In This Chapter
Understanding business service management
Managing risk with key performance indicators
Setting business and IT service levels
Balancing business goals
A lot of business, technological, and organizational issues have to come together in proper service management. How can service management goals provide important benefits to your company's business goals? The reality is that companies are at different stages of implementing a service management strategy. But no matter where your company is, the fundamental premise is that service management is an integral part of your business strategy.
Why did we wait until now to discuss business service management? You first have to understand the parts of service management and how they work together; otherwise, you don't know what tools are at your disposal. Here's a way to think about this issue: Imagine that you're in your car starting out on a trip. You don't have a map, and you haven't decided where you want to go. You stop at the nearest gas station and ask for directions. But how can you possibly figure out which path is best if you don't even know which town you're going to? As the old saying goes, if you don't know where you're headed, any road will do.
In this chapter, we explain what business service management is and how a business can benefit from it.
Note
Business service management (BSM) is an approach to bringing together the following to provide management a holistic view of the business:
Business process
Business services
IT service levels
BSM provides a way to measure and monitor the whole so that management can have comprehensive and meaningful oversight. How is this approach different from traditional approaches to managing IT? BSM is actually a superset. Yes, you have to manage your data center, the sensors in equipment on your factory floor, the desktops across your company . . . we could go on for quite a while. But would that be enough? Clearly, the answer is no. All these tasks focus on making sure that part of the infrastructure is operational. The reality is that BSM takes all these facets of managing the parts and brings them together based on the company's goals.
Based on this definition, it should be clear that BSM isn't a product.
Every corporation, no matter what its size, operates based on business goals and rules that dictate how the business functions. What is the company's mission? Who are the stakeholders? What do the shareholders expect? After an organization analyzes these factors, it measures progress toward these goals.
Key performance indicators (KPIs) are quantifiable measurements, agreed to by the business, that reflect the critical success factors of an organization. If a company wants to be the most profitable in its industry, its KPIs are based on measuring profit and the prices of good and services. Contrast this example with a company that sells a sophisticated product to a small set of demanding customers. Its KPIs are related to product quality and customer satisfaction.
Tip
The more technology a company uses to achieve its business goals, the more of its KPIs focus on its IT infrastructure. A company such as Google or Netflix, for example, has a lot of KPIs related to the effectiveness and efficiency of its data centers.
To be meaningful, KPIs have to be measurable. Suppose that your company has a KPI related to the response time for your online customer portal. The KPI states that a customer should expect a 1-second response time. Suddenly, response time has changed to 1.7 seconds. You must drill down to see how significant this problem may be. Is the response-time degradation related to an increase in business? What would the cost to the company be if this level of service continues? What would the cost to the company be if it wants to get back to the 1-second response time? Putting this situation in context with overall corporate goals, you may decide that 1.7 seconds is actually all right because the level of risk is minimal.
Note
You always must understand KPIs in the context of risk to the business overall.
The 1.7-second response time may not affect the overall success of your business, but other factors may be much more important. If 1.7 percent of all customer data is lost or compromised, for example, would that be a problem for the business? After all, 1.7 percent is a small percentage of your overall customers. The company may not be willing to live with this level of risk, however.
KPIs are a balancing act between a company's goals and its ability to achieve business objectives while minimizing risk. When the corporate board sets the agenda for how the company will behave and achieve its goals, a framework exists for approaching BSM. These objectives can't be achieved in a vacuum.
When you have a good understanding of your company's goals (and the level of risk it's willing to take), start thinking about the service levels you need to manage.
This process is trickier than it may sound. Your boss may say, "I want the best service the industry can provide! Nothing is too good to support my customers!" Who wouldn't want the best? The level of business service that your company can provide its customers and stakeholders, however, is conditional. Unlike our scenario of perfection (see the sidebar "The best-case scenario: Perfection," at the end of the chapter), most companies are constrained by costs. Deciding on strategic goals and objectives puts a company in a position to understand what it needs to do to achieve the right service levels for the business.
Note
A business service level is a line of defense that you must apply to the circumstances that make a difference in meeting the company's goals. How important is the quality of service to the way the business operates? What is the impact of good quality on the profitability of the company? A business service level can have these types of ramifications in delivering profitability to the company.
Consider whether you need 100 percent uptime from your e-mail system, for example. Employees want e-mail to work all the time, obviously, but if e-mail is down for 20 minutes a day, will it affect the bottom line, make the company less competitive in the market, or reduce customer satisfaction by 10 percent? Probably not. Why is this an issue? Promising 100 percent or even 99.999 percent uptime for the e-mail system requires a lot of technology: specialized software, redundant servers, and so on. In reality, though, occasional e-mail downtime won't necessarily bring the company to its knees.
When will something make a difference in the business? Consider security. Is it okay to have a data security breach for 20 minutes a day? No one would do business with a company that's likely to lose private information.
The bottom line is that a business service level is a business decision. IT shouldn't strive to achieve better service levels than it promised based on the goals of the company.
You may have noticed that we focus on the business service levels that relate to IT services — for good reason. Some business service levels relate to how personnel treat customers on the phone or to how a company ships supplies and the like. These tasks are people-related tasks that can affect the overall management of end-to-end processes. If a task that requires approval sits in a manager's inbox for a week, dire consequences may result, affecting the manager's overall ability to direct the business. In reality, however, little synergy exists between these types of business service levels and IT.
Note
The real benefit to the business comes from business service levels in which IT and business meet. Companies that sell technology-based products are more likely to have more business service levels that are controlled and affected by technology. If you took a peek under the covers at companies like Google, Amazon.com, and Netflix, you'd see a great deal of attention paid to business service levels.
After the business decides what's important and how much service it needs to keep customers happy for the right price, IT takes control. Providing the right level of service is the responsibility of the IT department, along with data center management.
Note
These service levels are codified in service-level agreements (SLAs) between the business and the IT organization. The content of this agreement is based on meeting a set of expectations between the provider of a service and the consumer of the service. If you promise to provide e-mail to employees, for example, a set of rules governs how this contract will be executed.
That contract might read something like this:
We promise that 99.999 percent of the time, e-mail will be operational. If it does fail, we promise to fix it within 20 minutes.
We will monitor the performance of the e-mail system on a continual basis and will report the results to the business on a monthly basis.
This agreement may look very simple and straightforward — and it is. The IT organization has the infrastructure to meet this requirement. It has the tools to monitor the system on an ongoing basis. The business has determined that if the e-mail system fails on occasion, people may be annoyed, but the company will not suffer financially.
Other service levels are more complicated and have more consequences for a business. Often, companies have relationships with third-party IT service providers. An insurance broker, for example, might use a third-party service provider to pay claims on policies. In this case, the parties would establish a much more detailed SLA than our example SLA for internal e-mail service. The SLA might require the service provider to promise 100 percent security of its customer data, and it might require the company to guarantee payment within 24 hours of receipt of an invoice.
What happens if IT is not able to meet the level of service required by the business? Clearly, it's the overall responsibility of the chief information officer to ensure that SLAs are met. Depending on the specific SLA, the CIO's job may be at risk if the SLAs are not achieved. In some situations, failure to achieve a specific SLA can cause the company to lose significant business.
The more demands the company places on the service provider, the higher the cost. The company purchasing the service needs to decide how much risk it's willing to accept. If the IT service provider doesn't meet the provisions of the SLA, it incurs penalties based on the severity of the problem. For this contract to work, both parties — the provider of the service and the consumer of the service — need to be able to monitor the results.
Successful BSM requires taking a holistic view of the business. You must measure and monitor everything as it relates to everything else. If you don't take this holistic approach, you'll be doing the business a disservice.
Note
Everything in your organization is a service. A service is simply a way of delivering value to a customer or stakeholder by facilitating expected business results.
The nearby sidebar "The best-case scenario: Perfection" describes an ideal example of BSM. The truth of the matter, though, is that you won't find a perfect solution to the struggle between satisfying all the desires of the business for service and the financial constraints on the IT organization. Also, although you may recognize elements of your own company in the sidebar, you won't find any such thing as a perfect company. Most companies are at different stages in their journey.
Tip
For more information about what some companies are doing for real, check out Part V, which offers some great case studies.