Service Operation Processes

There are a number of key service operation processes that must link together to provide an effective overall IT
support structure. Service Operation has following 5 processes:
1. Event Management
2. Incident Management
3. Problem management
4. Request fulfillment
5. Access management
Event management: Event management manages events throughout their life cycle. This life cycle
includes coordination activities to detect events. Make sense of them and determine the appropriate control
action.
Incident management: Incident management concentrates on restoring unexpectedly degraded or
disrupted services to users as quickly as possible, in order to minimize business impact.
Problem management: Problem management involves root cause analysis to determine and resolve
the underlying causes of incidents, and proactive activities to detect and prevent future
problems/incidents. This also includes the creation of known error records, that document root causes
and workarounds to allow quicker diagnosis, and Resolution should further incidents occur.
Request fulfillment: Request fulfillement is the process for managing the life cycle of all service requests.
Service requests are managed throughout their life cycle from initial request to fulfillment using separate
request fulfillment records/tables to record and track their status. They are the mechanism by which users
formally request something from an IT service provider. Service requests are transactional and associated
with the standard services that a provider is delivering and is associated with a request model that defines
any prerequisites, authorizations needed and standard work steps and activities to fulfill it. As part of that
request model, standard changes and other types of requests for change (RFC5) may be needed to
complete fulfillment actions.
Access management: Access management is the process of granting authorized users the rights to
use a service while restricting access to non-authorized users. It is based on being able accurately to
identify authorized users and then manage their ability to. Access services as required for their specific
organizational role or job function. Access management has also been called identity or rights
management in some organizations.

Event Management
Purpose to manage events throughout their lifecycle is the purpose of event management. This life cycle of
activities to detect events, make sense of them and determine the appropriate control action, which is coordinated
by the event management process. Event management is therefore the basis for operational monitoring and
control.
If events are programmed to communicate operational information as well as warnings and exceptions, they can
be used as a basis for automating many routine operations management activities.
Example: Executing scripts on remote devices, or submitting jobs for processing, or even dynamically balancing
the demand for a service across multiple devices to enhance performance.
An event can be defined as any change of state that has significance for the management of a configuration item
(CI) or IT service. Events are typically recognized through notifications created by an IT service, CI or monitoring
tool. Effective service operation is dependent on knowing the status of the infrastructure and detecting any
deviation from normal or expected operation.
Event Management Value to Business
Event managements value to the business is generally indirect; however, it is possible to determine the basis for
its value as follows:
Event management provides mechanisms for early detection of incidents. In many cases it is possible for the
incident to be detected and assigned to the appropriate group for action before any actual service outage
occurs. When integrated into other service management processes (such as, for example, availability or capacity
management), Event management can signal status changes or exceptions that allow the appropriate person or
team to perform early response, thus improving the performance of the process. This, in turn, will allow the
business to benefit from more effective and more efficient service management overall.
Event management provides a basis for automated operations. Thus, increasing efficiency and allowing
expensive human resources to be used for more innovative work. Such as, designing new or improved
functionality, or defining new ways in which the business can exploit technology for increased competitive
advantage. Event management can have a direct bearing on service delivery and customer satisfaction. As an
example, an automated teller machine may generate event notifications that indicate the device is running low
on cash. Potentially avoiding the failure of the cash withdrawal portion of that service and its immediate impact
on customer satisfaction.

Incident Management
In ITIL terminology, an incident is defined as an unplanned interruption to an IT service, or reduction in the quality
of an IT service, or a failure of a CI that has not yet impacted an IT service (for example failure of one disk from a
mirror set).
It is the process responsible for managing the life cycle of all incidents. Incidents may be recognized by technical
staff, detected and reported by event monitoring tools, communications from users usually via a telephone call to
the service desk, or reported by third-party suppliers and partners. The purpose of incident management is to
restore normal service operation as quickly as possible, and minimize the adverse impact on business operations.
Thus, ensuring that agreed levels of service quality are maintained.
Normal service operation is defined as an operational state, where services and CIs are performing within their
agreed service and operational levels. Incident management includes any event which disrupts, or which could
disrupt, a service. This includes events which are communicated directly by users, either through the service desk
or through an interface from event management to incident management tools.
Incidents can also be reported and/or logged by technical staff. For example, they notice something untoward with
a hardware or network component they may report or log an incident and refer it to the service desk).This does
not mean, however, that all events are incidents. Many classes of events are not related to disruptions at all, but
are indicators of normal operation or are simply informational. Although both incidents and service requests are
reported to the service desk, this does not mean that they are the same.
Service requests do not represent a disruption to agreed service, but are a way of meeting the customers needs
and may be addressing an agreed target in an SLA. Service requests are dealt with by the request fulfillment
process.
Major Incidents
A separate procedure, with shorter timescales and greater urgency, must be used for major incidents. A definition
of what constitutes a major incident must be agreed and ideally mapped onto the overall incident prioritization
scheme such that they will be dealt with through the separate procedure. Where necessary, the major incident
procedure should include the establishment of a separate major incident team under the direct leadership of the
incident manager, and formulated to concentrate on this incident alone to ensure that adequate resources and
focus is provided in finding a swift resolution.
If the service desk manager is also fulfilling the role of incident manager (Say in a small organization), then a
separate person may need to be designated to lead the major incident investigation team. So, as to avoid conflict
of time or priorities, but he should ultimately report back to the incident manager. If the cause of the incident needs
to be investigated at the same time, then the problem manager would be involved as well. But the incident manager
must ensure that service restoration and underlying cause are kept separate.
Throughout, the service desk would ensure that all activities are recorded and users are kept fully informed of
progress

Problem Management
Problem management is the process which is responsible to manage the lifecycle of all problems. ITIL defines a
problem as an underlying cause of one or more incidents. The purpose of problem management is to manage
the lifecycle of all problems from first identification through further investigation, documentation and eventual
removal.
Problem management seeks to minimize the adverse impact of incidents and problems on the business that are
caused by underlying errors within the IT Infrastructure and to proactively prevent recurrence of incidents related
to these errors. In order to achieve this, problem management seeks to get the root cause of incidents, document
and communicate the known errors and initiate actions to improve or correct the situation.
Workarounds:
In some cases it may be possible to find a workaround to the incidents caused by the problem. For example, a
manual amendment may be made to an input file to allow a program to complete its run successfully and allow a
billing process to complete satisfactorily, but it is important that work on a permanent resolution continues where
this is justified. In this example the reason for the file becoming corrupted in the first place must be found and
corrected to prevent this happening again.
When a workaround is found, it is therefore important that the problem record remains open and details of the
workaround are documented within the problem record.
Scope
Problem management includes the activities required to diagnose the root cause of incidents and to determine the
resolution to those problems. It is also required to ensure that the resolution is implemented through the
appropriate control procedures, especially change management, release and deployment management. Problem
management will also maintain information about problems and the appropriate workarounds and resolutions, so
that the organization is able to reduce the number and impact of incidents over time.
In this respect, problem management has a strong interface with knowledge management, and tools such as the
KEDB will be used for both. Although, incident and problem management are separate processes, they are closely
related and will typically use the same tools, and may use similar categorization, impact and priority coding
systems. This will ensure effective communication when dealing with related incidents and problems.
The problem management process has both reactive and proactive aspects:
1. Reactive problem management is concerned with solving problems in response to one or more incidents
2. Proactive problem management is concerned with identifying and solving problems and known errors
before further incidents related to them can occur again
While reactive problem management activities are performed in reaction to specific incident situations, proactive
problem management activities takes place as ongoing activities are targeted to improve the overall availability
and end use satisfaction with IT services.
Examples of proactive problem management activities might include conducting periodic scheduled review of
incidents. Records, to find patterns and trends in reported symptoms that may indicate the presence of underlying
errors in the infrastructure.
Conducting major incident reviews where review of How can we prevent the recurrence? can provide identification
of an underlying cause or error. Conducting periodic scheduled reviews of operational logs and maintenance
records identifying patterns and trends of activities that may indicate an underlying problem might exist.
Conducting periodic scheduled reviews of event logs targeting patterns and trends of warning and exception
events that may indicate the presence of an underlying problem. Conducting brainstorming sessions to identify
trends indicate the existence of underlying problems.
Using check sheets to proactively collect data on service or operational quality issues that may help to detect
underlying problems. Reactive and proactive problem management activities are generally conducted within the
scope of service operation. A close relationship exists between proactive problem management activities and CSI
lifecycle activities that directly support in identifying and implementing service improvements.
Proactive problem management supports those activities through trending analysis and the targeting of preventive
action. Identifying problems from these activities will become an input to the CSI register which is used to record
and manage improvement opportunities.
Value to Business
Problem management provides value to business by providing:
1. Higher availability of IT services by reducing the number and duration of incidents that those services may
incur
2. Problem management works together with incident management and change management to ensure that
IT service availability and quality are increased
3. When incidents are resolved, information about the resolution is recorded
Over time, this information is used to speed up the resolution time and identify permanent solutions, reducing the
number and resolution time of incidents. Higher productivity of IT staff by reducing unplanned labour caused by
incidents and creating the ability to resolve incidents more quickly through recorded known errors and
workarounds. Reduced expenditure on workarounds or fixes that do not work. Reduction in cost of effort in fire-
fighting or resolving repeat incidents.
Request Fulfillment
Purpose
The term service request is used as a generic description for many different types of demands that are placed
upon the IT organization by the users. Many of these are typically requests for small changes that are low risk,
frequently performed, low cost etc.
E.g, a request to change a password, a request to install an additional software application onto a particular
workstation, a request to relocate some items of desktop equipment) or may be just a request for information.
Request fulfillment is the process responsible for managing the life cycle of all service requests from the users. It
is the process for dealing with service requests, many of them are actually smaller, or low risk. The purpose
needed to fulfill a request will vary depending upon exactly what is being requested. Some organizations will be
comfortable to let the service requests be handled through their incident management processes.
Scope
The process needed to fulfill a request will vary depending upon exactly what is being requested, but can usually
be broken down into a set of activities that have to be performed.
For each request, these activities should be documented into a request model and stored in the SKMS. Some
organizations will be comfortable letting the service requests be handled through their incident management
process (and tools). With service requests being handled as a particular type of incident.
Note however, that there is a significant difference here an incident is usually an unplanned event,
Whereas a service request is usually something that can and should be planned!
Therefore, in an organization where large numbers of service requests have to be handled, and where the
actions to be taken to fulfill. Those requests are very varied or specialized, it may be appropriate to handle
service requests as a completely separate work stream, and to record and manage them as a separate record
type. This is essential if reporting is desired that more accurately separates incidents from requests.
Ultimately it will be up to each organization to decide and document which service requests it will handle through
the request fulfillment process, and which will have to go through other processes such as business relationship
management for dealing with requests for new or changed services. There will always be gray areas which
prevent generic guidance from being usefully prescribed.
Value to Business
The value of the request fulfillment process includes:
1. The ability to provide quick and effective access to standard services that business staff can use to
improve their productivity or the quality of business services and products.
2. The ability to effectively reduce the bureaucracy involved in requesting and receiving access to existing
or new services, Thus also reducing the cost of providing these services.
3. The ability to increase the level of control over requested services through a centralized fulfillment
function.
4. This in turn can help reduce costs through centralized negotiation with suppliers, and can also help to
reduce the cost of support.

Access Management
Purpose
Access management is the process of granting authorized users the right to use a service, while preventing
access to non-authorized users. It has also been referred to as rights management or identity management in
different organizations.
The purpose of access management is to provide the right for users to be able to use a service or group of
services. It is therefore the execution of policies and actions that are defined in the information security
management.
Value to Business
The value of access management includes:
1. Ensuring that controlled access to services will allow the organization to maintain effective confidentiality
of its information
2. Ensuring that employees have the right level of access to execute their jobs effectively
 3. Reducing errors made in data entry or in the use of a critical service by an unskilled user (e.g. production
control systems)
4. Providing capabilities to audit use of services and to trace the abuse of services
5. Providing capabilities to revoke access rights when needed on a timely basis, an important security
consideration
6. Providing and demonstrating compliance with regulatory requirements (e.g. SOX, HIPAA and COBIT)
Functions
A function is a team or group of people and the tools or other resources they use to carry out one or more
processes or activities. In larger organizations, a function may be broken out and performed by several
departments, teams and groups or it may be embodied within a single organizational unit (e.g. a service desk).
In smaller organizations, one person or group can perform multiple functions (e.g. a technical management
department could also incorporate the service desk function). For service operation to be successful, an
organization will need to clearly define the roles and responsibilities required to undertake the processes and
activities. These roles will need to be assigned to individuals, and an appropriate organization structure of
teams, groups or functions established and managed.
Service Operations has following main functions:
1. Service desk
2. Technical management
3. IT operations management
4. Application management
Technical management and application management provide the technical resources and expertise to manage
the whole service life cycle and practitioner roles within service operation may be performed by members of
these functions.
To understand these better- Technical Management Function (TMF) is a custodian of technical knowledge and
expertise to managing IT. Application Management Function (AMF) is a custodian of technical knowledge and
expertise related to managing applications & it overlaps with Application Development. IT Operations
Management Function (ITOMF) is responsible for the daily operational activities to manage the IT Infrastructure.
It has IT Operations control & Facilities Management & it overlaps with TMF & AMF.
Service Desk
Service Desk Function (SDF) is a SPOC which focuses on service restoration and uses TMF & AMF for support.
This increases user perception and satisfaction.
Service desk the service desk is the single point of contact for users when there is a service disruption, for
service requests or even for some categories of request for change (RFC). The service desk provides a point of
communication to the users, and a point of coordination for several IT groups and processes.
To enable them to perform these actions effectively the service desk is usually separate from the other service
operation functions. In some cases, e.g. where detailed technical support is offered to users on the first call, it
may be necessary for technical or application management staff to be on the service desk.
This does not mean that the service desk becomes part of the technical management function. In fact, while they
are on the service desk, they cease to be a part of the technical management or application management
functions and become a part of the service desk, even if only temporarily.
Technical management
Technical management provides detailed technical skills and the resources needed to support the ongoing
Operation of IT services and the management of the IT infrastructure. Technical management also plays an
important role in the design, testing, release and improvement of IT services.
In small organizations, it is possible to manage this expertise in a single department, but larger organizations are
typically split into a number of technically specialized departments. In many organizations, the technical
management departments are also responsible for the daily operation of a subset of the IT infrastructure.
This shows that, although they are part of a technical management department, staffs that perform these
activities are logically part of the IT operations management function.