Transcription of Enterprise Service Management Framework Edition III
1 Department Of Defense (DoD) Enterprise Service Management Framework Edition III 04 Mar 16 REVISION HISTORY Date Edition Major Enhancement(s) Revision Primary Contact Nov 13 II Incorporated DoD Component input to create DoD level Framework and align with Joint Information Environment Karen Gomez (301) 225-8140 Mar 16 III More emphasis on Risk Management ITSM Office Stand-Up Guidance Service Quality Management IT Performance Management Process Capability Assessments Entitlement Management represented in the Access Management process (AcM) POC Appendix Karen Gomez (301) 225-8140 EXECUTIVE SUMMARY Driving toward Service excellence is a virtuous goal for organizations today; this is due in part because it is proven that a proactive Service environment is less expensive to run than a reactive Service environment.
2 This document provides guidance to standardize the Management of Information Technology (IT) services across the Department of Defense (DoD) organizations and is the embodiment of the integration of various best practices, frameworks and standards that define a Department-wide Service Management approach. It is a Service oriented Framework that focuses on creating and managing services throughout the Service lifecycle. It aligns and integrates processes for Service Management and defines processes at a high level, describing the what, not the how. This approach enables cross-functional teams the ability to create and improve processes in the common pursuit of Service excellence. More in-depth process specific guidance will be provided in supplemental companion documents located on the DoD CIO Information Technology Service Management (ITSM) Community of Practice (CoP) portal.
3 How to use the Department of Defense Enterprise Service Management Framework (DESMF) There is no DoD standard terminology for much of the content within the DESMF. Therefore, it is necessary to know the definitions of a few key terms used in the document. Service is a means of delivering value comprised of people, processes and technology perceived by Customers and Users as a self-contained, single, coherent entity that enables them to achieve mission objectives and functions (Source: ISO 20000, COBIT 5, ITIL V2, V3, & 2011) Policies help with governance and are formally documented Management expectations and intentions. Policies are used to direct decisions and to ensure consistent and appropriate development and implementation of processes, standards, roles, activities, IT infrastructure, etc. Process is a structured set of activities designed to accomplish a specific objective.
4 A process is made up of discreet interconnecting activities that draw upon inputs, controls, and enablers (normally tools) to produce a defined output(s). A process may draw from any of the roles, responsibilities, tools and Management controls required to reliably deliver the outputs and is comprised of specific procedures to accomplish this activity Procedure is a document containing steps that specify how to perform process steps. Procedures are defined as a part of processes. As such, a change to a procedure does not necessarily change a process, just as a change to a process does not necessitate a policy change. The DESMF is the authoritative Framework used to address services and processes that are owned and managed by the DoD. The DESMF includes: Guidance on IT Service alignment with the DoD mission Processes Department-wide processes defined at a high level and guidance to establish authoritative Service Owners, Process Owners and Process Managers, etc.
5 Purpose and Scope The purpose and scope of each process in the lifecycle Metrics Recommendations on the use of metrics as actionable items Process Workflow Guidance - Mapped activities and supporting explanation Roles and Responsibilities Defined responsibilities of related ITSM roles Service Quality Management Approach Describes the approach to establish, implement, and maintain Service quality IT Performance Management Guidance Describes an approach which consists of activities that focus on up-front planning and aligning IT with defined goals Process Capability Assessment Information Defines an approach to evaluate and measure the competency of a process to meet its intended purpose and outcomes The DESMF is not: A Concept of Operations (CONOPS) CONOPS for processes are developed separately from this document, but uses this Framework to align the efforts An implementation Plan While this document contains steps for process design work at a high level, it is not meant as a detailed project plan or as an overall ITSM implementation plan.
6 Do not let the number of pages within the DESMF overwhelm you. This document is specifically designed to provide as much content as possible, divided into usable and manageable sections. Section 1 provides the background for DESMF. Section 2 provides guidance to organizations considering standing up their own ITSM Office. Section 3 introduces organizational considerations for ITSM. Section 4 introduces the important topic of Risk Management . We recommend that anyone responsible for leading an ITSM effort or participating in ITSM activities read all of sections 5 8 , which provide guidance on Quality, Performance and Assessments, Common Process Controls, Roles and Responsibilities and General Steps for DESMF Process design , respectively. Sections 9 10 contain domain, process and supporting functions content. A reader may want to focus on his or her specific area of responsibility, knowing that additional content is always available for review in electronic format.
7 Sections 11 13 contain References, Acronyms and a Glossary. Hyperlinks are in the reference section for easy access for those who view the DESMF electronically. The appendices provide more detail on specific topics. With each new Edition of the DESMF, content will be added, removed, or modified based on DESMF reviews and feedback. As with any Framework referenced within the DESMF, take the information that is required and aligned with your specific environment, along with anything that may prove helpful, and be aware that additional information is available to you should you require more in depth information. CONTENTS ..i Revision History .. ii Executive Summary .. iii 1 Background .. 10 Purpose and goal .. 10 SCOPE OF DESMF .. 11 ALIGNMENT WITH DoD STRATEGIC DOCUMENTS .. 11 DOD STRATEGIC Management PLAN.
8 12 DOD INFORMATION Enterprise STRATEGIC PLAN & DOD IT Enterprise STRATEGIC ROADMAP (ITESR) .. 12 DoD CIO CAMPAIGN PLAN .. 12 4 CC/S/A STRATEGIC PLANS .. 13 BENEFITS OF DESMF AND EXPECTED OUTCOMES .. 13 CRITICAL SUCCESS FACTORS (CSFS) FOR Framework ADOPTION .. 13 GUIDANCE AND implementation PRINCIPLES .. 14 UTILIZING THE Framework FOR PROCESS IMPROVEMENT .. 14 2 ESTABLISHING AN IT Service Management OFFICE .. 16 Purpose .. 16 ITSMO Management PRACTICES .. 17 ITSM OFFICE PRACTICE AREAS .. 18 19 ITSM OFFICE 19 ITSM OFFICE FUNCTIONS & RESPONSIBILITIES .. 19 ITSMO COMMUNICATIONS 20 STAKEHOLDER REGISTRY .. 20 COMMUNICATION CHANNEL ANALYSIS .. 20 REQUEST PROCEDURES .. 21 IT GOVERNANCE PRACTICE .. 21 IT PROCESS ARCHITECTURE PRACTICE .. 22 ITSM PROCESS REFERENCE ARCHITECTURE .. 22 CONTINUAL Service IMPROVEMENT (CSI) PRACTICE.
9 23 ASSESSMENT PRACTICE .. 23 3 ORGANIZATIONAL CONSIDERATIONS .. 24 ORGANIZATIONAL CHANGE Management (OCM) .. 24 ORGANIZATIONAL GOVERNANCE .. 24 IT GOVERNANCE .. 25 COMPLIANCE .. 25 RISK Management .. 25 PERFORMANCE MEASUREMENT .. 26 RESOURCE 26 4 RISK Management .. 27 5 QUALITY, PERFORMANCE AND ASSESSMENTS .. 28 Service QUALITY Management .. 28 PHASE 1: PLAN - QUALITY APPROACH .. 28 PHASE 2: DO - ESTABLISH AND EXECUTE THE QUALITY APPROACH .. 28 PHASE 3: CHECK - MONITOR AND REPORT Service QUALITY .. 29 PHASE 4: ACT CORRECT AND CONTINUALLY IMPROVE .. 30 APPROACH TO PERFORMANCE Management .. 31 TECHNICAL AND NON-TECHNICAL IT PERFORMANCE Management .. 31 PROCESS PERFORMANCE 32 METRIC AND MEASURES 33 PROCESS CAPABILITY ASSESSMENTS .. 34 PROCESS CAPABILITY ASSESSMENT TOOL (PCAT) .. 34 CAPABILITY LEVELS.
10 35 6 COMMON PROCESS CONTROL .. 36 COMMON PROCESS CONTROL ACTIVITIES .. 36 ESTABLISH PROCESS Framework .. 36 MONITOR, MANAGE AND REPORT .. 36 EVALUATE PROCESS PERFORMANCE .. 37 7 ROLES AND RESPONSIBILITIES .. 38 EXECUTIVE SPONSOR .. 38 DOMAIN OWNER .. 38 Service OWNER .. 38 Service MANAGER .. 38 PROCESS OWNER .. 38 PROCESS MANAGER .. 39 PRODUCT OWNER .. 39 SUBJECT MATTER EXPERT (SME) .. 39 OTHER ROLES AS REQUIRED .. 39 GUIDANCE ON RACI DEVELOPMENT .. 40 8 GENERAL STEPS FOR DESMF PROCESS design .. 42 DEFINE SCOPE AND OBJECTIVES .. 42 VALIDATE THE CURRENT ENVIRONMENT .. 42 DEVELOP HIGH-LEVEL PROCESS DEFINITION .. 42 DEFINE ROLES AND RESPONSIBILITIES .. 42 DOCUMENT DETAILED WORK FLOW FOR EACH HIGH LEVEL ACTIVITY .. 42 BUILD THE PROCESS .. 42 DEVELOP APPROPRIATE METRICS AND SUPPORTING MEASURES .. 42 DEFINE AND DOCUMENT COMMUNICATIONS PLAN, KNOWLEDGE TRANSFER AND TRAINING REQUIREMENTS.
