This document discusses various aspects of ITIL including IT service continuity management, information security management, change management, and service transitions. It provides details on topics such as business impact analysis, change types, the change advisory board, change proposals, change management processes, and change manager responsibilities. The presentation outlines key ITIL concepts to ensure the resumption of IT services within agreed timescales and introduce changes in a controlled manner to optimize business risk.

1. Lec-3: ITIL
Mr. Islahuddin Jalal
MS (Cyber Security) – UKM Malaysia
Research Title – 3C-CSIRT Model for Afghanistan
BAKHTAR UNIVERSITY ‫باخترپوهنتون‬ ‫د‬

2. Outlines to be discussed…..
• ITSCM-DRM
• Information Security Management
• Change Management
• Service Transitions

3. ITSCM – DRM
• IT Service Continuity Management
• Ensures resumption of services within agreed
timescale
• Business Impact Analysis informs decisions about
resources
• E.g. Stock Exchange can’t afford 5 minutes downtime but 2
hours downtime probably wont badly affect a
departmental accounts office or a college bursary

4. Standby for liftoff...
• Cold
• Accommodation and environment ready but no IT
equipment
• Warm
• As cold plus backup IT equipment to receive data
• Hot
• Full duplexing, redundancy and failover

5. Information Security Management
• Confidentiality
• Making sure only those authorised can see data
• Integrity
• Making sure the data is accurate and not corrupted
• Availability
• Making sure data is supplied when it is requested

6. Change Management
• A change is a modification, addition, or removal of anything that
could impact IT services.
• This includes
• Addition
• Modification
• Removal of approved, supported or base lined H.W
• Network
• software
• application
• environment
• system
• desktop build or associated documentation

7. Reasons for Changes

8. Purpose of Change Management
• Control the lifecycle of all changes
• Help in making beneficial changes with minimum disruption to IT
services

9. Objectives of CM
• Respond to business and IT requests to ensure alignment of services
with business needs
• Ensure that changes are introduced in a controlled manner, thus
optimizing business risk
• Implement changes timely and successfully to meet business needs
• Use the standard processes and record every change

10. Scope of CM
• Any changes to all architecture , tools, metrics, processes and
documentation
• Addition, removal or modification of a service or a configuration item
or an associated documentation
• Changes to any of the five aspects of service design
• Build
• Deployment
• Testing
• User acceptance
• Bed-in (optimize)

11. Change Model
• A change model refers to pre-defined set of steps, policies and
procedures for assessing, authorizing and executing a specific type of
change. Change models should include the following:
• The steps to handle the change
• The chronological order of the steps
• Defined roles and responsibilities
• Thresholds and timescales for completion of the actions
• Escalation procedures

12. Change Management
 Respond to customers changing business
requirements
 Respond to business and IT requests for change that
will align the services with the business needs
 Roles
 Change Manager
 Change Authority
 Change Advisory Board (CAB)
 Emergency CAB (ECAB)
 80% of service interruption is caused by operator
error or poor change control (Gartner)

13. Change Types
• Normal
• Non-urgent, requires approval
• Standard
• Non-urgent, follows established path, no approval needed
• Emergency
• Requires approval but too urgent for normal procedure

14. Change Advisory Board
 Change Manager (VITAL)
 One or more of
 Customer/User
 User Manager
 Developer/Maintainer
 Expert/Consultant
 Contractor

15. CAB Considers 7R’s of Change Management
For proper impact assessment and understanding of benefits to risk,
answers to the following seven questions are important.
• Who raised the change?
• What is the reason for the change?
• What is the return required from the change?
• What are the risks involved in the change?
• What resources are required to deliver the change?
• Who is responsible for the build, test and implementation of the change?
• What is the relationship between this change and other changes?

16. Key Terminologies of CM
• Remediation planning: it refers to a recovery plan to a known state
after a failed change or release
• Service change: refers to the addition, modification or removal of an
authorized, planned or supported service component and its
associated documentation
• Request for change: it is a formal request for a service change and it
can be raised or issued by anyone involved in the service.
• Change proposal: it is raised for major changes with significant
organizational or financial effects

17. Change Proposal

18. Change management process-Change flow

19. Change Manager- Responsibilities
• Ensures process is followed and authorizes minor changes
• Identifies key stakeholders, coordinates and runs CAB Meeting
• Produces change schedule
• Coordinates change, build, test and implementation
• Reviews or closes changes
• Initiates post implementation review meetings.

20. Change Metrics

21. Service Transition
• Build
• Deployment
• Testing
• User acceptance
• Bed-in (optimize)

22. Good service transition
 Set customer expectations
 Enable release integration
 Reduce performance variation
 Document and reduce known errors
 Minimise risk
 Ensure proper use of services
 Some things excluded
 Swapping failed device
 Adding new user
 Installing standard software

23. Thank You
For Your Patience