Quick Reference Guide

ITIL® Service Design

WP0214 | October 2015

David Jones and Abstract

Roderick Brown
David Jones is a Senior Consultant This Quick Reference Guide provides a summary of the Service Design
with Enterprise Architects in Australia, lifecycle for Information Technology Infrastructure Library, more commonly
specializing in Enterprise Architecture, ITIL. The information contained is derived from the Axelos ITIL Foundation
particularly Business Architecture. He
Handbook and supplemented from the ITIL Service Strategy Lifecycle
is also an experienced practitioner
publication. The document is based on ITIL 2011.
in business process improvement
and simplification. David has worked
with many sector clients, undertaking
assignments in Financial Services,
Telecommunications and Power Utilities.

Roderick Brown is a freelance Consultant

working in Melbourne, Australia,
specializing in Business Architecture,
particularly in Process Architecture. He
is also an experienced practitioner in
business process improvement and
simplification. Roderick has worked
with many sector clients, undertaking
assignments in Banking, Investment
Management and Wealth Management.

David and Roderick are passionate about

helping organizations understand and
document their own business processes,
using frameworks such as APQC’s Figure 1: ITIL Service Stategy
Process Classification Framework and
standards such as BPMN as well as
applying simple approaches to improve
and simplify these business processes.

Access our free, extensive library at

www.orbussoftware.com/community
Table of Contents List of Figures
Abstract 1 Figure 1 - ITIL Service lifecycle 1
List of Figures 2 Figure 2 - Service Design Overview 3
Introducing ITIL Service Design 3
Design Coordination 4
Service Catalogue Management 5

Service Level Management 6

Availability Management 7
Capacity Management 8
IT Service Continuity Management 9
Information Security Management 10
Supplier Management 11

2 © Orbus Software 2015

Introducing ITIL Service Design
Background value. Consequently, it requires that these services must
be designed to achieve these business objectives.
ITIL is the well-known set of practices for IT service
management (ITSM) that focuses on aligning IT Service Design uses the strategies published by
services with the needs of business. Service Strategy into a plan for delivering the business
objectives.
Figure 1 provides a high level overview of the complete
ITIL service lifecycle. This Quick Reference Guide is the ITIL Service Design provides:
2nd in a series of Quick Reference Guides for ITIL and
• Guidance for the design and development of
covers the Service Design lifecycle phase of ITIL.
services and service management practices
Overview • Design principles and methods for
Businesses require that their services deliver fair and true converting strategic objectives into portfolios
of services and service assets.

Figure 1: ITIL Service lifecycle

Figure 2: Service Design Overview

3 © Orbus Software 2015

Purpose and Objectives Design Coordination
The purpose of Service Design is to design IT Overview
services to realize the service provider’s strategy and
to facilitate the introduction of these services into The activities of the service design stage are detailed
supported environments ensuring quality service and complex. Only through well-coordinated action
delivery, customer satisfaction and cost-effective can a service provider hope to create comprehensive
service provision. and appropriate designs that will support the
achievement of the required business outcomes.
Service Design is undertaken in conjunction with the
design of policies and processes to implement the Purpose and Objectives
services and the IT practices to govern them. The purpose of design coordination is to ensure the
The objective is to design IT services so effectively so goals and objectives of the design stage are met. It
that minimal improvement should be required during provides a single point of coordination and control
their lifecycle. Although, it is important to embed for all activities and processes within this stage of the
continual improvement in all service design activities to: service lifecycle.

• E
 nsure solutions and designs become more The objectives of the design coordination process are to:
effective over time; and • Ensure the consistent design of appropriate
• Identify
 business trends and changes that services, service management information
may offer opportunities for improvement. systems, architectures, technology,
processes, information and metrics to meet
Service design activities can be periodic or exception- current and evolving business needs and
based when they may be triggered by a specific requirements
business need or event.
• Plan and coordinate all design activities
Service Design Processes
• Produce SDPs based on service charters
The processes contained within the Service Design and change requests
lifecycle are:
• Ensure that appropriate service designs are
• D
 esign coordination produced and that they are handed over to
service transition as agreed
• S
 ervice catalogue management
• Manage the interfaces with service strategy
• S
 ervice level management
and service transition
• A
 vailability management
• Improve the efficiency and effectiveness of
• C
 apacity management service design activities and processes.

• IT service continuity management Process Activities

• Information security management Design coordination activities fall into two categories:

• S
 upplier management. • Activities relating to the overall service design
lifecycle stage, which may be performed by
design coordination process manager(s):

o Define and Maintain Policies and

Methods

o Plan and Design Resources and

Capabilities
4 © Orbus Software 2015
 o C
 oordinate design activities Service Catalogue
o M
 anage Design Risks and Issues Management
o Improvement Service Design Overview
• A
 ctivities relating to each individual design, The service catalogue is one of the most valuable
which may be performed by a project elements of a comprehensive approach to service
manager or other project team member: provision and it should be given proper care and
attention. The service catalogue management process
o P
 lan Individual Designs
provides the means of devoting care and attention in
o C
 oordinate Individual Design a consistent fashion, ensuring that the organization
accrues all of the potential benefits of a service
o M
 onitor individual Designs
catalogue in the most efficient manner possible.
o R
 eview Designs and Ensure Handover
Purpose and Objective
of Service Design Package
The service catalogue is a single source of consistent
Triggers, Inputs and Outputs information on all of the agreed services. The objective
Triggers of service catalogue management is to manage the
information contained within the service catalogue and
• C
 hanges in the business requirements and
to ensure that it is accurate and current.
services
Process Activities
• R
 equests for change (RFCs)
Key activities for service catalogue management are:
• N
 ew programmes or projects
• Agree and document service definitions
• R
 evision of the overall IT strategy.
• Interface with service portfolio management
Inputs
(service portfolio management) to agree the
• S
 ervice charters for new or changed services contents of the service portfolio and the
service catalogue
• C
 hange requests from any stage of the
service lifecycle • Produce and maintain the service catalogue

• B
 usiness information from the organization’s • Interface with the business and IT service
business and IT strategy and from business continuity management (ITSCM) to
impact analysis (BIA). understand the links between business
processes and the IT services
Outputs
• Interface with support teams and service
• A
 comprehensive and consistent set of asset and configuration management
service designs and SDPs (SACM) to understand the relationships with
• R
 evised enterprise architecture supporting services, components and CIs

• R
 evised management systems, processes, • Interface with business relationship
measurements and metrics methods. management and SLM to ensure information
is aligned to the business.

5 © Orbus Software 2015

Triggers, Inputs and Outputs Purpose and Objective
Triggers The purpose of the Service Level Management (SLM)
process is to ensure that all current and planned IT
• C
 hanges in the business requirements
services are delivered to agreed achievable targets.
• C
 hanges in the services.
The objectives of SLM are to:
Inputs
• Define, document, agree, monitor, measure,
• B
 usiness information from the business and report and review the level of IT services
IT strategy provided

• B
 IA • Improve the relationship and communication
with the business and customers
• B
 usiness requirements
• Ensure that specific and measurable targets
• R
 FCs.
are developed
Outputs
• Monitor and improve customer satisfaction
• U
 pdates to the service portfolio
• Ensure a clear and unambiguous expectation
• U
 pdates to RFCs of the level of service to be delivered

• T
 he service catalogue. • Ensure continual improvement to the levels of
service, even when all agreed targets are met.
Service Level Management
Process Activities
Overview
The key activities for SLM are:
Service Level Management (SLM) is a vital process
• Design SLA frameworks
for every IT service provider organization in that it is
responsible for agreeing and documenting service • Determine, document and agree requirements
level targets and responsibilities within SLAs and for new services and produce SLRs
service level requirements (SLRs) for every service
and related activity within IT. If these targets are • Negotiate, document, agree, monitor and
appropriate and accurately reflect the requirements of report on SLAs for operational services
the business, then the service delivered by the service • Conduct service reviews and instigate
providers will align with business requirements and improvements within an overall SIP
meet the expectations of the customers and users in
terms of service quality. If the targets are not aligned • Collate, measure and improve customer
with business needs, then service provider activities satisfaction
and service levels will not be aligned with business • Review and revise SLAs, OLAs, service
expectations and problems will develop. The SLA scope and underpinning agreements.
is effectively a level of assurance or warranty with
regard to the level of service quality delivered by the Triggers, Inputs and Outputs
service provider for each of the services delivered to
Triggers
the business. The success of SLM is very dependent
on the quality of the service portfolio and the service • Changes in the service portfolio
catalogue and their contents because they provide
• New or changed SLRs, SLAs, OLAs or
the necessary information on the services to be
contracts
managed within the SLM process.
• Service breaches or threatened breaches
6 © Orbus Software 2015
 • P
 eriodic activities – reviewing, reporting and • Ensure that availability achievements meet
customer satisfaction surveys or exceed targets and, where they do not,
assist with the diagnosis and resolution of
• C
 hanges in strategy or policy.
related incidents and problems
Inputs
• Assess all changes for their impact on the
• B
 usiness requirements availability plan and proactively improve
availability, where cost-justifiable to do so.
• S
 trategies, policies and constraints from
service strategy Process Activities
• T
 he service portfolio and the service The key activities for availability management are:
catalogue
• Monitor, measure, Analyze, report and review
• C
 ustomer and user feedback service and component availability

• Improvement opportunities from the CSI • Unavailability analysis: investigating all

register. events, incidents and problems involving
unavailability and instigating remedial action
Outputs
• Service failure analysis: identifying the
• S
 ervice reports
underlying causes of service interruptions
• S
 ervice improvement opportunities
• Identify VBFs and designing for availability
• S
 IP and recovery

• S
 LRs, SLAs, and OLAs. • Component failure impact analysis (CFIA),
single point of failure (SPOF) and fault tree
Availability Management analysis (FTA)

Overview • Model to determine whether new

components will meet stated requirements.
Availability is one of the most critical parts of the
warranty of a service. If a service does not deliver the Triggers, Inputs and Outputs
levels of availability required, then the business will
Triggers
not experience the value that has been promised.
Without availability the utility of the service cannot be • New or changed business needs or services
accessed. Availability management process activity
extends across the service lifecycle. • Service or component breaches, availability
events or alerts
Purpose and Objective
• Periodic activities such as reviewing, revising
Availability management ensures that the level of or reporting.
availability delivered in all IT services meets the
agreed availability needs in a cost-effective and timely Inputs
manner. It is concerned with meeting both the current • Business information from the organization’s
and future availability needs of the business. business strategy
The objectives of availability management are to: • Business impact from BIAs or assessment of
• P
 roduce and maintain the availability plan, VBFs
reflecting the current and future needs of the • Service information from the service portfolio
business, and to provide guidance to the and the service catalogue
business and IT on availability-related issues
7 © Orbus Software 2015
 • P
 ast performance from previous Purpose and Objective
measurements, achievements and reports
The purpose of capacity management is to
• C
 hange and release information from ensure that the capacity of IT services and the
the change schedule, the release and IT infrastructure meets the agreed capacity and
assessment of all changes for impact on performance-related requirements in a cost-effective
service availability and timely manner.

• U
 navailability and failure information from The objectives of capacity management are:
incidents and problems.
• Produce and maintain an accurate capacity
Outputs plan, and provide advice and guidance on all
capacity and performance-related issues
• T
 he AMIS
• Ensure service performance achievements
• T
 he availability plan for the proactive
meet their agreed targets, and assist with
improvement of IT services and technology
diagnosis and resolution of incidents and
• A
 vailability and recovery design criteria and problems
proposed service targets
• Assess the impact of all changes on the
• A
 vailability, maintainability and reliability capacity plan and proactively improve
reports. performance, where cost-effective.

Capacity Management Process Activities

Overview The main activities involved in the capacity
management process are carried out in both a
Capacity management is a process that extends reactive and a proactive way. Generally, the more
across the service lifecycle. A key success factor emphasis that is placed on proactive capacity
in managing capacity is ensuring it is considered management, the less effort that is required in
during the design stage. It is for this reason that the reacting to incidents and problems due to capacity or
capacity management process is included here. performance-related issues.
Capacity management is supported initially in service
strategy where the decisions and analysis of business
requirements and customer outcomes influence the
The proactive activities of capacity management
development of patterns of business activity, lines of
should include:
service (LOS) and service options. This provides the
predictive and ongoing capacity indicators needed • Pre-empting performance issues by taking
to align capacity to demand. Capacity management the necessary actions before they occur
provides a point of focus and management for all
• Producing trends of current utilization and
capacity- and performance-related issues, relating to
estimating the future requirements
both services and resources.
• Modelling and trending the predicted
Like availability, capacity is an important part of the
changes in IT services
warranty of a service. If a service does not deliver the
levels of capacity and performance required, then the • Ensuring that upgrades are budgeted,
business will not experience the value that has been planned and implemented in a timely fashion
promised. Without capacity and performance the
• Producing and maintaining a capacity plan
utility of the service cannot be accessed.
• Tuning (optimizing) the performance of
services and components.

8 © Orbus Software 2015

The reactive activities of capacity management should and recovery options. Like all elements of IT service
include: management, successful implementation of the IT
Service Continuity Management (ITSCM) process can
• M
 onitoring, measuring, reporting and
only be achieved with senior management commitment
reviewing the current performance
and the support of all members of the organization.
• R
 esponding to all capacity-related ‘threshold’ Ongoing maintenance of the recovery capability is
events and instigating corrective action essential if it is to remain effective.

• R
 eacting to and assisting with specific Service continuity is an essential part of the warranty
performance issues. of a service. If a service’s continuity cannot be
maintained and/or restored in accordance with the
Triggers, Inputs and Outputs requirements of the business, then the business will
Triggers not experience the value that has been promised.
Without continuity the utility of the service cannot be
• N
 ew and changed services requiring accessed.
additional capacity
Purpose and Objective
• S
 ervice breaches, capacity or performance
events and alerts, including ‘threshold’ The purpose of IT service continuity management
events. (ITSCM) is to support the overall business continuity
management (BCM) process by ensuring that the IT
Inputs service provider can always provide minimum agreed
• B
 usiness information from the organization’s business continuity related service levels.
business strategy The objectives of ITSCM are to:
• S
 ervice and IT information from the service • Maintain a set of IT service continuity plans
strategy and the IT strategy and IT recovery plans that support the overall
• C
 omponent performance and capacity business continuity plans (BCPs) and, in
information support of this, to carry out regular BIA, risk
analysis and management activities
• S
 ervice performance issue information.
• Provide advice and guidance on continuity
Outputs and recovery-related issues
• C
 MIS containing information required by the • Ensure that appropriate continuity
sub-processes within capacity management mechanisms are in place to meet or exceed
• C
 apacity plan the agreed business continuity targets

• S
 ervice performance information and • Assess the impact of all changes on the IT
reports. service continuity plans

• Ensure that proactive measures to improve

IT Service Continuity the availability of services are implemented
Management wherever it is cost-justifiable
Overview • Negotiate and agree contracts with suppliers
As technology is a core component of most business for the provision of the necessary recovery
processes, high availability of Information Technology capability.
(IT) is critical to the survival of the business as a whole.
This is achieved by introducing risk reduction measures

9 © Orbus Software 2015

Process Activities Information Security
A lifecycle approach should be adopted in setting up Management
and operating ITSCM. The stages of the lifecycle form
Overview
the foundation for the ITSCM activities and these are:
Information security is a management process within
• Initiation
the corporate governance framework, which provides
• R
 equirements and strategy the strategic direction for security activities and
ensures objectives are achieved. It further ensures
• Implementation
that the information security risks are appropriately
• O
 ngoing operation. managed and that enterprise information resources
are used responsibly. Information security
ITSCM is a cyclical process that ensures continuity management provides a focus for all aspects of IT
and recovery plans exist and that they are continually security and manages all IT security activities.
aligned with the BCPs and business priorities. ITSCM
should support the strategy and plans produced as a Information security is a critical part of the warranty
result of a BCM process. of a service. If the security of a service’s information
and information processing cannot be maintained at
Triggers, Inputs and Outputs the levels required by the business, then the business
Triggers will not experience the value that has been promised.
Without information security the utility of the service
• N
 ew or changed business needs or services
cannot be accessed.
• N
 ew or changed targets within agreements Note: Information security management needs to be considered
• T
 he occurrence of a major incident that within the overall corporate governance framework.
requires assessment for potential invocation
of either business or IT continuity plans Purpose and Objective
• P
 eriodic activities such as the BIA or risk Information security management (ISM) is a
assessment activities. governance activity within the corporate governance
framework. It provides the strategic direction and
Inputs is the focal point for all security activities. It ensures
• B
 usiness information from the organization’s the objectives are achieved, that information security
business strategy risks are managed and that enterprise information
resources are used responsibly.
• IT information from the IT strategy and plans

• B
 usiness continuity strategy and plans The purpose of ISM is to align IT security with
business security and to ensure it matches the agreed
• C
 hange schedule and assess all changes for needs of the business.
their impact on all ITSCM plans.
The objective is to protect the interests of those
Outputs relying on information, and the systems and
• R
 evised ITSCM policy and strategy communications that deliver the information, from
harm as a result of failures of confidentiality, integrity
• A
 set of ITSCM plans
and availability.
• B
 IA exercises and reports

• R
 isks assessment and management reviews
and reports

• ITSCM testing schedule.

10 © Orbus Software 2015

Process Activities • A set of security controls

The key activities of ISM are: • Security audits and audit reports.

• P
 roduce, review and revise the information Supplier Management
security policy
Overview
• C
 ommunicate, implement and enforce the
The supplier management process ensures that
security policies
suppliers and the services they provide are managed to
• A
 ssess and classify all information assets support IT service targets and business expectations.
and documentation The aim of this section is to raise awareness of
the business context of working with partners and
• Implement and improve a set of security
suppliers, and how this work can best be directed
controls and risk responses
toward realising business benefit for the organization.
• M
 onitor and manage all security breaches
It is essential that supplier management processes and
and major security incidents
planning are involved in all stages of the service lifecycle,
• A
 nalyze, report on and take actions to from strategy and design, through transition and
reduce the volumes and impact of security operation, to improvement. Complex business demands
incidents require the complete breadth of skills and capability to
support provision of a comprehensive set of IT services
• S
 chedule and complete security reviews,
to a business; therefore the use of value networks
audits and penetration tests.
and the suppliers and the services they provide are an
Triggers, Inputs and Outputs integral part of any end-to-end solution. Suppliers and
the management of suppliers and partners are essential
Triggers
to the provision of quality IT services.
• N
 ew or changed corporate governance
Purpose and Objective
guidelines
The purpose of supplier management is to obtain
• N
 ew or changed business security policy
value for money from suppliers and to provide
• N
 ew or changed business needs or services seamless quality of service to the business.

• S
 ervice or component security breaches. The objectives of supplier management are to:

Inputs • Obtain value for money from all suppliers and

contracts
• B
 usiness information from the organization’s
business strategy • Ensure that underpinning contracts (UCs)
and agreements with suppliers are aligned
• G
 overnance and security from corporate
with business needs, and support and align
governance and business security policies
with agreed targets
• D
 etails of security events and breaches
• Manage supplier performance and
• R
 isk assessment processes and reports. relationships with the suppliers

Outputs • Negotiate and agree contracts with suppliers

and manage them throughout their lifecycle
• T
 he information security policy
• Maintain a supplier policy and a supporting
• A
 n SMIS supplier and contract management
information system (SCMIS).

11 © Orbus Software 2015

Process Activities Inputs

The activities of supplier management can be • Business information from the organization’s
summarized in this way: business strategy

• D
 efinition of new supplier and contract • Supplier and contracts strategy
requirements • Supplier plans and strategies
• E
 valuation of new suppliers and contracts • Suppler contracts, agreements and targets
• S
 upplier and contract categorization and • Supplier and contract performance information.
maintenance of the SCMIS
Outputs
• E
 stablishment of new suppliers and contracts
• Supplier and Contract Management
• S
 upplier, contract and performance
information system (SCMIS)
management
• Supplier and Contract Performance
• C
 ontract renewal or termination. information and reports
Triggers, Inputs and Outputs • Supplier and Contract review meeting minutes
Triggers • Supplier Service Improvement Plans (SIPs).
• N
 ew or changed corporate governance
guidelines

• N
 ew or changed business strategies, needs
or new or changed services

• R
 equirements for new contracts

• R
 e-categorization of suppliers.

© Copyright 2015 Orbus Software. All rights reserved.

No part of this publication may be reproduced, resold, stored in a retrieval system, or distributed in any form or by any means,
electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of the copyright owner.
Such requests for permission or any other comments relating to the material contained in this document may be submitted
to: marketing@orbussoftware.com

Orbus Software
3rd Floor
111 Buckingham Palace Road
London +44 (0) 870 991 1851
SW1W 0SR enquiries@orbussoftware.com
United Kingdom www.orbussoftware.com