM maturity, which leads them to create goals based on a starting point for which they are not actually ready. So, for that reason, the first best practice must be to evaluate maturity and then recognize areas where your service management strategy is not meeting expectations. For example, are there enough agents to meet your current demand? Do you have a service management tool in use? How are tickets being created? Do customers understand how to access information and submit tickets, or is it taking too long to process the tickets once they are submitted?
Once you’ve defined your baseline, your maturity level, and where you hope to scale your business and team, then you can strategically align service and support offerings with business goals. This will require checking in with key stakeholders from both the IT service desk as well as business leaders and the customers to whom you provide support. Then, you can come up with a plan with clear benchmarks in place to periodically check in and adjust your strategy.
Best Practice 2: Automate Tasks and Create Self-Sufficient Self-Service
Automation is one of the most critical best practices in ITSM. But, as Bill Gates once mentioned, automation applied to inefficiency will only magnify that inefficiency, so a key component of automation is to automate the most important and cleanly mapped out tasks.
Automation serves a few important purposes: freeing up the human agents for more complicated tasks, providing self-service to customers who will, in-turn, be able to better support their own customers, and creating a self-sufficient self-service experience. The whole of these parts amounts to the shift-left initiative – shifting Level-0/1 tickets to self-service and reserving agent time for Level 2 and up so that customers are bettered served and more highly satisfied.
To start with automation, consider the tasks that already have some degree of automation to them and work backward, keeping in mind what customers and agents need the most. Remember, automation shouldn’t replace humans, but should positively augment their experience.
Best Practice 3: Establish Metrics and KPIs for Your Service Management Strategy and Automation
You will need to establish key performance indicators (KPIs) for the IT service management software and any self-service additions to help you refine your strategy and identify areas of improvement. To help understand your level of ITSM success and identify improvement opportunities consider some, or all, of the following six metrics as a means of better understanding performance:
- Level Zero Solvable (LZS) - this is a measure that can be used to assess knowledge article strength (and suitability) prior to launching a self-service/self-help/self-care capability. But it also has an ongoing use as a success measure for self-service.
- Self-service usage - this needs to consider various dimensions. Firstly, there's the absolute volume and then the percentage share of overall volumes. Secondly, there are different usage types to consider-knowledge access, support ticket creation, service requests, automated resolution/provisioning use, etc.
- Software success and failure levels - this can be both system-measured and ascertained via end-user feedback. For instance, the volume or percentage of knowledge searches that resulted in a ticket being raised.
- Costs - there's the month-to-month cost per transaction trend (it will differ based on volumes) and in comparison with other support channel costs.
- Speed-related measures - whether self-service is speeding up resolutions and provisioning, resulting in lower levels of lost productivity.
- Employee experience/satisfaction - not only is the level of self-service performance against target and across time important, so is the relative level of satisfaction or happiness versus other access and communication channels.
Best Practice 4: Prioritize Customer Experience and Focus on Creating Value
When it comes down to it, the role of the service desk is to create value for the customer, and in turn, the business as a whole. In order to do that, you must push adoption of the ITSM and self-service initiatives. But how do you get the customers to avoid shadow IT and potentially frustrating workarounds? By focusing on making the customer experience a priority and creating value for the customer.
You can think of this as turning the service desk from a cost-center to a value-center. To do this, you must become customer centric.
To become customer centric, you must know your customer fully and implement outside-in thinking – and you have to do it as a team. You can begin by identifying who your customers are and mapping out their journey. This means taking a thorough look at each type of customer and fully understanding their needs at each touchpoint or moment. You can read more about how to identify different customer personas and map their journeys in this recent blog post.
The most important thing to remember in prioritizing and creating value for customers is that there is no way to provide a consistent experience to every customer, every time, if there is not a coordinated effort and easy way for agents to do so, which starts with the service management strategy.
Best Practice 5: Utilize an IT Service Catalog
Another service management best practice is to utilize an IT service catalog. The service catalog is one of the components in the Service Portfolio that is communicated publicly to employees.
To put it simply: The IT service catalog should be the go-to document to find IT services, hardware, software, and support. It is the vehicle for defining, prioritizing, and marketing IT services to individuals.
When you are creating your service management strategy, communication is at the core of success. Your service catalog tells your agents, customers, and managers what to expect, which can increase their adoption of ITSM and self-service solutions.
Best Practice 6: Choose an Effective Service Management Tool
Arguably the most important service management best practice is simply to choose an effective IT service management tool. Your ITSM tool will be the foundation for all of your IT services, from ticket creation, tracking, and incident management, to linking incidents together to understand greater problems. It might seem overwhelming to consider changing ITSM tools, especially if you’ve had the same software for years, but ITSM tool selection doesn't have to be complicated.
The main factors to consider are the total cost of ownership (TCO) of any ITSM solution (which includes the cost of implementation and administration), maturity and scalability of the product, and ease of use. Of course, there are other factors to consider. You can read more about these factors in Gartner’s 6 Smart Steps for ITSM Tool Selection Success.
Best Practice 7: Create an Effective Service Management Team
Next to utilizing the best ITSM tool for your needs, creating an effective service management team within your IT department is another key best practice. Make sure your team is assembled before implementing any major service management changes or updates.
When assembling your team, think about work styles. For example, does your team work best in an agile environment, or a more traditional style? It’s likely that you won’t be starting from scratch with your team, which is a good thing. Understand who excels in which style of environment and learn each of your team members’ strengths. When your team feels empowered and are working in roles they personally enjoy, the business as a whole will have better results.
Take the Next Step with ITSM Best Practices for Service Management
These ITSM best practices for service management will lay a foundation for service management success – whether you plan to use your service management tool or strategy in IT alone, or plan to expand to other teams and departments.
To learn more about how EasyVista can help you meet your service management goals, you can read about EV Service Manager here.
IT service management (ITSM) refers to the entirety of activities – directed by policies, organized and structured in processes and supporting procedures – that are performed by an organization to design, plan, deliver, operate and control information technology (IT) services offered to customers.[1] It is thus concerned with the implementation of IT services that meet customers' needs, and it is performed by the IT service provider through an appropriate mix of people, process and information technology.[2]
Differing from more technology-oriented IT management approaches like network management and IT systems management, IT service management is characterized by adopting a process approach towards management, focusing on customer needs and IT services for customers rather than IT systems, and stressing continual improvement. The CIO WaterCoolers' annual ITSM report states that business use ITSM "mostly in support of customer experience (35%) and service quality (48%).
ITIL, formally an acronym for Information Technology Infrastructure Library, is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. In its current form (known as ITIL 2011), ITIL is published as a series of five core volumes, each of which covers a different ITSM lifecycle stage. Although ITIL underpins ISO/IEC 20000 (previously BS 15000), the International Service Management Standard for IT service management, there are some differences between the ISO 20000 standard and the ITIL framework.
ITIL describes processes, procedures, tasks, and checklists which are not organization-specific, but can be applied by an organization for establishing integration with the organization's strategy, delivering value, and maintaining a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement. (It is to be noted that there is no formal independent 3rd Party Compliance Assessment available for ITIL compliance in an organisation, Certification in ITIL is only available to individuals and relates to their knowledge of the 5 books)
Since July 2013, ITIL has been owned by AXELOS, a joint venture between Capita and the UK Cabinet Office. AXELOS licenses organisations to use the ITIL intellectual property, accredits licensed examination institutes, and manages updates to the framework. Organizations that wish to implement ITIL internally do not require this license.
COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework created by international professional association ISACA for information technology (IT) management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.
COBIT was initially "Control Objectives for Information and Related Technologies," though before the release of the framework people talked of "CobiT" as "Control Objectives for IT"[8] or "Control Objectives for Information and Related Technology."[9] The framework defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model. COBIT also provides a set of recommended best practices for governance and control process of information systems and technology with the essence of aligning IT with business. COBIT 5 consolidates COBIT 4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with other frameworks and standards.[1]
The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.
The process focus of COBIT is illustrated by a process model that subdivides IT into four domains (Plan and Organize; Acquire and Implement; Deliver and Support; and Monitor and Evaluate) and 34 processes inline with the responsibility areas of plan, build, run, and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed IT standards and good practices such as COSO, ITIL, BiSL, ISO 27000, CMMI, TOGAF and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that link the good practice models with governance and business requirements.[1] COBIT 5 further consolidated and integrated the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and drew from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS).
The framework and its components can, when utilized well, also contribute to ensuring regulatory compliance. It can encourage less wasteful information management, improve retention schedules, increase business agility, and lower costs while better complying with data retention and management regulations.[10]
COBIT components include:
- Framework: Organizes IT governance objectives and good practices by IT domains and processes and link them to business requirements.
Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run, and monitor.
- Control objectives: Provides a complete set of high-level requirements to be considered by management for effective control of each IT process.
- Management guidelines: Helps assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes.
- Maturity models: Assesses maturity and capability per process and helps to address gaps.
Val IT is a governance framework that can be used to create business value from IT investments. It consists of a set of guiding principles and a number of processes and best practices that are further defined as a set of key management practices to support and help executive management and boards at an enterprise level. The latest release of the framework, published by IT Governance Institute (ITGI), based on the experience of global practitioners and academics, practices and methodologies was named Enterprise Value: Governance of IT Investments, The Val IT Framework 2.0. It covers processes and key management practices for three specific domains and goes beyond new investments to include IT services, assets, other resources and principles and processes for IT portfolio management.
eTOM (enhanced Telecom Operations Map) is a framework for enterprise processes in the telecommunications industry. It is a set of standards, models and best practices. The framework consists of three hierarchically arranged levels of processes.
TickIT is a certification program for companies in the software development and computer industries, supported primarily by the United Kingdom and Swedish industries through UKAS and SWEDAC respectively. Its general objective is to improve software quality.
History
In the 1980s, the UK government's CCTA organisation promoted the use of IT standards in the UK public sector,[1] with work on BS5750 (Quality Management) leading to the publishing of the Quality Management Library and the inception of the TickIT assessment scheme with DTI, MoD and participation of software development companies.
TickITplus
The TickIT scheme has been updated to become TickITplus, a new website TickITplus is now available.
TickITplus adds a new dimension to the existing TickIT Scheme combining industry best practice with International IT standards. It provides ISO 9001:2008 accredited certification with a Capability Grading for all sizes and types of IT organisations. It cross-references ISO/IEC 15504 (Information technology — Process assessment) and ISO/IEC 12207 (Systems and software engineering — Software life cycle processes) amongst others. In addition it promotes Auditor and Practitioner competency and training within established qualification standards.
Functions
In addition to a general objective of improving software quality, one of the principles of TickIT is to improve and regulate the behaviour of auditors working in the information technology sector through training, and subsequent certification of auditors. The International Register of Certificated Auditors manages the registration scheme for TickIT auditors.
Software development organizations seeking TickIT Certification are required to show conformity with ISO 9000.
Major objective was to provide industry with a practical framework for the management of software development quality by developing more effective quality management system certification procedures. These involved:
publishing guidance material to assist software organizations interpret the requirements of ISO 9001
training, selecting and registering auditors with IT experience and competence, and
introducing rules for the accreditation of certification bodies practising in the software sector
The TickIT Guide
TickIT also includes a guide. This provides guidance in understanding and applying ISO 9001 in the IT industry. It gives a background to the TickIT scheme, including its origins and objectives. Furthermore, it provides detailed information on how to implement a Quality System and the expected structure and content relevant to software activities. The TickIT guide also assists in defining appropriate measures and/or metrics. The TickIT Guide contains the official guidance material for TickIT. It is directed at a wide audience: senior managers and operational staff of software suppliers and in-house development teams, purchasers and users of software based systems, certification bodies and accreditation authorities, third party and internal auditors, auditor training course providers and IT consultants.
Part A: Introduction to TickIT and the Certification Process
This presents general information about the operation of TickIT and how it relates to other quality initiatives such as Process Improvement.
Part B: Guidance for Customers
This describes the issues relating to quality management system certification in the software field from the viewpoint of the customer who is initiating a development project, and explains how the customer can contribute to the quality of the delivered products and services.
Part C: Guidance for Suppliers
This presents information and guidance to software and software service providing organizations, including in house developers, on the construction of their quality management systems using the TickIT procedures. This part also indicates how organizations can assess and improve the effectiveness of their quality management systems.
Part D: Guidance for Auditors
This gives guidance to auditors on the conduct of assessments using the TickIT procedures.
Part E: Software Quality Management System Requirements – Standards Perspective
This contains guidance to help organizations producing software products and providing software-related services interpret the requirements of BS EN ISO 9001:2000. It follows the clause sequence of the Standard.
Part F: Software Quality Management System Requirements – Process Perspective
This identifies and elaborates upon the good practice required to provide effective and continuous control of a software quality management system. It is organized around the basic processes required for software development, maintenance and support and follows the structure set out in ISO/IEC 12207:1995.
Appendix 1: Management and Assessment of IT Processes
Appendix 2: Case study: Using the EFQM Excellence Model
Appendix 3: Case Study: ISO/IEC 15504 - Compatible Process Assessments
Appendix 4: Case study: Software Process Improvement The CMMSM Way
Standards information and references
Glossary of terms
A balanced scorecard is a strategic management performance metric that helps companies identify and improve their internal operations to help their external outcomes. It measures past performance data and provides organizations with feedback on how to make better decisions in the future.
ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS) and their requirements. Additional best practice in data protection and cyber resilience are covered by more than a dozen standards in the ISO/IEC 27000 family.
What is ISO/IEC 20000? ISO/IEC 20000 is the international ITSM (IT service management) standard. It enables IT departments to ensure that their ITSM processes are aligned with the business's needs and international best practices.
Six Sigma is a process that makes use of statistics and data analysis to analyze and reduce errors or defects. In this process, the purpose is to improve cycle times while reducing manufacturing defects to no more than 3.4 defects per million units or events.Esfand 22, 1401 AP
