2. Tutvustus
Kaimar Karu
ITIL Expert, PRINCE2 Practitioner
itSMF Estonia juhatuse liige
Mindbridge OÜ asutaja
Varem: IT tugiisik, programmeerija, projektijuht, riigiametnik
... ajakirjanik, õpetaja, filosoof
http://ee.linkedin.com/in/kaimar
Mindbridge OÜ
ITSM-alased koolitused (ITIL, MOF) ja konsultatsioonid
ITSM tarkvara valikuprojektid
Projektijuhtimisalased koolitused (PRINCE2)
G2G3 simulatsioonimängud (gamification)
http://www.mindbridge.ee/
2 www.mindbridge.ee 14.06.2012
3. itSMF Estonia
Asutatud 2006. aasta aprillis
itSMF International liige (1/52)
Liikmed: 24 ettevõtet ja 5 eraisikut
Eesmärgid:
populariseerida IT teenuste halduse parimaid praktikaid
suurendada IT teenuste valdkonnas tegutsevate inimeste
oskusi
ühtlustada valdkonna terminoloogiat Eesti IT turul
jagada kogemusi
Praktikute seminarid läbi aasta
Aastakonverents novembris/detsembris
www.itsmf.ee
3 www.mindbridge.ee 14.06.2012
6. Kõik on õige ... ja kõik on vale
„Eating lots of chocolate helps people stay thin“
„Chocolate may be good for the heart, say scientists“
„Chocolate Reduces Stress, Study Finds“
„Chocolate Can Protect Against Tooth Decay“
„Eat Chocolate, It's Good For You“
„Chocolate Contains Useful Antioxidants“
„Eating chocolate every day is bad to the bone“
„Chocolate and Alcohol Are Bad for Your Planet“
„Raw Chocolate-Harmful for your health“
„Chocolate Migrane Trigger For Some“
„Consumption of chocolate can cause acne“
6 www.mindbridge.ee 14.06.2012
7. Mis on ITIL?
IT teenusehalduse parim praktika
„A service is a means of delivering value to customers by facilitating the outcomes
customers want to achieve without the ownership of specific costs and risks.“
Abistab protsesside, funktsioonide ning muude teenusepakkumiseks vajalike
võimekustega (capabilities)
Koosneb viiest alajaotusest:
Service Strategy
Service Design
Service Transition
Service Operation
Continual Service Improvement
Viimane versioon: ITIL 2011 (enne seda ITIL v3)
Kas IT tervikuna on teenus?
8 www.mindbridge.ee 14.06.2012
8. Mis on COBIT?
A business framework for the governance and management of enterprise IT
5 põhiprintsiipi:
Meeting Stakeholder Needs
Covering the Enterprise End-to-end
Applying a Single Integrated Framework
Enabling a Holistic Approach
Separating Governance From Management
7 võimaldajate kategooriat:
factors that, individually and collectively influence whether something will work
Principles, policies and frameworks
Processes
Organisational structures
Culture, ethics and behaviour
Information
Services, infrastructure and applications
People, skills and competencies
9 www.mindbridge.ee 14.06.2012
9. COBIT 5 tugevused #1
Katab organisatsiooni IT otsast otsani
Räägib juhtide keeles, juhtidele tuttavate mudelitega
Aitab saavutada vastavust nõuetega (compliance)
Adresseerib lisaks protsessidele ka muid valdkondi
(+6)
„Provides ideas to a clueless manager“
10 www.mindbridge.ee 14.06.2012
10. COBIT 5 tugevused #2
Pakub mõistlike protsesside mudeli
Laiahaardelisem kui ITIL-is
Pakub protsesside küpsuse hindamise mudeli
Põhjalikum kui ITIL-is
Pakub protsessidele RACI mudeli
Põhjalikum kui ITIL-is
Pakub protsessidele meetrikad
Konkreetsem kui ITIL-is
11 www.mindbridge.ee 14.06.2012
12. ITIL tugevused
Puudutab „Align, Plan and Organise“ ning „Monitor, Evaluate
and Assess“ valdkondi, kuid keskendub eelkõige „Build,
Acquire and Implement“ ning „Deliver, Service and Support“
valdkondadele
Pakub võimaldajate eesmärkide saavutamiseks „kuidas“
nõuandeid kõige detailsemal üldiselt kehtival tasemel – abiks
juurutajale
On laia kasutajaskonnaga
Pakub professionaalidele põhjalikku sertifitseerimismudelit
Aitab ITSM tarkvara valikul ja juurutamisel
13 www.mindbridge.ee 14.06.2012
13. Kõik sõltub eesmärgist
Mis on see probleem, mida lahendada püütakse?
COBIT annab raamistiku ITSM tegevuste joondamiseks
organisatsiooni eesmärkidega
„Teeme ITIL-it“?
Juurutada ja parandada annab kõike, aga milleks?
COBIT töötab mõlemas suunas – ärivajaduste tõlgendamisel
IT tegevusteks ning IT strateegia sidumisel ärivajadustega
„Requirements based on current pain points and drivers
should be identified and accepted by management as
areas that need to be addressed.“
COBIT 5 Framework, lk 36
14 www.mindbridge.ee 14.06.2012
15. Eesmärkide kaskaad – protsessid
Huvilaste Tehnoloogiliste võimaluste täiustumine
Odavama hinnaga teenusepakkujate turuletulek
mõjutused
„Kuidas kõige paremini kasutada uusi tehnoloogiaid uute strateegiliste võimaluste
realiseerimiseks?“
Huvilaste
vajadused
2. Portfolio of competitive products and services
Organisatsiooni
eesmärgid 1. Alignment of IT and business strategy
7. Delivery of IT services in line with business Requirements
12. Enablement and support of business processes by integrating applications and technology into
business processes
IT eesmärgid
APO08 Manage Relationships
1. Business strategies, plans and requirements are well understood, documented and approved
2. Good relationships exist between the enterprise and IT
3. Business stakeholders are aware of technology-enabled opportunities
Võimaldajate BAI03 Manage Solutions Identification and Build
1. The solution design, including relevant components, meets enterprise needs, aligns with
standards and addresses all identified risk
eesmärgid 2. The solution conforms to the design, is in accordance with organisational standards, and has
appropriate control, security and auditability
16 www.mindbridge.ee 14.06.2012
17. BYOD - Bring Your Own Device
92% IT organisatsioone teadlikud
94% kavatsevad kehtestada BYO poliitika 2013. aasta keskpaigaks (>44%)
http://macanta.com.au/wordpress/wp-content/uploads/2011/08/BYOD-and-ITSM-V2.pdf
53% töötajatest kasutavad oma seadmeid töö juures (Forrester)
Riskid?
Kelle otsus lubada või keelata?
Gartneri soovitused BYO poliitikaks:
Kaugligipääsupoliiitka
Kättesaadavate andmete tasemed
Tegevusjuhised isikliku seadme kadumise või varguse puhuks
Millist tuge BYO seadmetele pakutakse (tasemed, toe pakkumise ajad jne)
...
18 www.mindbridge.ee 14.06.2012
18. BYOD ja COBIT 5
Enterprise Goal
Managed business risk
(safeguarding of assets)
Enterprise Goal
Compliance with external laws and
regulations
Enterprise Goal
Compliance with internal policies
Activity
Promote an IT risk-aware culture
and empower the enterprise to TASK
IT-related goal proactively identify IT risk,
opportunity and potential business
Security of information, processing impacts
infrastructure and applications Governance Practice
Process
EDM03.02 Direct risk
EDM03 Ensure Risk Optimisation
management.
Activity
Direct the integration of the IT risk
strategy and operations with the
enterprise strategic risk decisions
and operations
Metrics
Time to grant, change and remove
access privileges compared to
agreed-on service levels
Process
APO12 Manage Risk
Metrics
Number of security incidents
causing financial loss, business
disruption or public embarrasment
Process
APO13 Manage Security
19 www.mindbridge.ee 14.06.2012
19. Mõned kokkupuutepunktid
APO09 Manage Service Agreements
APO09.01 Identify IT services
Assess current IT services and service levels to identify gaps between
existing services and the business activities they support. Identify areas for
improvement of existing services and service level options.
Analyse, study and estimate future demand and confirm capacity of
existing IT-enabled services
...
APO09.02 Catalogue IT-enabled services
Publish in catalogues relevant live IT-enabled services, service packages
and service level options from the portfolio
...
ITIL
Service Portfolio Management
Service Catalogue Management
Capacity Management
...
20 www.mindbridge.ee 14.06.2012
20. Otsese kokkupuutepunktita
EDM
EDM01 Ensure Governancw Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency
APO
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO07 Manage Human Resources
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security
BAI
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI05 Manage Organisational Change Enablement
BAI09 Manage Assets
DSS
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
MEA
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
21 www.mindbridge.ee 14.06.2012
21. Juurutus
ITIL juurutus
?
COBIT juurutus
Governance of Enterprise IT (GEIT)
Trükis: COBIT 5 Implementation
„The objective of this reference guide is to provide a good
practice approach for implementing GEIT based on a
continual improvement life cycle that should be tailored to
suit the enterprise’s specific needs.“
Ei saa olla pelgalt teenusepakkuja ülesanne!
22 www.mindbridge.ee 14.06.2012
22. Seven Phases of the Implementation Life
Cycle vs Continual Service Improvement
COBIT ITIL CSI
1. What are the drivers 1. What is the vision
2. Where are we now 2. Where are we now
3. Where do we want to be 3. Where do we want to be
4. What needs to be done 4. ? [plan]
5. How do we get there 5. How do we get there
6. Did we get there 6. Did we get there
7. How do we keep the 7. How do we keep the
momentum going momentum going
23 www.mindbridge.ee 14.06.2012
24. COBIT 5 ja ITIL 2011 (alates v3)
Üksteisele lähemal kui kunagi varem
COBIT 5 püüab kontrollmehhanisme siduda
praktikaga
ITIL 2011 püüab ärile lähemale liikuda
ITIL Service Strategy raamat ja COBIT 5
Heade mõtete toetaja
25 www.mindbridge.ee 14.06.2012