Transcription
What processes should I have in my SIAM Process Model?BackgroundThere continues to be a lot of discussion about the processes that should be incorporated within aSIAM model, in part this is born from the fact that the SIAM model itself may drive different processrequirements and that organisations may have already adopted and developed their own processframeworks as part of their organisational evolution.Available process frameworks include CoBiT, CMMI, ISO 20000, and ITIL. Each has its ownterminology and taxonomy that can be readily adapted and adopted to meet organisation’s businessand operational requirements. Whilst these existing process frameworks offer substantive guidance,they do not specifically address SIAM requirements. For example, CoBit focuses on governance andis exploitative of existing processes to extend their scope rather than defining new ones. This gaphas led to the publication of white papers and consultancy services that have identified andmodelled new processes that need to be considered.IntroductionThe onus generally falls on the design of a SIAM project to figure out a process model and produceit. This paper aims to identify resources that would be useful for designers to reference and offerssome compass direction setting tips.This paper identifies those processes already “out there” as observed in literature of various formsfrom frameworks to white papers. It then lists what is potentially new and specific to a SIAMscenario. Ultimately the process framework implemented for your SIAM scenario will be based onyour business requirements, so this paper is for advice and guidance only. Any descriptions ordiagrams within it should not be interpreted as a definitive solution.
Avoiding AmbiguityThere are four mainstream SIAM models, as depicted in Fig. 1. These are primarily differentiated bythe organisational position of the entity acting as service integrator.Fig. 1. Mainstream SIAM Models2. SI in a Supplier1. SI in IT OrgIT OrgIT OrgService Integrator3. SI in IT Org plus a SupplierIT OrgServiceIntegratorService Integrator4. SI in Lead TowerIT licationServiceProviderDesktopServiceProviderA characteristic of a SIAM model is that an equivalent process could be deployed within eachstakeholder organisation. This characteristic usually manifests where the stakeholders are utilisingtheir own service management toolsets. To illustrate this point, consider incident management as anexample. Where all stakeholders (integrator and suppliers) are sharing the same toolset, there maybe a single incident management process that everyone adopts. However, where stakeholders haveimplemented and matured their own incident management processes, each incident managementprocess maybe interfaced to produce an end-to-end - process and it this end-to-end process that theSIAM model needs to reflect.When identifying incident management in a process model, we are not specifying how the process ismapped out (as this will be relatively customised for each SIAM model scenario), we are focused onidentifying that incident management needs to be considered and implemented in some form oranother.As there are many different process frameworks, there is a degree of variation in terminology for thesame subject matter. For example, table 1.0 below shows how incident management is referred towithin a selection of these frameworks.Table 1. Framework References to Incident Management
ITILIncident ManagementISO 20000Incident and Service Request ManagementCoBiTDSS02 - Manage Service Requests and IncidentsCMMI for ServicesIRP - Incident Resolution and PreventionWhen constructing your SIAM process model, you may pull in processes from various frameworks orindustry white papers. Ideally look to standardise on a single taxonomy but where your organisationhas adopted one or more frameworks, it would be good practice to reference theframework(s)/white paper(s) your version of the process originated from and include a glossary tomitigate against confusion.Process Reference ModelISO 12207 identifies a number of requirements for developing a process reference model, includingbut not limited to, having unique descriptions, names, and numbering.Whilst you would absolutely complete process descriptions, this paper is focused on identifying thenames of the processes required. Some of the examples at the end of this paper show the potentialgroupings and numbering of these processes. Nonetheless, this is incidental to our aim of identifyingthe names of the processes required. For further details and instructions on process descriptions,ISO 12207 and ISO 15504 should be consulted.When implemented, the SIAM processes in your model should be accompanied with detailed flowdiagrams of the end to end process that will most likely exist across the multiple stakeholders. Theyshould also include detailed explanations of the touchpoints or interaction points where the end toend processes overlap organisational boundaries.The remainder of this paper adopts ISO 12207 terminology where the SIAM Process Model isreferred to as a Process Reference Model.Frameworks and White Papers: Identifying Recourses to Leverage
In order to establish your organisation’s specific process reference model as part of the SIAM designyou will need to understand what processes are available to draw from.The following tables list a set of processes that have been offered by frameworks and SIAM whitepapers. These tables are not exhaustive and others may be in existence, so please do your research.They are also included in the spreadsheet below for convenience.Process lists forinclusion in white pa
Table 2. Process Lists per framework/white paperProcess listed in SIAM Body of KnowledgedocumentISO 20000ITIL V3CMMI for Services 1.3Audit and ControlAudit and ControlBusiness Relationship ManagementBudgeting and accounting for IT ServicesAccess ManagementCAM - Capacity and Availability ManagementBusiness relationship managementAvailability ManagementCAR - Causal Analysis and ResolutionCapacity and Availability ManagementCapacity managementCapacity ManagementCM - Configuration ManagementChange ManagementChange managementChange ManagementDAR - Decision Analysis and ResolutionCommercial/Contract ManagementConfiguration managementDemand managementIRP - Incident Resolution and PreventionContinual Service ImprovementDesign and Transition of new or changed servicesEvaluationIWM - Integrated Work ManagementEvent ManagementIncident and service request managementEvent ManagementMA - Measurement and AnalysisFinancial ManagementInformation security managementFinancial managementOPD - Organizational Process DefinitionIncident ManagementProblem managementIncident ManagementOPF - Organizational Process FocusInformation Security ManagementRelease and deployment managementInformation Security ManagementOPM - Organizational Performance ManagementKnowledge ManagementService continuity and availability managementIT service Continuity ManagementOPP - Organizational Process PerformanceMonitoring, Measuring and ReportingService level managementKnowledge ManagementOT - Organizational TrainingPortfolio ManagementService reportingProblem ManagementPPQA - Process and Product Quality AssuranceProblem ManagementSupplier ManagementRelease and Deployment ManagementQPM - Quantitative Work ManagementProject ManagementRequest FulfilmentREQM - Requirements ManagementRelease ManagementService Asset and Configuration ManagementRSKM - Risk ManagementRequest FulfilmentService Catalogue ManagementSAM - Supplier Agreement ManagementService Catalogue ManagementService Management SystemService Level ManagementSCON - Service ContinuityService Continuity ManagementService MeasurementSD - Service DeliveryService Introduction, retirement and replacementService Portfolio managementSSD - Service System DevelopmentService Level ManagementService ReportingSST - Service System TransitionSoftware asset and Configuration ManagementService Validation and TestingSTSM - Strategic Service ManagementSupplier ManagementStrategy GenerationWMC - Work Monitoring and ControlToolset and Information ManagementSupplier ManagementWP - Work PlanningThe 7 Step improvement processTransition Planning and Support
Process listed in SIAM Body of KnowledgedocumentISO 20000ITIL V3CMMI for Services 1.3Audit and ControlAudit and ControlBusiness Relationship ManagementBudgeting and accounting for IT ServicesAccess ManagementCAM - Capacity and Availability ManagementBusiness relationship managementAvailability ManagementCAR - Causal Analysis and ResolutionCapacity and Availability ManagementCapacity managementCapacity ManagementCM - Configuration ManagementChange ManagementChange managementChange ManagementDAR - Decision Analysis and ResolutionCommercial/Contract ManagementConfiguration managementDemand managementIRP - Incident Resolution and PreventionContinual Service ImprovementDesign and Transition of new or changed servicesEvaluationIWM - Integrated Work ManagementEvent ManagementIncident and service request managementEvent ManagementMA - Measurement and AnalysisFinancial ManagementInformation security managementFinancial managementOPD - Organizational Process DefinitionIncident ManagementProblem managementIncident ManagementOPF - Organizational Process FocusInformation Security ManagementRelease and deployment managementInformation Security ManagementOPM - Organizational Performance ManagementKnowledge ManagementService continuity and availability managementIT service Continuity ManagementOPP - Organizational Process PerformanceMonitoring, Measuring and ReportingService level managementKnowledge ManagementOT - Organizational TrainingPortfolio ManagementService reportingProblem ManagementPPQA - Process and Product Quality AssuranceProblem ManagementSupplier ManagementRelease and Deployment ManagementQPM - Quantitative Work ManagementProject ManagementRequest FulfilmentREQM - Requirements ManagementRelease ManagementService Asset and Configuration ManagementRSKM - Risk ManagementService Catalogue ManagementSAM - Supplier Agreement ManagementService Catalogue ManagementService Level ManagementSCON - Service ContinuityService Continuity ManagementService MeasurementSD - Service DeliveryService Introduction, retirement and replacementService Portfolio managementSSD - Service System DevelopmentService Level ManagementService ReportingSST - Service System TransitionSoftware asset and Configuration ManagementService Validation and TestingSTSM - Strategic Service ManagementSupplier ManagementStrategy GenerationWMC - Work Monitoring and ControlToolset and Information ManagementSupplier ManagementWP - Work PlanningRequest FulfilmentService Management SystemThe 7 Step improvement processTransition Planning and Support
Kevin Holland's White Paper (SIAM Model)MoFAccess managementService Level ManagementAvailability managementFinancial ManagementBusiness continuity management.Capacity ManagementBusiness/customer relationship managementAvailability ManagementCapacity managementIT Service Continuity ManagementChange managementWorkforce ManagementContinual service improvementInfrastructure EngineeringEvent managementSecurity ManagementFinancial managementChange ManagementIncident managementConfiguration ManagementInnovation culture and managementRelease ManagementIT information securitySystem AdministrationIT operations controlSecurity AdministrationIT service continuity management.Service Monitoring and ControlKnowledge managementDirectory Services AdministrationMajor incident managementNetwork AdministrationOperations bridgeStorage ManagementProblem managementJob SchedulingRelease and deployment managementService DeskRelease planning and release conflict resolutionIncident ManagementRequest fulfilmentProblem ManagementService asset and configuration managementService catalogue managementService deskService level managementService portfolio managementService reportingService transition planning and supportService validation and testing:
SIAM designStrategy for services and sourcingSupplier and service assuranceSupplier and service assuranceSupplier managementTechnical managementCoBiT 5ISO 12207SIAM SIG recommendationsEDM01 - Ensure Governance Framework Setting and Maintenance6 System Life Cycle ProcessesAddition and Transfer of Providers into the eco systemEDM02 - Ensure Benefits Delivery6.1 Agreement ProcessesAccess ManagementEDM03 - Ensure Risk Optimisation6.1.1 Acquisition ProcessAsset ManagementEDM04 - Ensure Resource Optimisation6.1.2 Supply ProcessAvailability ManagementEDM05 - Ensure Stakeholder Transparency6.2 Organizational Project-Enabling ProcessesBusiness Relationship ManagementAP01 - Manage the IT Management Framework6.2.1 Life Cycle Model Management ProcessCapacity ManagementAP02 - Manage Strategy6.2.2 Infrastructure Management ProcessChange ManagementAP03 - Manage Enterprise Architecture6.2.3 Project Portfolio Management ProcessComplaints and Escalations ProcessAP04 - Manage Innovation6.2.4 Human Resource Management ProcessConfiguration ManagementAP05 - Manage Portfolio6.2.5 Quality Management ProcessContinual Service ImprovementAP06 - Manage Budget and Costs6.3 Project ProcessesEnterprise architecture designAP07 - Manage Human Resources6.3.1 Project Planning ProcessGovernanceAP08 - Manage Relationships6.3.2 Project Assessment and Control ProcessEvent ManagementAP09 - Manage Service Agreements6.3.3 Decision Management ProcessFinancial ManagementAP10 - Manage Suppliers6.3.4 Risk Management ProcessIncident ManagementAP11 - Manage Quality6.3.5 Configuration Management ProcessMajor Incident ManagementAP12 - Manage Risk6.3.6 Information Management ProcessIT Continuity Management
AP13 - Manage Security6.3.7 Measurement ProcessIT Security ManagementBA01 - Manage Programmes and Projects6.4 Technical ProcessesKnowledge ManagementBA02- Manage Requirements Definition6.4.1 Stakeholder Requirements Definition ProcessProblem ManagementBA03 - Manage Solutions Identification and Build6.4.2 System Requirements Analysis ProcessProgramme and Project ManagementBA04 - Manage Availability and Capacity6.4.3 System Architectural Design ProcessRelease ManagementBA05 - Manage Organisational Change6.4.4 Implementation ProcessRequest ManagementBA06 - Manage Changes6.4.5 System Integration ProcessRisk ManagementBA07 - Manage Change Acceptance and Transitioning6.4.6 System Qualification Testing ProcessService Desk/Bridge (Function)BA08 - Manage Knowledge6.4.7 Software Installation ProcessService PortfolioBA09 - Manage Assets6.4.8 Software Acceptance Support ProcessService CatalogBA10 - Manage Configuration6.4.9 Software Operation ProcessService Level ManagementDSS01 - Manage Operations6.4.10 Software Maintenance ProcessService Provider ManagementDSS02 - Manage Service Requests and Incidents6.4.11 Software Disposal ProcessService ReportingDSS03 - Manage Problems7 Software Specific ProcessesService Validation and TestingDSS04 - Manage Continuity7.1 Software Implementation ProcessesSIAM Architecture and DesignDSS05 - Manage Security Services7.1.1 Software Implementation ProcessStandards and PoliciesDSS06 - Manage Business Process Controls7.1.2 Software Requirements Analysis ProcessSupplier managementMEA01 - Monitor, Evaluate and Assess Performance and Conformance7.1.3 Software Architectural Design ProcessSystems IntegrationMEA02 - Monitor, Evaluate and Assess the System of Internal Control7.1.4 Software Detailed Design ProcessMEA03 - Monitor, Evaluate and Assess Compliance with External Requirements7.1.5 Software Construction Process7.1.6 Software Integration Process7.1.7 Software Qualification Testing Process7.2 Software Support Processes7.2.1 Software Documentation Management Process7.2.2 Software Configuration Management Process
7.2.3 Software Quality Assurance Process7.2.4 Software Verification Process7.2.5 Software Validation Process7.2.6 Software Review Process7.2.7 Software Audit Process7.2.8 Software Problem Resolution Process7.3 Software Reuse Processes7.3.1 Domain Engineering Process7.3.2 Reuse Asset Management Process7.3.3 Reuse Program Management Process
Whilst this list is a good starting point, white papers have extended these established frameworks.The following bullet points reflect the author’s interpretation of what those white papers offer (thereader may have another view on what should have been added to or omitted from this list). Theauthor acknowledges that perceptions will differ as the implementation of certain processes variesto adapt to an integrated services scenario. SIAM Architecture and Design (itSMF SIAM SIG) SIAM Design (Kevin Holland) Addition and Transfer of Providers into the Ecosystem (itSMF SIAM SIG) Service Introduction, retirement and replacement (SIAM Body of Knowledge) Commercial/Contract Management (SIAM Body of Knowledge) Supplier and Service Assurance (Kevin Holland) Strategy for Services and Sourcing (Kevin Holland) Toolset and Information Management (SIAM Body of Knowledge) Systems Integration (itSMF SIAM SIG) Innovation Culture and Management (Kevin Holland)There would appear to be some duplication, this is mainly due to inconsistency in terminology, sothe author believes we could group the above in to 4 areas(1) Design Activities for SIAMoSIAM Architecture and DesignoSIAM design(2) Management of ProvidersoAddition and Transfer of Providers into the EcosystemoService introduction, retirement and replacementoCommercial/Contract ManagementoSupplier and service assurance(3) Technical Integration between Providers and Customer/IntegratoroToolset and Information ManagementoSystems Integration(4) Strategic ActivitiesoInnovation culture and managementoStrategy for services and sourcing
Design Activities for SIAMThere is a requirement to design for SIAM on all levels whether they are process, technical, peopleor organisational related. The author suggests that a bespoke process be implemented that canensure all integration activities are identified and addressed.Management of ProvidersThe four processes suggested here refer to the approach required to manage suppliers in theintegrated landscape. Whilst it could be argued that supplier management could be expanded toencapsulate provider management, the author believes the integration of providers has enoughvariation against traditional ITO supplier management or supplier sub-contracting to warrant aprocess consideration of itself.Technical IntegrationThe integration of toolsets across the ecosystem is most likely to be a new activity for those movingto a SIAM scenario and will need consideration.Strategic ActivitiesIn order to achieve the benefits of the application of SIAM to an organisational scenario there mayneed to be a cultural shift in how issues and improvements are addressed. The necessary culturalend state is derived from a need to meet contractual obligations collaboratively where clarity ofaccountability is a strong enabler of shared accountability across stakeholders.Whilst the cultural realities will be felt and addressed at the tactical or operational level, the authorbelieves that the direction required to address any shortcomings will need to be driven at thestrategic level. This is primarily because the tactical or operational level is most likely to operate in adefensive mind-set where the protection of IPR, internal good practise, or the deflection of blame islikely to be felt to be more important than being wholly collaborative. The implementation ofprocesses aimed at encouraging collaboration warrants consideration in any process frameworkthat’s developed for your SIAM model.We conclude this paper with some examples of what process models could look like, the examplesare fairly generic and should only be viewed as a guide to helping you form a view on what processesshould be in your SIAM process framework.
Examples of Process ModelsThis example shows the set of processes selected, these processes are then grouped by domains andsub domains, complete with unique reference numbers. This example also utilises the OGC P3M3model for Portfolio, Programme and Project management.Example SIAM Process Reference ModelService Management ProcessesOrganisational ProcessesGovernance Process Group (GOV)GOV.1 – Risk ManagementGOV.2 – Quality ManagementGOV 3 – Document ManagementGOV 4 – Portfolio ManagementTransition Process Gr oup (TP)TP.1 – Addition and Transfer of Suppliers into the Eco SystemTP.2 – SIAM Architecture and DesignTP.3 – Systems Integration (Technical)TP 4 – Service Validation and TestingService Delivery Process Group (SD)SD.1 – Capacity and Demand ManagementSD.2 – Availability ManagementSD.3 – IT Continuity ManagementSD.4 – Financial ManagementSD.5 – Information SecuritySD.6 – Service Level ManagementSD.7 – Service ReportingSD.8 – Service Portfolio ManagementSD.9 – Service Catalog ManagementSD10- Complaints and EscalationsResolution Process Group (RES)Improvement Process Group (IMP)IMP.1 – Continual Service ImprovementIMP.2 – Capability Maturity AssessmentIMP.3 – AuditPortfolio Pr ocess Group (PF) (P3M3 Model)PF.1 – Management ControlPF.2 – Benefits ManagementPF.3 – Financial ManagementPF.4 – Stakeholder ManagementPF.5 – Risk ManagementPF.6 – Organisational GovernancePF.7 – Resource ManagementProgramme Process Group (PG) (P3M3 Model)PG.1 – Management ControlPG.2 – Benefits ManagementPG.3 – Financial ManagementPG.4 – Stakeholder ManagementPG.5 – Risk ManagementPG.6 – Organisational GovernancePG.7 – Resource ManagementProject Process Group (PJ) (P3M3 Model)RES.1 – Incident ManagementRES.2 – Major Incident ManagementRES.3 – Service Request ManagementRES.4 – Problem ManagementControl Process Group (CON)CON.1 – Configuration ManagementCON.2 – Change ManagementCON.3 – Release and Deployment ManagementCON.4 – Knowledge ManagementCON.5 – Asset ManagementRelationship Process Group (REL)REL.1 – Business Relationship ManagementREL.2 – Supplier ManagementREL.3 – Service Provider ManagementOperational Process Group (OPS)OPS.1 – Access ManagementOPS.2 – Event ManagementOPS.3 – Complaints and EscalationsOPS.4 – Service Desk/BridgePJ.1 – Management ControlPJ.2 – Benefits ManagementPJ.3 – Financial ManagementPJ.4 – Stakeholder ManagementPJ.5 – Risk ManagementPJ.6 – Organisational GovernancePJ.7 – Resource ManagementThis tabular view is then represented in a framework view below
Example SIAM Process Reference Model viewed in ISO 20000 Framework FormatContinual Service ImprovementCustomerAudit ProgramPD CACapability Maturity AssessmentCustomerSIAM Service Management FrameworkServiceRequirementsSIAM Service Management PlanProcess PlansSIAM Service Management PolicyProcess PoliciesRisk ManagementQuality ManagementDocument ManagementGovernanceSIAM Architecture and DesignSystems Integration (Technical)Addition and Transfer of Suppliers into the Eco SystemServicesProgram and Project ManagementService Validation and TestingService Delivery ProcessesCapacity ManagementAvailability ManagementFinancial ManagementInformation Security ManagementService ReportingService CatalogIT Service Continuity ManagementService Portfolio ManagementService Level ManagementComplaints and EscalationsControl ProcessesAsset ManagementChange ManagementConfiguration ManagementRelease and DeploymentKnowledge ManagementResolution ProcessesRelationship ProcessesIncident ManagementMajor Incident ManagementService Request ManagementProblem ManagementBusiness Relationship ManagementOperational ProcessesAccess ManagementEvent ManagementComplaints and EscalationsService Desk/BridgeSupplier ManagementService Provider Management
Example CoBit view of a SIAM as a Framework FormatTaken from ronment-using-cobit-5.aspx
Example Model from Kevin Holland taken from his white paper:“An Example ITIL-based Model for Effective Service Integration and le.aspx?guid 2758eedf-bedf-4507-b18c-f26ca437c4ca
Example of UK Government ModelTaken from Scopism Body of Knowledge document
List of References ITL V3 publications (OGC)CoBiT 5.0 (ISACA)CMMI for Services 1.3 (Software Engineering Institute)Microsoft Operations Framework (Microsoft)itSMF SIAM SIG internal materialSIAM Body of Knowledge (Scopism)SIAM Principals and Practices for Service Integration and Management (Van Haren)ISO 20000 (International Standards Organisation)ISO 12207 (International Standards Organisation)An Introduction to Service Integration and Management and ITIL (Kevin Holland)o https://www.axelos.com/CMSPages/GetFile.aspx?guid 6ed22879-f3cd-458c-87c2b53575ddca06An Example ITIL-based Model for Effective Service Integration and Management (KevinHolland)o https://www.axelos.com/CMSPages/GetFile.aspx?guid 2758eedf-bedf-4507-b18cf26ca437c4ca
CoBiT 5 ISO 12207 SIAM SIG recommendations EDM01 - Ensure Governance Framework Setting and Maintenance 6 System Life Cycle Processes Addition and Transfer of Providers into the eco system EDM02 - Ensure Benefits Delivery 6.1 Agreement Processes Access Management EDM03 - Ensure Ris
