1. Information Technology Infrastructure Library (ITIL) History, Concepts and Alignment to CobiT and ISO 20000 Thursday, October 12, 2006

2. Today’s Objectives: 1. Learn about the history of ITIL 2. Understand ITIL’s key objectives 3. Discover all components of the ITIL Framework 4. Visit each of the core 10 ITIL SM Processes 5. Learn the importance of process interaction 6. Understand the ISO 20000 & alignment to ITIL 7. Understand the alignment to CobiT Framework 8. Learn about the future of ITIL

3. Dalibor Petrovic, I.S.P. Consulting Manager, IT Strategy and Management, Deloitte - Certified ITIL Service Manager - EXIN International Exam Marker for ITIL Service Manager Certifications - Certified CobiT Professional - Certified ISO 20000 Internal Auditor - Chair of itSMF Northern Alberta

4. WHAT IS ITIL? Origins: British Government’s effort to improve IT management Developed by the CCTA in the late 1980’s Originally, a library of over 40 books that documented various IT Service areas, processes and standards Today, a library of 8 books, under the auspices of OGC Framework for Best Practices in IT Service Management A Library of Books Defined Common Sense

5. ITIL Objectives Three Key Objectives of IT Service Management: 1.Align IT Services with the Current and Future Needs of the Business and its Customers 2.Improve Quality of IT Services 3.Reduce Long-Term Costs of IT Service Provision

6. In the beginning… …there was Deming!

7. The Deming Cycle

9. The ITIL Library Source: OGC Service Support Service Delivery Security Management The Business Perspective ICT Infrastructure Management Planning to Implement Service Management Applications Management The Business The Technology Software Asset Management

10. ITSM Components Financial Management for IT services Capacity Management Availability Management IT Service Continuity Management Incident Management Problem Management Change Management Configuration Management Release Management IT Infrastructure security Service Desk Service Level Management

12. Service Support –The Service Desk –Incident Management –Problem Management –Configuration Management –Release Management –Change Management Service Delivery –Service Level Management –Availability Management –IT Service Continuity Management –Capacity Management –Financial Management for IT Services

13. The Service Desk To act as the single point of contact between the User and IT Service Management and track status of all customer interactions To handle Incidents and requests, and provide an interface for other activities such as Change, Problem, Configuration, Release, Service Level, and IT Service Continuity Management Goals

14. Inputs to the Service Desk The Service Desk Information

15. Why a Service Desk? The Service Desk is more than just a Help Desk The first and single point of contact High quality support to meet business goals Help identify costs of IT services Proactive support and communication of changes Increase user perception and satisfaction Identification of business opportunities Identification of Training Opportunities The Service Desk Essentials

16. Responsibilities Receive and record all calls from users Provide first-line support (using knowledge resources) Refer to second-line support where necessary Monitoring and escalation of incidents Keep users informed on status and progress Provide interface between ITSM disciplines Produce measurements and metrics The Service Desk Activities

17. Incident Management Incident definition Any event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of that service Work-around definition A method of avoiding an Incident or Problem either by employing a temporary fix or technique so the user is no longer reliant on a Configuration Item (CI) that is known to cause failure To restore normal service operation as quickly as possible with minimum disruption to the business, thus ensuring that the best achievable levels of availability and service are maintained Goals

18. The Incident Life Cycle – the monitoring and tracking of Incidents Yes No Note. This is not Problem Closure Including Impact and Urgency selection Incident Management Activities

19. Categorization Service affected (and possibly by association the affected SLA) User perception of failure in terms of the User’s inability to do something –Batch job output has not been received –I can’t print, connect to a server or access an application Category and details of CI thought to be at fault Category and details of CI eventually found to be at fault The fault in the CI, the quick fix and the action taken, etc. Activities Incident Management

20. Impact, Urgency & Priority Incident Management ImpactA measure of the business criticality of an incident or problem (e.g. numbers affected, magnitude) UrgencyA measure of the speed with which an incident or problem requires resolution (i.e. how much delay will the resolution bear) PriorityThe order in which an incident or problem needs to be resolved, based on impact and urgency Definitions

21. Illustrative Example Payroll Application: System run once per month to run payroll Bank Teller Application: System used by cashiers in bank to transact on accounts ImpactUrgencyPriority One Branch teller application performing poorly Medium : one branch out of 150 High : Queues beginning to form High Router Interface downLow : Cashiers and customers not impacted due to redundancy in network Med : Router needs to be re-booted to restore network redundancy Med ImpactUrgencyPriority Failure of payroll server (first week in month) High: will effect all employees Low : Payroll not run for 3 weeks Low (at the moment) Failure in payroll server (last week of month) High: will effect all employees High : Fix needed before 06:00 tomorrow morning High Incident Management

22. Escalation Hierarchical (authority) Functional (competence) Hierarchical escalation would typically include authorization, resources and/or cost Incident Management Functional escalation might include specialist groups e.g. Unix Group Definitions

23. Functional Escalation The use of support teams is important in efficient incident resolution. First line support deals with the communication to the user, resolution of known incidents (e.g. password resets)… …allowing the second and subsequent levels to focus on resolving assigned incidents. Targets are often set for improving the percentage of incidents resolved at first level. Incident Management Activities

24. Problem Management To minimize the adverse effect on the business of Incidents and Problems caused by errors in the infrastructure, and to proactively prevent the occurrence of Incidents, Problems and Errors. Goals Problem definition Unknown cause of one or more incidents Known Error definition An Incident or Problem for which the root cause is known and for which a temporary work around or permanent alternative has been identified

25. Problem Flow Incidents Problem Known Error Change Process Service Desk Problem Management Information

26. Enabling control of the infrastructure by monitoring and maintaining information on: Configuration Items (CI) needed to deliver services CI status and history CI relationships Valuable CIs (monetary or service) Providing information on the IT infrastructure to all other processes and to IT Management Configuration Management Configueration Management Goals

27. Configuration Management Configuration Item (CI) – a component of an IT infrastructure which is (or is to be) under the control of Configuration Management and therefore subject to formal change control Configuration Management Database (CMDB) – a database which contains details of the attributes and history of each CI and the relationships between CIs Baseline – a snapshot of the state of a CI and its components or related CIs, frozen in time for a particular purpose, such as: –The ability to return a service to a trusted state if a change goes wrong –A specification for copying the CI or for a roll-out –The minimum CIs needed to maintain vital Business Functions after a disaster Definitions Configueration Management

28. Major CI Types People Users, Customers, Who, Where, What Skills, Characteristics, Experience, Roles Documentation Designs; Reports; Agreements; Contracts; Procedures; Plans; Process Descriptions; Minutes; Records; Events (Incident, Problems, Change Records); Proposals; Quotations Data Files What, Where, Most Important Environment Accommodation; Light, Heat, Power; Utility Services (Electricity, Gas, Water, Oil); Office Equipment; Furniture; Plant & Machinery Hardware Computers, Computer components, Network components & cables (LAN, WAN), Telephones, Switches Services Desktop Support, E-mail, Service Desk, Payroll, Finance, Production Support Software Network Mgmt Systems; In-house applications; O/S; Utilities (scheduling, B/R); Packages; Office systems; Web Management Definitions Configueration Management

29. CI Relationships and Attributes Activities Configueration Management

30. Change Management Process of controlling changes to the infrastructure or any other aspect of services, in a controlled manner, enabling approved changes with minimum disruption. Change Management ensures that standardized methods and procedures are used for the efficient and prompt handling of all Changes, in order to minimize the adverse impact of any Change ‑ related incidents upon service quality. Changes can arise as a result of Problems, Known Errors and their resolution, but many Changes can come from proactively seeking business benefits such as reducing costs or improving services Goals

31. Change Management Change – a deliberate action that alters the form, fit or function of Configuration Item (CI) such as an addition, modification, movement, or deletion that impacts the IT infrastructure Request for Change (RFC) – a means of proposing a change to any component of an IT infrastructure or any aspect of an IT service Forward Schedule of Change (FSC) – a schedule that contains details of all the changes approved for implementation and their proposed implementation date Definitions Change Management

32. Standard Change – a Change that is recurrent, has been proceduralized to follow a pre-defined, relatively risk free path and where Change Management and budgetary authority is effectively give in advance Service Request – a request, usually made through a Service Desk, for a Standard Change –Example: providing access to services for a new member of staff or relocating a few PCs Definitions Change Management

33. Release Management Good resource planning and management are essential to package and distribute a Release successfully. The focus of Release Management is the protection of the live environment and its services through the use of formal procedures and checks. Release Management Release Management takes a holistic view of a Change to an IT service and should ensure that all aspects of a Release, both technical and non-technical, are considered together Goals

34. Service Support Process Model Incident Management Configuration Management Problem Management Change Management Release Management Services Reports, Incidents, Statistics, Audit Reports Problem Statistics, Trend Analysis, Problem Reports, Problem Reviews, Diagnostic Aids, Audit Reports Problem Statistics, Trend Analysis, Problem Reports, Problem Reviews, Diagnostic Aids, Audit Reports Change Schedule, CAB Minutes, Change Statistics, Change Reviews, Audit Reports Change Schedule, CAB Minutes, Change Statistics, Change Reviews, Audit Reports Release Schedule, Release Statistics, Release Reviews, Source Library, Testing Standards, Audit Reports Release Schedule, Release Statistics, Release Reviews, Source Library, Testing Standards, Audit Reports CMDB Reports, CMDB Statistics, Policy/Standards, Audit Reports CMDB Reports, CMDB Statistics, Policy/Standards, Audit Reports Configuration Management Database Incidents Problems, Known Errors ChangesReleasesCI Relationships Incidents Service Desk Releases Changes Users / Customers Enquiries, Communications, Workarounds, Updates Management Tools & IT Infrastructure

36. Service Support –The Service Desk –Incident Management –Problem Management –Configuration Management –Release Management –Change Management Service Delivery –Service Level Management –Availability Management –IT Service Continuity Management –Capacity Management –Financial Management for IT Services

37. Service Level Management To maintain and gradually improve business aligned IT service quality, through a constant cycle of defining, agreeing, monitoring, reporting and IT service achievements and through instigating actions to eradicate unacceptable levels of service Service Level Management manages and improves the agreed level of service between two parties The provider who may be an internal service department or the external organisation that provides an outsourced service The receiver of the servers i.e. the customer who pays the bill. Service Level Management Goals

38. Availability Management To optimise the capability of the IT infrastructure and supporting organisations to deliver a cost effective and sustained level of availability that enables the business to satisfy its objectives Availabtily Management Goals

39. IT Service Continuity Management Note. IT Service Continuity Management used to be known as Disaster Recovery in the old ITIL books To support the overall Business Continuity Management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales IT Service Coninuity Management Goals

40. Capacity Management To understand the future business requirements (the required service delivery), the organization's operations (the current delivery), and ensure that all current and future capacity and aspects of the business requirements are provided cost effectively Goals

41. Financial Management Note. Financial Management of IT Services used to be known as Cost Recovery in the old ITIL books Financial Management For IT Services To provide cost-effective stewardship of the IT assets and financial resources used in Services Goals

42. Participants in IT Service Management ITThe Business UsersService Desk Customers Service Level Management Operational Tactical Sr. IT Mgt Sr. Mgt Strategic Service Delivery Service Support

43. Heart Attack!!! DIAL 911 DISPATCH AMBULANCE Specialist Consult Emergency Room TESTS and ANALYSIS DIAGNOSIS Request for Operation/Procedure Operations & Scheduling Filter Impact Analysis Prioritize Surgical Team Develop Strategy Perform Operation /Procedure Medical Procedure Library Medical Tools Patient Lifecycle Medical File Incident Management Problem ControlError Control Problem Management Change ManagementRelease ManagementConfiguration Management Root Cause Capacity Management Availability Management Service Continuity Management Service Level Mgmt Financial Mgmt

44. ITIL is more than a library of books Training Fundamentals Practitioner Service Manager Qualifications: Certification at each level Consultancy: Provision of IT consulting services to clients based on a de facto standard itSMF: User groups providing seminars, conferences, and workshops Information Technology Infrastructure Library Tools: ITIL “compliance” is driving tools manufacturers

45. Consistent and predictable results, process improvement and cost saving top the list of benefits from implementing defined IT Process methods * Source: Forrester Research – Stabilizing IT with Process Methodologies – May, 2005 *

46. CobiT What Is It? How Does It Relate To ITIL?

47. Work instruction 2 3 4,5,6…. Work instruction 2 3 4,5,6…. Work instruction 2 3 4,5,6…. Work instruction 2 3 4,5,6…. Work instruction 2 3 4,5,6…. XY ## XY ## XY ## XY ## XY ## Strategic COBIT ITIL Process Control Process Execution Work Instruction C OBI T and ITIL–Process Perspective

48. ITILActivities C OBI T Control WHAT HOW CobiT

49. Gartner Advisory on C OBI T and ITIL ITILActivities C OBI T Control WHAT HOW

50. Deliver and Support (DS Process Domain) Deliver and Support (DS Process Domain) Monitor and Evaluate (M Process Domain) Monitor and Evaluate (M Process Domain) Acquire and Implement (AI Process Domain) Acquire and Implement (AI Process Domain) Plan and Organise (PO Process Domain) Plan and Organise (PO Process Domain)

51. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define Strategic IT Plan Define IT Organisation and Relationships Define IT Organisation and Relationships Manage IT Investment Manage IT Investment Determine Technological Direction Determine Technological Direction Communicate Aims and Direction Communicate Aims and Direction Manage Human Resource Manage Human Resource Ensure Compliance with External Standards Ensure Compliance with External Standards Assess Risks Assess Risks Manage Projects Manage Projects Manage Quality Manage Quality Identify Automated Solutions Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures Develop and Maintain IT Procedures Install and Accredit Systems Install and Accredit Systems Manage Change Manage Change Manage Performance and Capacity Manage Performance and Capacity Ensure Continuous Service Ensure Continuous Service Ensure System Security Ensure System Security Identify and Allocate Costs Identify and Allocate Costs Manage Third-party Services Manage Third-party Services Define and Manage Service Levels Define and Manage Service Levels Educate and Train Users Educate and Train Users Assist and Advise IT Customers Assist and Advise IT Customers Manage Configuration Manage Configuration Manage Problems and Incidents Manage Problems and Incidents Manage Data Manage Data Manage Facilities Manage Facilities Manage Operations Manage Operations Monitor the Process Monitor the Process Assess Internal Control Adequacy Assess Internal Control Adequacy Obtain Independent Assurance Obtain Independent Assurance Provide Independent Audit Provide Independent Audit Define Information Architecture Define Information Architecture ITIL Service Delivery Service Support Service Desk Service Desk Incident Management Incident Management Change Management Change Management Release Management Release Management Problem Management Problem Management Configuration Management Configuration Management Service Level Management Service Level Management Availability Management Availability Management Financial Management Financial Management Continuity Management Continuity Management Capacity Management Capacity Management

52. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define Strategic IT Plan Define IT Organisation and Relationships Define IT Organisation and Relationships Manage IT Investment Manage IT Investment Determine Technological Direction Determine Technological Direction Communicate Aims and Direction Communicate Aims and Direction Manage Human Resource Manage Human Resource Ensure Compliance with External Standards Ensure Compliance with External Standards Assess Risks Assess Risks Manage Projects Manage Projects Manage Quality Manage Quality Identify Automated Solutions Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures Develop and Maintain IT Procedures Install and Accredit Systems Install and Accredit Systems Manage Change Manage Change Manage Performance and Capacity Manage Performance and Capacity Ensure Continuous Service Ensure Continuous Service Ensure System Security Ensure System Security Identify and Allocate Costs Identify and Allocate Costs Manage Third-party Services Manage Third-party Services Define and Manage Service Levels Define and Manage Service Levels Educate and Train Users Educate and Train Users Assist and Advise IT Customers Assist and Advise IT Customers Manage Configuration Manage Configuration Manage Problems and Incidents Manage Problems and Incidents Manage Data Manage Data Manage Facilities Manage Facilities Manage Operations Manage Operations Monitor the Process Monitor the Process Assess Internal Control Adequacy Assess Internal Control Adequacy Obtain Independent Assurance Obtain Independent Assurance Provide Independent Audit Provide Independent Audit Define Information Architecture Define Information Architecture ITIL Service Delivery Service Support Service Desk Service Desk Incident Management Incident Management Change Management Change Management Release Management Release Management Problem Management Problem Management Configuration Management Configuration Management Service Level Management Service Level Management Availability Management Availability Management Financial Management Financial Management Continuity Management Continuity Management Capacity Management Capacity Management

53. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define Strategic IT Plan Define IT Organisation and Relationships Define IT Organisation and Relationships Manage IT Investment Manage IT Investment Determine Technological Direction Determine Technological Direction Communicate Aims and Direction Communicate Aims and Direction Manage Human Resource Manage Human Resource Ensure Compliance with External Standards Ensure Compliance with External Standards Assess Risks Assess Risks Manage Projects Manage Projects Manage Quality Manage Quality Identify Automated Solutions Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures Develop and Maintain IT Procedures Install and Accredit Systems Install and Accredit Systems Manage Change Manage Change Manage Performance and Capacity Manage Performance and Capacity Ensure Continuous Service Ensure Continuous Service Ensure System Security Ensure System Security Identify and Allocate Costs Identify and Allocate Costs Manage Third-party Services Manage Third-party Services Define and Manage Service Levels Define and Manage Service Levels Educate and Train Users Educate and Train Users Assist and Advise IT Customers Assist and Advise IT Customers Manage Configuration Manage Configuration Manage Problems and Incidents Manage Problems and Incidents Manage Data Manage Data Manage Facilities Manage Facilities Manage Operations Manage Operations Monitor the Process Monitor the Process Assess Internal Control Adequacy Assess Internal Control Adequacy Obtain Independent Assurance Obtain Independent Assurance Provide Independent Audit Provide Independent Audit Define Information Architecture Define Information Architecture ITIL Service Delivery Service Support Service Desk Service Desk Incident Management Incident Management Change Management Change Management Release Management Release Management Problem Management Problem Management Configuration Management Configuration Management Service Level Management Service Level Management Availability Management Availability Management Financial Management Financial Management Continuity Management Continuity Management Capacity Management Capacity Management

54. Deliver and Support Monitor and Evaluate Planning & Organization Acquire and Implement Planning & Organization Acquire and Implement Plan and Organise Define Strategic IT Plan Define Strategic IT Plan Define IT Organisation and Relationships Define IT Organisation and Relationships Manage IT Investment Manage IT Investment Determine Technological Direction Determine Technological Direction Communicate Aims and Direction Communicate Aims and Direction Manage Human Resource Manage Human Resource Ensure Compliance with External Standards Ensure Compliance with External Standards Assess Risks Assess Risks Manage Projects Manage Projects Manage Quality Manage Quality Identify Automated Solutions Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Acquire and Maintain Technology Infrastructure Develop and Maintain IT Procedures Develop and Maintain IT Procedures Install and Accredit Systems Install and Accredit Systems Manage Change Manage Change Manage Performance and Capacity Manage Performance and Capacity Ensure Continuous Service Ensure Continuous Service Ensure System Security Ensure System Security Identify and Allocate Costs Identify and Allocate Costs Manage Third-party Services Manage Third-party Services Define and Manage Service Levels Define and Manage Service Levels Educate and Train Users Educate and Train Users Assist and Advise IT Customers Assist and Advise IT Customers Manage Configuration Manage Configuration Manage Problems and Incidents Manage Problems and Incidents Manage Data Manage Data Manage Facilities Manage Facilities Manage Operations Manage Operations Monitor the Process Monitor the Process Assess Internal Control Adequacy Assess Internal Control Adequacy Obtain Independent Assurance Obtain Independent Assurance Provide Independent Audit Provide Independent Audit Define Information Architecture Define Information Architecture ITIL Service Delivery Service Support Service Desk Service Desk Incident Management Incident Management Change Management Change Management Release Management Release Management Problem Management Problem Management Configuration Management Configuration Management Service Level Management Service Level Management Availability Management Availability Management Financial Management Financial Management Continuity Management Continuity Management Capacity Management Capacity Management

57. ISO 20000 What Is It? How Does It Relate To ITIL?

58. ISO 20000: Basic Concepts Quality standard for IT Service Management Formal specification defined requirements for an organization to deliver managed services to acceptable quality to customers BS 15000 fast-tracked to become IS0 20000 ITIL forms the basis of the standard Standard = a list of criteria that needs to be met The standard versus the framework Standard = audit & certify against. Makes ITIL alive Framework = best practice that the standard is based on

59. ISO 20000 Source: itSMF International The Business Perspective ICT Infrastructure Management SERVICE DELIVERY Capacity Management Availability and Service Continuity Service Level Management Service Reporting Information Security Management Budgeting and Accounting for IT Services RELEASERELATIONSHIP RESOLUTION Release Management Incident Management Problem Management Business Relationship Management Supplier Relationship Management CONTROL Configuration Management Change Management

60. Example: Change Management Specifications: Objective + Requirements Objective: To ensure all changes are assessed, approved, implemented and reviewed in a controlled manner Requirement examples: All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor Requests for changes shall be assessed for their risk, impact and business benefit All changes shall be reviewed for success and any actions taken after implementation

61. Example: Change Management Code of Practice: Objective + Detailed Best Practices Objective (Sub-process: 8.2.2): Closing and reviewing the change request Detailed Best Practice: All changes should be reviewed for success or failure after implementation and any improvements recorded A post-implementation review should be undertaken for major changes to check that: –a) the change met its objectives; –b) the customers are happy with the results; –c) there have been no unexpected side effects Any nonconformity should be recorded and actioned Any weaknesses or deficiencies identified in a review of the change control process should be fed in to service improvement plans

62. ITIL Future – from this…. Service Support Service Delivery Security Management The Business Perspective ICT Infrastructure Management Planning to Implement Service Management Applications Management The Business The Technology Software Asset Management … to this: ITIL V.3 Pocket Guides ITIL Practice Working Templates The Business The Technology Governance Methods Case Studies Certification-based Study Aids Executive Introduction to IT Service Management Service Strategy Service Design Service Transition Service Operation Continuous Service Improvmt LIFECYCLE PERSPECTIVE

63. Various non-proprietary frameworks and methods exist to help IT organizations become more process centric and improve the quality of the services delivered ITILCobiTCMMSix SigmaISO 2000 The IT Infrastructure Library is a customizable framework of best practises that promote quality IT service, build on a process-model view of controlling and managing operations. ITIL was originally developed by the UK government and has since matured into an internationally recognized standard. Control OBjectives for Information and related Technology is a framework for information security and provides generally accepted IT control objectives to assist in developing appropriate IT governance and control The Capability Maturity Model is a method of evaluating and measuring the maturity of the software development process. Recent revisions (CMMI) provide guidance for improving organization process and manage the development, acquisition and maintenance of products and service A data driven quality management program to control variations and thereby achieve high levels of quality. A standard concerned primarily with the quality of IT Service Management. It provides the basis to fulfill customer requirements, regulatory requirements, enhance customer satisfaction, and pursue continual improvement What is it? Focus IT Operations – IT Service Management DevelopmentGovernance and Control Process ImprovementProcesses Consistency IT Specific Yes NoYes How it fits Define and implement processes Determine extent of process maturity Provide process controls Improve processesCertify processes are being followed

64. Frameworks and Methodologies ISO20000 CobiT SIX SIGMA CMMi ITIL Business Process Models Governance

65. In summary: ITIL is: The international de-facto Best Practice for IT Service Management Process Approach to improving Quality, Efficiency and Effectiveness Service focused IT management, viewed from the perspective of IT customers and users Evolving, vendor-neutral, non-proprietary framework CobiT complementary, Certifiable through ISO20000 DEFINED COMMON SENSE