Our friends over at Cherwell recently conducted a survey on all things SIAM and I was lucky enough to catch up with Andy White, Vice president & General Manager for EMEA to talk through some of the findings.
Andy’s take on SIAM:
“SIAM provides a performance regime to govern and control so organisations only pay for things they can use and access. It delivers explicit service integration parameters that govern performance, availability, quality but more from a user’s perspective rather than a commercial or vendor perspective. It supports the skills and capabilities required to manage third-party suppliers in a commodity-based environment. SIAM’s really delivering an open view, an open standards view, to delivering workflow, reporting, financial metrics in the entire service delivery to the ultimate end customer.”
In other words, SIAM is a way of delivering value to customers via multiple suppliers in a seamless way that ensures performance, availability and quality requirements are taking care of. As Andy put it, the bow tie is getting bigger. On one side you have customer perception and on the other side you have the technology available with IT in the middle. Drones, the Internet Of Things, AI, as technology becomes more and more accessible, customer expectations will increase meaning IT departments have to deliver in order to stay relevant.
Here are some of the highlights of the Cherwell study:
SIAM isn’t going anywhere. 45% of the survey respondents managed between 21 and 100+ suppliers and nearly a third of all respondents had already implemented SIAM.
Those at the sharp end of IT operational issues better understand the benefits of SIAM. The research found that more senior IT professionals (38%) have implemented SIAM processes compared with director level respondents (21%).
Whilst obtaining reports and metrics is deemed easy, managing risk is harder. An enormous 93% of those surveyed reported being able to access management information easily. Managing risk effectively in a SIAM environment is a tougher prospect with over 24% of respondents admitting to finding it hard or very hard to assign tangible risks in a multi vendor environment.
Service Management is maturing; 76% of respondents had an integrated Service Catalogue in place to enable end users to select business services.
The top 3 takeaway findings from this survey:
Everyone knows SIAM.
We need to be having the right conversations with C level and above so that SIAM gets on the business agenda.
We need the right tools to be able to visualise performance. Dashboards and reports will supply C level intelligence and help to drive performance.
You can check out the survey in full here. What do you think? Let us know in the comments!
The lovely people at Cherwell invited me to join one of their webinars to talk about SIAM so here is the link to the recording!
My session was all about how ITIL and SIAM can be used to take your service provision from good to “let’s rock this!” The world and its mum knows that ITIL is the globally recognised framework for ITSM best practice but in a world where outsourcing, co sourcing and multi sourcing models are being more and more common, ITIL alone can’t cope. Enter SIAM; the framework that enables an organisation to manage their service providers in a consistent and efficient way, making sure that performance across a portfolio of multi-sourced goods and services meets user needs. In other words, SIAM is a flavour of ITIL that supports organisations in managing multiple suppliers whilst keeping the user experience seamless for the rest of the business.
We all know that ITIL is inherently all about continual service improvement and a SIAM environment is no different. That said, here are some of the things to look at when looking at SIAM:
Span Of Control
How many vendors can you manage without things being missed, balls being dropped or angry mobs turning up at your door? Look at your span of control and if your numbers of suppliers, partners and vendors is increasing faster than you know what to do with, look at introducing the lead vendor concept to regain some control. Lead vendors.
Understand Vendor Dependencies
However many suppliers or partners you use, the buck will always stop with you from the perspective of the business if something goes wrong. Map out your IT services, how they support business outcomes and which supplier delivers each IT service. The CMDB or a technical view of the Service Catalogue will help you to do this and will enable you to spot any areas of vulnerability so you can plan accordingly.
Organising For SIAM
When preparing for a SIAM environment; having a strategy is key to ensure that you have a holistic view of your end to end service, making sure nothing is lost or missed. This strategy should be used as the basis for policies, procedures and work instructions to ensure that there are consistent ways of working across the board. Each vendor should have a catalogue of service offerings to ensure dependencies are identified and documented.
An effective SIAM environment is all about the relationships between the customer organisation and its partners. Moving to a SIAM model will require a culture change so building a collaborative culture is vital. One way of nixing a blame culture is to use the practice of unconditional positive regard (UPR). UPR is a term credited to humanistic psychologist Carl Rogers and means accepting and respecting others as they are without judgment or evaluation i.e treating everyone with the best of intentions. If all else fails, there might be another term that works – TCB or tea coffee and biscuits!! The overall aim? There’s no more “them” and “us”, there’s simply one team.
As with the span of control, the more SLA, OLA and Contract documentation you introduce into your process, the more admin is required and the more difficult it is to keep things under control. One solution is to have a shared service level agreement across all vendors to cover the end to end service which will encourage collaboration and reduce any potential blame culture. Measurements should be based off this single SLA to communicate how processes are performing, identify any improvement areas and to demonstrate that improvement is happening.
The ITSM tool industry is moving to support SIAM environments. Out of the box integrations, codeless functionality and add ons are all available in the market giving customers options.
A single point of contact, ownership & control for IT Services
Clearly defined roles & responsibilities
Optimised cost of services
Streamlined management of IT services
Consistently applied processes
A more transparent IT landscape
Increased Customer Satisfaction!
Did you listen to the webinar? Let me know what you thought in the comments!
Following a sparkly pressie from the guys at TOPdesk, we got to thinking here at Enterprise Opinions towers about what should go in our emergency kit for dealing with Major Incidents.
To be fair, my Starbucks habit is slightly worrying but staying caffeinated helps me stay on the ball. When dealing with a crisis, sometimes you just need a second to figure out the next step. Taking a sip of your drink, be it coffee, green tea or water, takes you out of the situation momentarily and gives you a chance to clear your head and come up with a plan. That said, this is effectively me on a bad day:
Key Phone Numbers
Picture the scene, my second day at a Problem Management gig and a contracter accidentally hits the EPO button in the data centre. For the uninitiated, an EPO or Emergency Power Off button is something that instantly takes out the power to a room and is there as a safety measure in the event of a fire or someone suffering an electrical shock. They’re usually bright red and labeled EPO. Unfortunately in this case, it’s proximity to the door meant the chap in question mistook it for the door release button and pressed it taking out all services to the building and 8 major customers. As this wasn’t a DR test, there was no way to fail over cue an epic Major Incident and the Service Desk sat in shock because they had no working phones and no corporate address book to look up phone numbers. Not our finest hour. No one was saying anything so I did the only thing I could think of at the time; told everyone to use their mobiles to call everyone they had numbers for, starting from the top down until we were able to restore power, promising that I would personally pay their mobile bills if the finance department rejected the resulting phone bill. It was the only option we had at the time and luckily we were back up with the basics in about 30 minutes but my overriding memory of that day was feeling really out of control. Let’s face it, that level of faffery in a Major Incident is never good.
I love my iPhone. It’s pink (obvs) has every app I can think of and goes everywhere with me. It has unfortunately naff all battery life so I carry a charger with me at all times.
Feedback that I’ve had time and time again when I’ve done Incident Management type roles is how calm I seem when things are kicking off. I have no idea why people think I’m calm, I can promise you that it’s all a huge act. Inside my head, I’m having kittens or reciting every swear word I can think of or wishing I could hide under my desk but when I have a Service Desk full of analysts relying on me, I’m not going to let everyone down by panicking and then making mistakes. I guess you could say it’s a bit like parenting, as a mum of three I can tell you that kids can sense uncertainty, fear and in the case of my little darlings, chocolate buttons at twenty paces so the trick is to have a total air of “I’ve got this”. Fake it til you make it; act as though everything’s grand, you’ll calm down which will in turn calm down everyone around you and you can focus on getting everything fixed.
What would you have in your “break glass in case of emergency kit”? Let us know in the comments!
It’s the London Olympia baby! Last week was the 2016 Service Desk & IT Support Show or SITS for short. SITS is a annual, free event in central London dedicated to all things tech support and ITSM related.
Taking all of 5 seconds to get a Batman reference into his content, this was clearly destined to be my favorite session of the day. Daniel opened by talking about the iceberg of ignorance, in other words, the further away you get from service delivery, the few problems that you see. Daniel continued by discussing how one of the biggest challenges faced by managers is taking the time to improve.
Daniel introduced the ITIL, Agile and Lean triumvirate explaining how it’s not enough to have best practice, we must be responsive to the needs of the business and efficient in the way we deliver enterprise services.
The next part of Daniel’s presentation focused on how DevOps is a way to do better faster safer on a continual basis. Daniel talked about the need to focus on the entire value stream of better faster safer from strategy right through to operations.
Daniel went on to talk about measurements and advocated putting your business reports in a language your company understands for example from zero to we got this! He also introduced a brand new metric which I think our friends at AXELOS towers should be all over in terms of including it in the next ITIL refresh.
The final part of Daniel’s session focused on behavior. As Daniel put it “DevOps starts with management talking to people and finding out what their problem are.” Daniel talked about the 3 ways to manage effectively environment:
You built it, you run it
Project to product
Strangle the complexity – lose the nonsense
His final point? Don’t forget to celebrate your successes along the way, preferably with beer!
Sarah opened her session by talking about the recent LinkedIn hack; asking her audience how many of them were able to understand if their personal data had been compromised from the e-mail response issues by LinkedIn – ie the importance of asking the right questions.
Sarah went on to talk about the public cloud and private cloud and the pros and cons of each approach. Public clouds are typically easy to use, flexible and operated by a third party but may be unreliable and less secure than an in house solution. Private clouds are organisation specific, customisable and more secure but can be more costly and require in house expertise.
The next part of the session looked at how a hybrid model can give organisations the best of both worlds without increasing risk. Sarah went on to talk about case studies of the SysAid product from General Cable. Fluortek and LAN Airlines who has the impressive statistic of being able to handle seven times the number of Incidents since using SysAid.
Sarah concluded by explaining with the evolution of SaaS and cloud, it takes new skills to manage your estate effectively, Sarah’s advice? Every organisation is different so in terms of cloud provision, capture the requirements of your organisation and then plan accordingly.
Transforming The Service Desk With SIAM & Lean – Joe Bicknell, ServiceNow
The final session we attended was Joe’s session on Service desk transformation. Joe opened with the frankly terrifying statistic of outside the workplace, 84% of requests are automated, inside the workplace only 33% of requests are automated. The upshot? The average employee spends around 15 hours of their working week faffing about trying to battle the admin mountain.
Joe went on to explain the ServiceNow way of thinking “we believe everyone in your organisation requests something and everyone in your business is a service provider in some way.”
Joe used ServiceNow to demonstrate how ITSM can be applied to the entire organisation, streamlining processes and removing silos. His top three takeaways?
Own IT Service Management in your business; it’s the key link between the front and back office.
Change the way you work, don’t use technology to compliment what you do
Take the workshop to your organisation and start to take Service outside of IT
Did you go to #SITS16? Let us know in the comments!!
Ransomware, phishing attacks, patch Thursday, social engineering – it’s a scary out there. The ITSM Review is conducting some research on cyber security for publication. The aim of the study is to look at challenges and threats, cyber security activities in the current market and best practice.
In a world dominated by technology, cyber security and resilience has never been so important. Here are just some of the statistics about why cyber security should be on everyone’s agenda:
In 2015 even fewer SMBs (29%) used standard tools like configuration and patching to prevent security breaches compared to the 39% who did so in 2014. Source: Cisco 2016 Annual Security Report.
This research will look at the impact of cyber threats and how to deal with cyber security in an ever changing environment. The study will focus on these three areas:
Challenges and threats
Cyber security activities
Best practice and RESILIA
The main aim of the research will enable readers to understand the challenges and carry out a tangible risk assessment, build a business case for action and understand best practice around cyber security and resilience.
It’s Covent Garden baby! The BCS Configuration Management Group held their annual conference on Tuesday. The CMSG was set up in 1995 to provide a forum for the promotion of Configuration Management as a discrete management process. The group now covers the transition areas of Change, Release and Software Asset Management, including the specialist UK SAM Networking Group.
First up was Roo Reynolds on driving transformation in a government environment. Roo’s first task was a quick public service announcement on Larry, the cat that lives at Number 10 (where the Prime Minister lives for non UK readers). Apparently, whilst appearing cute and fluffy. Larry actually has a vicious streak so if you’re ever invited to Downing Street, consider yourself warned – the last thing you want is a Rabbit of Caerbannog scenario.
Roo talked about the challenges of working in a government environment and his transformation mission:
Roo talked about the importance of putting your customers at the centre of the requirements gathering phase “your users are unlikely to grow wings so they no longer need lifts” As Roo put it “transformation doesn’t have to be huge, the smallest things can make a difference.”
Here are Roo’s top tips for driving transformation:
Start with the needs of the user; genuinely put the user first
Work with people who are committed
#2016cmsg be the pig not the chicken in the agile delivery. Have some skin in the game. #bcscmsg
Vawns Murphy Senior ITSM Analyst, Enterprise Opinions – Going From Good To Great Using ITIL & DevOps
I was up next talking about my practical experience of using ITIL and DevOps to make things better in the real world. My session focused on a real life client engagement where we went from IT Ops and Dev teams literally snarling at each other from different sides of the room to a happy, collaborative environment with a 99.91% Change success rate and a 50% reduction in deployment time. There was also a lot of talk about Star Wars , the Avengers and erm, Frozen. You can check out the slides here.
Up next was Connor from Springer Nature on continuous delivery. Connor talked about the need for common sense in a delivery environment: “keep things simple, have conventions around how software is built and tested.”
Connor went on to explain the importance of automation explaining “we need to make doing the right thing easy and the wrong thing impossible.
Security is internal and external. DDoS can be legislate testing caused by unmet needs. Listen and respond. @drakekin#2016CMSG
Connor gave practical guidance on continuous delivery, talking about the benefits of consumer driven contracts for micro services, and why automated testing is so important “most of your tests should be automated because people are fallible”.
Security is internal and external. DDoS can be legislate testing caused by unmet needs. Listen and respond. @drakekin#2016CMSG
Connor talked about how there’s no silver bullet; “you need discipline and willpower but having good processes makes things easier. If you make it easy for people to try new things there will engage and they will try”
My favorite piece of wisdom from Connor’s session was this: “You need to have an exit process, broken gets fixed, crappy lives on forever”. Be warned people!
Patrick Bolger, Chief Evangelist, Hornbill – Rethinking Your ITSM
Pat concluded by talking about the importance of being inclusive when driving transformational: “change is a threat when done to us but an opportunity when done by us”. A very powerful message and a great way to maintain focus on the customer when managing change.
Robert Cowham, Consultant, Perforce Software – DevOps In The Cloud, A Pathway To Heaven?
The last session we attended was Robert’s presentation on DevOps and the cloud. Robert opened by talking about the background of DevOps and how it links into Agile. Robert then went on to explain the impact of DevOps on continuous delivery on development and discussed the impact of cycle times.
The next part of Robert’s session focused on the impact of the cloud, advantages and the big players including Microsoft, Amazon and Google.
Robert went on to talk about the practicalities of applying DevOps in a cloud environment discussing how to maximise pipeline flow, automation, feedback, micro services and release technology & containers.
Robert finished his session by demonstrating a functioning pipeline – a fascinating example of real life application.
For our money the CMSG conference was a great day, informative, lots of practical guidance and lots of subject matter expertise. A huge thanks to the BCS for inviting us and we hope to be back next year.
Did you attend the CMSG conference? Let us know in the comments!
It’s nearly time for SITS16! The Service Desk & IT Support Show is one of the biggest UK based exhibitions for IT Service Professionals, it’s also completely free to attend. The event takes place every year across two days in London. The exhibition has over 200 products and services from the leading suppliers of ITSM software, integration tools, IT training, consulting and managed services. The event has over 50 free-to-attend seminars and keynotes and more than 20 facilitated roundtable discussions on everything from becoming a more responsive Service Desk to do we really need both Incident & Problem Management?
What: The ITSM Review Excellence Awards Where: Crowne Plaza, Reading When: 25th November 2016
ITSM Professional of the Year
[End-user ITSM professionals, Consultants, Contractors or Licensing Specialists]
ITSM Implementation / Project of the Year
[ITSM teams or ITSM service providers]
ITSM Tool Provider of the Year
[Tool or technology suppliers]
ITSM Partner of the Year
[ITSM service providers, resellers or partners]
ITSM Innovation of the Year
[Recognizing new ideas, innovation and creative approaches]
ITSM Community Contribution of the Year
[Recognizing ITSM professionals that have gone above and beyond to support others]
Please direct your clients to this form in order to vote for you. Award short lists will be announced in September and final interviews/ voting winners will be decided by our independent industry panel in October.
How To Book
Secure a table for £1,000 to seat between 8 – 12 guests or reserve single seats for £100 per person (maximum of 5 single tickets) for a great way to reward staff and/or entertain your clients. This will include Kir Royale on arrival, 3-course meal, ½ bottle of wine per person, disco and host company logo on your table.
To book a table, please pay directly via the Just Giving Page. We ask that you email us to confirm you have made a payment and how many people will be on your table.
Delivering consistent and quality IT services for customers is not easy – and can be even more challenging – if they are not governed effectively. For example, how can an IT organisation look to improve if it doesn’t measure the amount of service-impacting incidents properly?
Take the high profile service outages of several major banks in recent years for example. Their customers were unable to make transactions or access services for periods of time. Even in such a highly regulated environment as financial services, where IT is governance is generally tighter, there are no guarantees that the outages could’ve been prevented by governance alone.
Equally, too much governance could be seen as overly bureaucratic. A complicated – and lengthy – change control process could drive the wrong behaviour from some members of the IT organisation in that they may simply bypass the process.
In any case, a business is often dependent on its IT services, and as such, there needs to be controls in place to not only protect – but gain value for – their customers. This of course needs to be appropriate as not all businesses are financial service providers needing tight control.
What is governance and why is it important?
Before implementing any type of governance, it is worth understanding what it actually is. According to Wikipedia, “governance refers to all processes of governing undertaken…and relates to the interaction and decision-making among the actors involved in a collective problem”.
The Harvard Business School describe IT governance as “specifying the decision rights and the decision-making mechanics to foster the desired behaviour in the use of IT”.
A key thing to note is that governance is not the same as management. Ultimately, ITSM governance is concerned with control, compliance and performance.
It is important that ITSM governance has effective decision-making in place; drives the right behaviours (and, by implication, discourages the wrong behaviour); and has policy and processes are in place so that it is easier to discover issues and remedy them quicker.
Going back to our banking example earlier, HSBC had an issue with ATMs and Online Banking in 2011 but were able to pinpoint it and restore service within 2-3 hours. If they didn’t have good governance in place, it feasibly could have taken considerably longer to obtain information and decisions.
What are the different aspects of ITSM governance?
In order to understand, design and communicate effective ITSM governance, Harvard Business School suggests “a decision, rights and accountability framework” should be created that covers aspects like:
What decisions should be made and what information should be considered
Who can make decisions and who is accountable for them
How can decisions and governance be measured?
You might also want to consider different aspects like those the in the table below:
Questions or things to consider
Communicating with guiding principles that inform and involve all relevant staff; leverage their expertise; and ensure strong input from Senior Management
Governance should be controlled and executed through policy, process, ownership and performance
What technology and tools are required to support the process?
What data such as measurements and metrics are required to inform decision making?
What are they; how much do they cost; and how do they add value to the business?
What are their processes and metrics and how are they involved in your governance?
Who are your customers and how do they benefit from your governance?
How can you evidence your governance improves service costs, their perception and value delivery?
8. Corporate Governance
How does your governance align to the corporate governance, strategic objectives and architecture; and are IT involved at the right level within the organisation in this regard?
How is ITSM governance executed?
After considering what aspects to include in ITSM governance, it is equally important to consider how to design and execute it in practice. The following are some suggestions you might want to consider when implementing ITSM governance.
Firstly, identify the types of frameworks and methods to be used – particularly if you are starting from scratch. Whilst not exhaustive, the following are some common methods and how they can be applied:
COBIT is an IT governance framework that focuses on what should be covered in processes and procedures and they can be directed and controlled.
ISO/IEC standards like 20000 (Service Management), 27000 (Security) and 38500 (IT Governance) are international standards provide specific advice and controls IT can be audited against to gain industry recognised certification
TOGAF is a framework for enterprise architecture that provides an approach for designing, planning, implementing, and governing an enterprise and service orientated architecture
Other specific best practices for governance such as PRINCE2 for projects;USMBOK and ITIL for service; MoR for risk management; CMMI for benchmarking and maturity.
Secondly, ITSM needs to be involved with – or even own – certain internal governing bodies like:
IT Pipeline and Portfolio Board to understand the upcoming projects and be ready to design, transition and operate the services being delivered as necessary
Architecture Governance Board to influence and ratify all architecture designs and decisions
Change Advisory Board to review/approve changes – particularly to the live production environment
Other Governance or Steering Groups involving the business to ensure IT is represented appropriately
Thirdly, ITSM Governance needs to ensure key policies, processes and metrics in place. This may vary depending on the needs of the organisation but things like incident, change and release policies should be created to ensure service-related issues or changes are controlled, evaluated, measured and resolved in appropriate way to ensure minimum risk and impact to the business.
Finally, and arguably, the most important thing is to build an improvement culture that involves the support of the whole IT organisation. By establishing quick wins; involving staff in the policy development; and empowering them to take ownership as appropriate; and using improvement techniques Deming’s Plan Do Check Act cycle; ITSM governance is more likely to be established accepted and acted upon by the IT organisation.
The key things to remember when implementing ITSM governance are to:
Ensure it is appropriate for your organisation and limit bureaucracy were possible
Remember that governance is not management and is primarily about driving effective decision-making and ensuring control and performance of services
Make sure it aligns to the strategic and corporate governance and objectives of your organisation
Control, improve and mature governance through policy, process, benchmarks and measurements using industry best practice if practicable to do so.
Develop and maintain an improvement culture within the IT organisation so that staff understand the value of – and contribute to the success of – ITSM governance