Scaling API-first – The story of a global engineering organization
Thierry Brunet - IT best practices & frameworks overview
1. eMedia Technologie IT Best practices overview, mapping and implementation Thierry Brunet, Director Associates 18/01/12 The Legacy Modernization Company
2.
3. IT Best Practices, Framework, & Standards overview “ the quality of a system or product is highly influenced by the quality of the process used to develop and maintain it,” (SEI) 18/01/12
4. Stabilizing IT with Process Methodologies IT organization activity Continuous Improvement Point Improvement Certification and documentation Schema Planning Decision Developpement and Acquisition Deployement Exploitation IT Best practices roles 18/01/12
8. Defined Responsibilities for Each Process RACI Chart A RACI chart identifies who is R esponsible, A ccountable, C onsulted and/or I nformed. 18/01/12
13. ITIL V2 Process Reference Framework Financial Management for IT services Capacity Management Availability Management IT Service Continuity Management Incident Management Problem Management Change Management Configuration Management Release Management Service Delivery Set Service Support Set Service Level Management IT Infrastructure security Service Desk
14. Service reports Incident statistics Audit reports CMDB Incident Management Problem Management Change Management Release Management Configuration Management Incidents Problems Known Errors Changes Releases CIs Relationships Incidents Management Tools CMD reports CMDB statistics Policy/standards Audit reports Incidents Service Desk Difficulties Queries Enquires Communications Updates Work-arounds Customer survey reports Changes Releases The Business, Customers, or Users Release schedule Release statistics Release reviews Secure library Testing Standards Audit reports Change schedule CAB minutes Change statistics Change reviews Audit reports Problem statistics Trend analysis Problem reports Problem reviews Diagnostic aids Audit reports THE SERVICE SUPPORT PROCESS MODEL 18/01/12
15. Maintainability Reliability Serviceability Statistics& incidents Audit reports CMDB Availability Management Capacity Management Business Continuity Management Financial Management Configuration Management Incidents Problems Known Errors Changes Releases CIs Relationships Incidents Incidents (SLM) Service Desk Difficulties Queries Enquires Communications Updates Workarounds Customer survey reports Standards Statistics Reports Audit reports Reviews Plans Tests Audit reports Performance statistics& incidents Plans Trend analysis Diagnostic aids Audit reports THE SERVICE DELIVERY PROCESS MODEL CMD reports CMDB statistics Policy/standards Audit reports The Business, Customers, or Users 18/01/12
20. CMMI-DEV Processes 18/01/12 Causal Analysis and Resolution (CAR) Configuration Management (CM) Decision Analysis and Resolution (DAR) Integrated Project Management (IPM) Measurement and Analysis (MA) Organizational Process Definition (OPD) Organizational Process Focus (OPF) Organizational Performance Management (OPM) Organizational Process Performance (OPP) Organizational Training (OT) Product Integration (PI) Project Monitoring and Control (PMC) Project Planning (PP) Process and Product Quality Assurance (PPQA) Quantitative Project Management (QPM) Requirements Development (RD) Requirements Management (REQM) Risk Management (RSKM) Supplier Agreement Management (SAM) Technical Solution (TS) Validation (VAL) Verification (VER)
21. CMMI Staged Representation - 5 Maturity Levels Level 5 Initial Level 1 Processes are unpredictable, poorly controlled, reactive. Managed Level 2 Processes are planned, documented, performed, monitored, and controlled at the project level. Often reactive. Defined Level 3 Processes are well characterized and understood. Processes, standards, procedures, tools, etc. are defined at the organizational (Organization X ) level. Proactive. Quantitatively Managed Level 4 Processes are controlled using statistical and other quantitative techniques. Optimizing Process Maturity Process performance continually improved through incremental and innovative technological improvements. 18/01/12
22.
23. IT Best Practices, Frameworks & Standards mapping COBIT, ITIL, ISO2700x, CMMi 18/01/12
24. Deliver and Support (DS Process Domain) Monitor and Evaluate (ME Process Domain) Acquire and Implement (AI Process Domain) Plan and Organise (PO Process Domain) 18/01/12
25. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define IT Processes Organisation and Relationships Manage IT Investment Determine Technological Direction Communicate Managementt Aims and Direction Manage IT Human Resource Assess and Manage IT Risks Manage Projects Manage IT Quality Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Manage Change Install and Accredit Systems Enable operation and use Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Third-party Services Define and Manage Service Levels Educate and Train Users Manage Operations Manage Configuration Manage Service Desk and Incidents Manage Data Manage Physical environment Manage Manage Problems Monitor And Evaluate IT Performance Monitor and Evaluate Internal Controls Ensure Compliance With External Standards Provide IT Governance Define Information Architecture ITIL V2 mapping with COBIT 4.1 Service Delivery Service Support Service Desk Incident Management Change Management Release Management Problem Management Configuration Management Service Level Management Availability Management Financial Management Continuity Management Capacity Management Procure IT Ressources 18/01/12
26. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define IT Processes Organisation and Relationships Manage IT Investment Determine Technological Direction Communicate Managementt Aims and Direction Manage IT Human Resource Assess and Manage IT Risks Manage Projects Manage IT Quality Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Manage Change Install and Accredit Systems Enable operation and use Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Third-party Services Define and Manage Service Levels Educate and Train Users Manage Operations Manage Configuration Manage Service Desk and Incidents Manage Data Manage Physical environment Manage Problems Monitor And Evaluate IT Performance Monitor and Evaluate Internal Controls Ensure Compliance With External Standards Provide IT Governance Define Information Architecture ITIL V2 mapping with COBIT 4.1 Service Delivery Service Support Service Desk Incident Management Change Management Release Management Problem Management Configuration Management Service Level Management Availability Management Financial Management Continuity Management Capacity Management Procure IT Ressources 18/01/12
27. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define IT Processes Organisation and Relationships Manage IT Investment Determine Technological Direction Communicate Managementt Aims and Direction Manage IT Human Resource Assess and Manage IT Risks Manage Projects Manage IT Quality Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Manage Change Install and Accredit Systems Enable operation and use Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Third-party Services Define and Manage Service Levels Educate and Train Users Manage Operations Manage Configuration Manage Service Desk and Incidents Manage Data Manage Physical environment Manage Problems Monitor And Evaluate IT Performance Monitor and Evaluate Internal Controls Ensure Compliance With External Standards Provide IT Governance Define Information Architecture ITIL V3 mapping with COBIT 4.1 Procure IT Ressources 18/01/12
28. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define IT Processes Organisation and Relationships Manage IT Investment Determine Technological Direction Communicate Managementt Aims and Direction Manage IT Human Resource Assess and Manage IT Risks Manage Projects Manage IT Quality Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Manage Change Install and Accredit Systems Enable operation and use Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Third-party Services Define and Manage Service Levels Educate and Train Users Manage Operations Manage Configuration Manage Service Desk and Incidents Manage Data Manage Physical environment Manage Problems Monitor And Evaluate IT Performance Monitor and Evaluate Internal Controls Ensure Compliance With External Standards Provide IT Governance Define Information Architecture ISO 2700x Family mapping with COBIT 4.1 Procure IT Ressources 18/01/12
29. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define IT Processes Organisation and Relationships Manage IT Investment Determine Technological Direction Communicate Managementt Aims and Direction Manage IT Human Resource Assess and Manage IT Risks Manage Projects Manage IT Quality Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Manage Change Install and Accredit Systems Enable operation and use Manage Performance and Capacity Ensure Continuous Service Ensure System Security Identify and Allocate Costs Manage Third-party Services Define and Manage Service Levels Educate and Train Users Manage Operations Manage Configuration Manage Service Desk and Incidents Manage Data Manage Physical environment Manage Manage Problems Monitor And Evaluate IT Performance Monitor and Evaluate Internal Controls Ensure Compliance With External Standards Provide IT Governance Define Information Architecture CMMI for Development 1.3 mapping with COBIT 4.1 Procure IT Ressources 18/01/12
30. IT Best Practices, Standards & Frameworks Implementation A pragmatical approach 18/01/12
31.
32.
33. 18/01/12 Comprehensive Approach to Improvement Six σ IT Operational Processes — ITIL App. Development Processes — CMMI Project Management Processes — PMI 1. Establish the Work 2. Align Roles With Work RACI 3. Identify Appropriate Measures 4. Apply Governance CobiT
Hello Ladies & Gentlemen, Thank you for joining this presentation, I’m Thierry Brunet, Co-Founder of eMedia Technologie. Before and during 19 years, with my associates Philippe Depland, we worked for a large software vendor, in EMEA as Principal Consultant, where we helped large companies, Consulting companies and Service Providers to implement Technologies using a people, process and Technology approach To better Govern, Manage and Secure IT Systems and align them to business goals So we have created eMedia Technologie, The legacy modernization company, in France mainly to work outside from France, in order to help By providing Consulting, Training, Services, and experts. We intend to install a branch here in Damascus, in order to act as a bridge between our Experts and your projects. We would like also to hire people here and to make bridges between french universities, Syrian universities and IT Associations. The purpose of my presentation today is to make an overview of IT Best practices, Frameworks and Standards, and mainly how they map and how to implement them.
We’ll make a Best practices overview, we’ll see their mapping and how to implement them, I’m not sur we’ll cover everything in details in one hour, but I hope this will give you a better idea. We have a Q&A session after the presentation and if you need more details or specific projects, we’ll welcome you on Booth A1.11. Philippe Depland from eMedia will cover more in details the evolution of security best practices
Ces démarches méthodologiques ont largement gagné l'approbation des entreprises dans d'autres domaines en dehors de l'informatique. Par exemple, l'approche Six Sigma a été mise en œuvre avec grand succès par des entreprises industrielles comme Motorola et General Electric. Les dirigeants de ces sociétés ont publiés des ouvrages qui mettent en évidence les résultats chiffrés impressionnants. Le cabinet Forrester a publié plusieurs rapports récemment qui démontrent qu'un nombre croissant d'organisations IT sont en train d'adopter des méthodologies spécifiques à l'informatique, tel que CMMi, ITIL ou CobIT. Ce graphique est tiré d'une étude Forrester dans lequel l'analyste précise que: ces méthodologies dérivent des approches différentes, mais elles ont également des traits communs et elles apportent une forte complémentarité. ... Chez CA, nous adhérons complètement à ces démarches ... mais pour être mise en œuvre avec succès, nous croyons que ces processus requièrent un certain niveau d'automatisation ...
COBIT also provides information on what processes should be delegated and to whom they should be delegated. This helps to ensure that IT processes are being managed at the appropriate level within an enterprise. The ‘RACI’ Chart is defined for each process and indicates who is responsible, accountable, consulted or should be informed about specific tasks within a given process. The roles in the RACI chart are categorised for all processes as: • Chief executive officer (CEO) • Chief financial officer (CFO) • Business executives • Chief information officer (CIO) • Business process owner • Head operations • Chief architect • Head development • Head IT administration (for large enterprises, the head of functions such as human resources, budgeting and internal control) • The project management officer (PMO) or function • Compliance, audit, risk and security (groups with control responsibilities but not operational IT responsibilities)
Everyone recognise this the ITIL service support model? How many IIFs do you think we need to automate the key processes, optimise the underlying technology base and realise the potential cost benefits while at the same time building on existing ITIL processes? What if I told you we need only 3?
Service delivery is different though……..for one thing some of the Idelivery TIL books fail to point out the obvious, that a cmdb is still central---this is more of a failure to state something that everyone thinks is obvious than a failure to recognise reality, however……….
exion
Session #: Title ORGANIZATION Culture Leadership PEOPLE Engagement – most orgs forget this step Training – formal & practical PROCESS Design – not from scratch TECHNOLOGY Sorry - You will have to buy tools