Transcription
Department OfDefense (DoD)EnterpriseServiceManagementFrameworkEdition III04 Mar 16
REVISION HISTORYDateEditionMajor Enhancement(s)Revision Primary ContactNov 13IIIncorporated DoD Component input to create Karen Gomez (301) 225-8140DoD level framework and align with Joint Karen.Gomez5.civ@mail.milInformation EnvironmentMar 16IIIMore emphasis on Risk ManagementKaren Gomez (301) 225-8140ITSM Office Stand-Up GuidanceKaren.Gomez5.civ@mail.milService Quality ManagementIT Performance ManagementProcess Capability AssessmentsEntitlement Management represented in theAccess Management process (AcM)POC Appendix
EXECUTIVE SUMMARYDriving toward service excellence is a virtuous goal for organizations today; this is due in part because it is proventhat a proactive service environment is less expensive to run than a reactive service environment. This documentprovides guidance to standardize the management of Information Technology (IT) services across the Department ofDefense (DoD) organizations and is the embodiment of the integration of various best practices, frameworks andstandards that define a Department-wide service management approach. It is a ‘service oriented’ framework thatfocuses on creating and managing services throughout the service lifecycle. It aligns and integrates processes forservice management and defines processes at a high level, describing the what, not the how. This approach enablescross-functional teams the ability to create and improve processes in the common pursuit of service excellence.More in-depth process specific guidance will be provided in supplemental companion documents located on theDoD CIO Information Technology Service Management (ITSM) Community of Practice (CoP) portal.How to use the Department of Defense Enterprise Service Management Framework (DESMF)There is no DoD standard terminology for much of the content within the DESMF. Therefore, it is necessary toknow the definitions of a few key terms used in the document. Service is a means of delivering value comprised of people, processes and technology perceived byCustomers and Users as a self-contained, single, coherent entity that enables them to achieve missionobjectives and functions (Source: ISO 20000, COBIT 5, ITIL V2, V3, & 2011) Policies help with governance and are formally documented management expectations and intentions.Policies are used to direct decisions and to ensure consistent and appropriate development andimplementation of processes, standards, roles, activities, IT infrastructure, etc. Process is a structured set of activities designed to accomplish a specific objective. A process is made up ofdiscreet interconnecting activities that draw upon inputs, controls, and enablers (normally tools) to producea defined output(s). A process may draw from any of the roles, responsibilities, tools and managementcontrols required to reliably deliver the outputs and is comprised of specific procedures to accomplish thisactivity Procedure is a document containing steps that specify how to perform process steps. Procedures aredefined as a part of processes. As such, a change to a procedure does not necessarily change a process, justas a change to a process does not necessitate a policy change.The DESMF is the authoritative framework used to address services and processes that are owned and managed bythe DoD. The DESMF includes: Guidance on IT Service alignment with the DoD missionProcesses – Department-wide processes defined at a high level and guidance to establish authoritativeService Owners, Process Owners and Process Managers, etc.Purpose and Scope – The purpose and scope of each process in the lifecycleMetrics – Recommendations on the use of metrics as actionable itemsProcess Workflow Guidance - Mapped activities and supporting explanationRoles and Responsibilities – Defined responsibilities of related ITSM rolesService Quality Management Approach – Describes the approach to establish, implement, and maintainservice qualityIT Performance Management Guidance – Describes an approach which consists of activities that focus onup-front planning and aligning IT with defined goalsProcess Capability Assessment Information – Defines an approach to evaluate and measure the competencyof a process to meet its intended purpose and outcomesThe DESMF is not: A Concept of Operations (CONOPS)—CONOPS for processes are developed separately from thisdocument, but uses this framework to align the effortsAn Implementation Plan – While this document contains steps for process design work at a high level, it isnot meant as a detailed project plan or as an overall ITSM implementation plan.Do not let the number of pages within the DESMF overwhelm you. This document is specifically designed to provideas much content as possible, divided into usable and manageable sections.
Section 1 provides the background for DESMF.Section 2 provides guidance to organizations considering standing up their own ITSM Office.Section 3 introduces organizational considerations for ITSM.Section 4 introduces the important topic of Risk Management.We recommend that anyone responsible for leading an ITSM effort or participating in ITSM activities read all ofsections 5 – 8, which provide guidance on Quality, Performance and Assessments, Common Process Controls, Rolesand Responsibilities and General Steps for DESMF Process Design, respectively.Sections 9 – 10 contain domain, process and supporting functions content. A reader may want to focus on his orher specific area of responsibility, knowing that additional content is always available for review in electronic format.Sections 11 – 13 contain References, Acronyms and a Glossary. Hyperlinks are in the reference section for easyaccess for those who view the DESMF electronically.The appendices provide more detail on specific topics.With each new edition of the DESMF, content will be added, removed, or modified based on DESMF reviewsand feedback. As with any framework referenced within the DESMF, take the information that is required andaligned with your specific environment, along with anything that may prove helpful, and be aware that additionalinformation is available to you should you require more in depth information.
CONTENTS.iRevision History . iiExecutive Summary . iii1 Background . 101.1 Purpose and goal . 101.2 SCOPE OF DESMF . 111.3 ALIGNMENT WITH DoD STRATEGIC DOCUMENTS . 111.3.1 DOD STRATEGIC MANAGEMENT PLAN . 121.3.2 DOD INFORMATION ENTERPRISE STRATEGIC PLAN & DOD IT ENTERPRISE STRATEGICROADMAP (ITESR) . 121.3.3 DoD CIO CAMPAIGN PLAN . 121.3. 4 CC/S/A STRATEGIC PLANS . 131.3.5 BENEFITS OF DESMF AND EXPECTED OUTCOMES . 131.3.6 CRITICAL SUCCESS FACTORS (CSFS) FOR FRAMEWORK ADOPTION . 131.3.7 GUIDANCE AND IMPLEMENTATION PRINCIPLES . 141.3.8 UTILIZING THE FRAMEWORK FOR PROCESS IMPROVEMENT . 142 ESTABLISHING AN IT SERVICE MANAGEMENT OFFICE . 162.1 Purpose . 162.2 ITSMO MANAGEMENT PRACTICES . 172.2.1 ITSM OFFICE PRACTICE AREAS . 182.2.2 AUTHORITY. 192.2.3 ITSM OFFICE SCOPE. 192.2.4 ITSM OFFICE FUNCTIONS & RESPONSIBILITIES . 192.3 ITSMO COMMUNICATIONS PLAN. 202.4 STAKEHOLDER REGISTRY . 202.5 COMMUNICATION CHANNEL ANALYSIS . 202.6 REQUEST PROCEDURES . 212.7 IT GOVERNANCE PRACTICE . 212.8 IT PROCESS ARCHITECTURE PRACTICE . 222.8.1 ITSM PROCESS REFERENCE ARCHITECTURE. 222.9 CONTINUAL SERVICE IMPROVEMENT (CSI) PRACTICE . 232.10 ASSESSMENT PRACTICE. 233 ORGANIZATIONAL CONSIDERATIONS . 24
3.1 ORGANIZATIONAL CHANGE MANAGEMENT (OCM) . 243.2 ORGANIZATIONAL GOVERNANCE . 243.3 IT GOVERNANCE . 253.3.1 COMPLIANCE. 253.3.2 RISK MANAGEMENT. 253.3.3 PERFORMANCE MEASUREMENT . 263.3.4 RESOURCE MANAGEMENT. 264 RISK MANAGEMENT . 275 QUALITY, PERFORMANCE AND ASSESSMENTS . 285.1 SERVICE QUALITY MANAGEMENT . 285.1.1 PHASE 1: “PLAN” - QUALITY APPROACH . 285.1.2 PHASE 2: “DO” - ESTABLISH AND EXECUTE THE QUALITY APPROACH . 285.1.3 PHASE 3: “CHECK” - MONITOR AND REPORT SERVICE QUALITY . 295.1.4 PHASE 4: “ACT” CORRECT AND CONTINUALLY IMPROVE . 305.2.1 APPROACH TO PERFORMANCE MANAGEMENT . 315.2.2 TECHNICAL AND NON-TECHNICAL IT PERFORMANCE MANAGEMENT . 315.2.3 PROCESS PERFORMANCE METRICS. 325.2.4 METRIC AND MEASURES ATTRIBUTES. 335.3 PROCESS CAPABILITY ASSESSMENTS . 345.3.1 PROCESS CAPABILITY ASSESSMENT TOOL (PCAT). 345.3.2 CAPABILITY LEVELS . 356 COMMON PROCESS CONTROL . 366.1 COMMON PROCESS CONTROL ACTIVITIES . 366.2 ESTABLISH PROCESS FRAMEWORK . 366.3 MONITOR, MANAGE AND REPORT . 366.4 EVALUATE PROCESS PERFORMANCE . 377 ROLES AND RESPONSIBILITIES . 387.1 EXECUTIVE SPONSOR . 387.2 DOMAIN OWNER . 387.3 SERVICE OWNER . 387.4 SERVICE MANAGER . 387.5 PROCESS OWNER . 387.6 PROCESS MANAGER . 397.7 PRODUCT OWNER . 397.8 SUBJECT MATTER EXPERT (SME) . 397.9 OTHER ROLES AS REQUIRED . 39
7.10 GUIDANCE ON RACI DEVELOPMENT . 408 GENERAL STEPS FOR DESMF PROCESS DESIGN . 428.1 DEFINE SCOPE AND OBJECTIVES . 428.2 VALIDATE THE CURRENT ENVIRONMENT . 428.3 DEVELOP HIGH-LEVEL PROCESS DEFINITION. 428.4 DEFINE ROLES AND RESPONSIBILITIES . 428.5 DOCUMENT DETAILED WORK FLOW FOR EACH HIGH LEVEL ACTIVITY . 428.6 BUILD THE PROCESS . 428.7 DEVELOP APPROPRIATE METRICS AND SUPPORTING MEASURES . 428.8 DEFINE AND DOCUMENT COMMUNICATIONS PLAN, KNOWLEDGE TRANSFER AND TRAININGREQUIREMENTS . 438.9 IDENTIFY & IMPLEMENT QUICK WINS . 438.10 FINALIZE PROCESS GUIDE . 439 DESMF DOMAIN STRUCTURES . 449.1 SERVICE STRATEGY (SS) DOMAIN . 449.1.1 STRATEGY GENERATION MANAGEMENT (SGM) . 459.1.2 BUSINESS RELATIONSHIP MANAGEMENT (BRM) . 489.1.3 DEMAND MANAGEMENT (DM) . 519.1.4 FINANCIAL MANAGEMENT FOR IT SERVICES (FM) . 549.1.5 SERVICE PORTFOLIO MANAGEMENT (SPM) . 579.1.6 SERVICE CATALOG MANAGEMENT (SCM) . 609.2 SERVICE DESIGN (SD) DOMAIN . 629.2.1 DESIGN COORDINATION (DC) . 639.2.2 AVAILABILITY MANAGEMENT (AvM) . 669.2.3 CAPACITY MANAGEMENT (CapM) . 699.2.4 INFORMATION SECURITY MANAGEMENT (ISM) . 729.2.5 IT SERVICE CONTINUITY MANAGEMENT (ITSCM) . 769.2.6 SERVICE LEVEL MANAGEMENT (SLM) . 799.2.7 SUPPLIER MANAGEMENT (SUP). 829.3 SERVICE TRANSITION (ST) DOMAIN . 859.3.1 TRANSITION PLANNING AND SUPPORT (TPS) . 869.3.2 ASSET MANAGEMENT (AM) .
Mar 16 III More emphasis on Risk Management ITSM Office Stand-Up Guidance Service Quality Management IT Performance Management Process Capability Assessments Entitlement Management represented in the Access Management process (AcM) POC Appe
