Outsourced infratructure scenario

General discussion on all aspects of the IT Infrastructure Library (ITIL)
Post Reply
User avatar
tolman101
Senior Itiler
Senior Itiler
Posts: 44
Joined: Sun Sep 25, 2005 8:00 pm
Location: Sweden

Tue Apr 13, 2010 1:05 am

Consider this scenario and add your thoughts if you have the lust for it. This is not an exam question by the way.

Outsourced infrastructure provider with application ownership and support within the business. Department established within the business to steer the infrastructure provider.

Incident prioritisation has always been based on impact to the business i.e. whether or not a critical application or main work task tool is available. The infrastucture provider wants to set up service levels on their infrastructure components and map them to incident prioritisation and timescales for responding and resolving. All well and good you may think.

Although I believe the infra provider has the best of intentions I can't help feeling that we are losing the "what's important for the business" view. And that for me is the applications and not the underlying technology. There is no CMDB mapping infrastructure services to applications so it would be very difficult implementing such a system anyway.

Does anyone have any experience of this type of situation and care to comment. Perhaps I have been a bit vague if so I'm happy to provide more info.

Matt


User avatar
Diarmid
ITIL Expert
ITIL Expert
Posts: 1894
Joined: Mon Mar 03, 2008 7:00 pm
Location: Helensburgh

Tue Apr 13, 2010 6:41 am

Matt,

you will be surprised to learn that I believe there is no one answer to this question.

Two of the key factors are the maturity level of your provider's management capability and the maturity level of your own management system.

A third is the relationship between the provider and yourselves in terms of confidence, trust and the desire to continue the arrangement into the future.

As a general point, nothing goes into the SLA unless it suits you. The counterpoint is that you must not back the provider into a corner that they cannot fully cope with.

There is a lot of stuff in older threads on the details. I'm not going to look back for it (you might get value from doing so), and I may be about to repeat (or contradict :twisted: ) things I and others have said before.

Point one is that priority has nothing to do with how long it takes to fix something. some things require very little work and others a lot, irrespective of how important they are.

So don't agree timescales based on priority! They will not work well, being either too tight or too loose in many cases.

Point two is that if you set target times for each occurrence of an incident irrespective of its nature then: a) the provider has a hostage to fortune ..., and b) ... you will suffer as they pile on resource to avoid a breach of the SLA ahead of dealing with other incidents.

At SLA level, target times for incident resolution need to be applied as rolling averages over a meaningful period (a week, a month, a quarter - it depends on things like how many incidents there are and on how rapidly you need to spot and remedy long term problems in incident resolution).

The best way (because it recognizes reality) to establish these targets is against categories of incidents, if each category has a relatively homogeneous resolution process, such as incidents requiring a database recovery. But that is likely to be too complex to set up and manage.

Another approach is to have one figure covering all. In many organizations the difficult ones will even out with the rest fairly comfortably.

Another approach (and this could be added to either of those above) is to focus the SLA more on escalation criteria which can be based on elapsed time and on priority, and quantify the escalation action in terms of resources, level of management involvement and communications protocols.

In practice, incidents of high urgency and impact that are proving difficult to resolve are likely to involve close liaison with supplier and user management and this should make it transparent whether the provider is doing all they can in the circumstances (which, if you are satisfied with how they are set up, is about all you can reasonably ask in such special circumstances).

I suspect that if you maturely apply escalation and communication processes, your overall service of incident resolution will be better than under the more artificial demands of fairly arbitrary target resolution and perhaps you could evolve from direct targets to measured improvements in performance over time.

Unless you have a poor relationship with the provider, the application of penalties is unlikely to be automatic except where the degree of their failure is great. You are more likely to take into account some special circumstance and perhaps reduce the penalty in particular circumstances. I'm sure some will disagree with this, but the subject is far from an exact science and if you are convinced that they are doing their best and that better could not have been done for the price by anyone else, then it will all come out in the wash at the next contract renewal anyway.

Sorry to ramble on so. I think the sun is getting to me today :)

Now is your chance to elaborate your issue to show where I have misunderstood it :?
"Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Post Reply