Service Management Blog – BMC Software | Blogs https://s7280.pcdn.co Tue, 17 May 2022 07:49:20 +0000 en-US hourly 1 https://s7280.pcdn.co/wp-content/uploads/2016/04/bmc_favicon-300x300-36x36.png Service Management Blog – BMC Software | Blogs https://s7280.pcdn.co 32 32 BMC’s Applications Managed Service Helps Telcos Scale Business During Pandemic https://s7280.pcdn.co/bmc-applications-managed-service-helps-telcos-scale-business-during-pandemic/ Tue, 17 May 2022 07:49:20 +0000 https://www.bmc.com/blogs/?p=52009 The COVID-19 pandemic has forced nearly all organizations to make changes to sustain their business and continue to grow amidst rapidly shifting public health restrictions. For some companies, the situation created new business opportunities, while others redesigned their offerings or expanded their capacity faster than they ever thought possible. COVID-19’s Impact on Telco According to […]]]>

The COVID-19 pandemic has forced nearly all organizations to make changes to sustain their business and continue to grow amidst rapidly shifting public health restrictions. For some companies, the situation created new business opportunities, while others redesigned their offerings or expanded their capacity faster than they ever thought possible.

COVID-19’s Impact on Telco

According to a report published by PwC, pandemic related lockdowns and stay-at-home directives spurred enormous growth in global data consumption—30 percent between 2019 and 2020—a rate that is expected to continue growing. In the communications space, the rate was significantly higher, with some telecommunications companies (telcos) carrying up to 60 percent more data on their networks than they did before the pandemic.

A large global telco that BMC serves found itself struggling to address these new market demands  alongside existing competitive concerns like the emergence of 5G. The company needed to rapidly scale its services to handle the heavy surge in data consumption across its customer base, which spanned corporate, industrial, and residential.

To manage the changes, the company chose to quickly expand its radio access network (RAN) footprint and established joint ventures to gain mileage from existing partner RAN sites. Setting up new equipment and maintaining it was a complex, expensive endeavor that required enormous coordination, and both approaches created severe stress on the telco’s employees, systems, operations, and many other supporting functions.

Part of the Telco Strategy for Success

The telco has been leveraging BMC’s Applications Managed Service (AMS) since 2018 to administer, govern, and manage its BMC Helix ITSM applications and operations. Through the ongoing partnership, the AMS team developed a thorough understanding of the telco’s systems, functions, and processes. To help the telco meet the surge in data consumption, the AMS team curated a highly effective, three-step approach to scaling the telco’s bandwidth capacity in a very short time, identifying ways to simplify, automate, and build flexibility across the BMC Helix ITSM systems.

BMC Approach Image4.1

The Results

By partnering with AMS, the company successfully increased its bandwidth capacity and built robust, volume-agnostic IT processes, which gave it a competitive edge. Here are some of the actions taken by AMS that delivered compelling results:

  • Scaling: Doubled the number of RAN sites in six to eight months
  • Efficiency: Reduced turnaround time in the change process by 60 percent
  • Quality: Simplified and optimized processes to reduce the ticket reopen rate to zero
  • Cost Savings: Achieved through ticket reduction and automation
  • Adoption: Simplified forms and self-help options to improve adoption rate and end-user experience metrics

Like this large telco, many BMC customers rely on our Applications Managed Service to manage the day-to-day operations of BMC solutions as well as application administration and support for customizations and other integrations. Our value-added services include application testing, bulk data loading, service catalog building and deployment, managing upgrades, and more.

To speak with someone about how BMC’s Applications Managed Service can help your organization, please fill out our form.

]]>
Enterprise Service Management vs ITSM: What’s The Difference? https://www.bmc.com/blogs/itsm-vs-enterprise-service-management/ Thu, 31 Mar 2022 13:17:54 +0000 https://www.bmc.com/blogs/?p=51925 Service management is a set of processes used in designing, operating, and controlling the delivery of IT services. With a combination of tools, processes, and people, Service Management provides a framework for organizations to deliver IT services while enabling collaboration between internal cross-functional teams and the clients. As an important aspect of digital transformation, the […]]]>

Service management is a set of processes used in designing, operating, and controlling the delivery of IT services. With a combination of tools, processes, and people, Service Management provides a framework for organizations to deliver IT services while enabling collaboration between internal cross-functional teams and the clients.

As an important aspect of digital transformation, the key to successful service management is the continuous, streamlined approach to maintaining and delivering IT services. While there are several frameworks that organizations can leverage to improve their service management practices, it’s crucial to follow the best practices after diligently referring to an organization’s use case. With that in mind, the following points typically form the basis of creating an effective service management framework. An adopted framework should:

  • Account for the current state of your organization’s environment.
  • Consider emerging technologies and practices to ensure that your employees are getting the most out of your IT services.
  • Deliver the customers’ expectations.

In this article, we delve into two of the service management approaches and their major differences : IT Service Management (ITSM) and Enterprise Service Management (ESM).

What is IT Service Management ITSM?

IT Service Management (ITSM) is a strategic approach to deliver IT as a service. It comprises a set of workflows and tools for optimally creating, implementing, delivering, and managing IT services for customers focusing on customer needs. The goal of ITSM is to provide processes and tools to IT teams to help them manage end to end IT services while improving business performance, increasing productivity, and enhancing customer satisfaction.

Additionally, ITSM focuses on facilitating the core IT functions of an organization, helping the business achieve its goals while managing costs by utilizing the IT budget maximally.

ITSM benefits businesses in the following ways:

  • Supports agility and adaptability by helping to innovate faster to handle market changes
  • Better productivity and faster incident resolution
  • Preemptive anticipation and resolution of issues before they occur
  • Improved performance across the board as a result of increased IT availability

ITSM focuses on optimizing IT for the organization, and there are different frameworks of best practices, processes, and tools that come into play to achieve this.

ITSM Processes

Although technology plays an integral role in delivering IT services, some procedures must be followed to ensure efficient IT service delivery encompassed in ITSM processes. Some of these core ITSM processes include:

  • Change Management helps handle all IT infrastructure changes to provide transparency and prevent bottlenecks.
  • Incident Management is concerned with responding to and resolving service issues or incidents promptly and appropriately to reduce downtime or service interruption.
  • IT Asset Management involves accounting for, deploying, maintaining, upgrading, and disposing of an organization’s assets in a timely manner.
  • Knowledge Management creates, uses, manages, and shares the information assets of an organization to achieve business objectives.
  • Problem Management assists with locating and figuring out approaches to eliminate the underlying causes of incidents to avoid repeat occurrences.
  • Service Request Management is concerned with managing all IT service requests like access requests, software and hardware upgrades.

ITSM Frameworks

ITSM frameworks are best practices and formalized guidelines that provide a systematic approach to implementing ITSM for organizations. These help organizations set their ITSM strategy while monitoring how they implement the chosen strategy. However, a crucial thing to note is that these frameworks are not ‘rules’ to follow strictly and are open to interpretation.

There are different ITSM frameworks as below, and organizations can combine them to achieve varied IT service delivery needs:

  • ITIL®. ITIL is the most popular, globally recognized, and widely adopted framework for ITSM. It emphasizes a comprehensive approach to ITSM based on principles such as focusing on value, keeping it simple and practical, while allowing progressive iterations with feedback.
  • DevOps focuses on achieving faster service delivery by applying agile practices to foster collaboration between cross-functional teams.
  • ISO 20000. A global IT service management standard that helps organizations establish IT service management processes to align with their business needs and international practice.
  • Control Objectives for Information and Related Technologies (COBIT). COBIT is a framework developed by ISACA as a support tool for managers that helps them align IT goals with business goals by implementing better IT governance.
  • The Business Process Framework (eTOM). The eTOM framework is a collection of best practices, models, and standards for IT service delivery developed by the TeleManagement Forum.
  • Others frameworks include FitSM, SAFe, and IT4IT Reference Architecture.

ITSM Tools

There are a variety of tools that enable the delivery of IT services by supporting associated tasks and workflows involved like incident, change management, service requests, etc. However, before choosing a particular ITSM solution, there are a few points to keep in mind when analyzing the options.

  • The setup and activation process: A simplified setup and activation process with intuitive steps and knowledgeable support staff enhances the adoption process.
  • User-friendliness: The ITSM application should be intuitive, easy to use, and navigate to promote full adoption.
  • Should facilitate organization-wide collaboration.
  • Should be adaptable and flexible for your business needs as they evolve.

(View the Gartner® Magic Quadrant™ for ITSM Tools.)

What is Enterprise Service Management (ESM)?

First coined in 2002 by IBM as part of their strategy to address business-centric use-cases, ESM is a set of tools, processes and methodologies that aims to offer visibility into all aspects of service management and delivery across the entire enterprise.

ESM utilizes ITSM capabilities and processes in business areas of the organization, going beyond IT, to enhance operational efficiency and service delivery.  It essentially takes service management principles, structures, and technologies from the ITSM concept and applies them to various business verticals of the organization such as Human Resources (HR), Legal, Finance, Marketing, etc.

(Read our full explainer on ESM.)

Enterprise Service Management benefits

ESM vs ITSM similarities

As ESM acts as an extension of ITSM, both frameworks share fundamental similarities in how they operate. Though ESM inherits all benefits of ITSM, in particular, ESM offers the following benefits:

  • Cost-saving through efficient workflows
  • Increased customer satisfaction through continuous feedback and support
  • Building long term relationships with customers

ESM vs ITSM differences

At the same time, there are a few differences that can be summed up under the scope of application of IT to service management.

  • The key difference lies in the fact that ITSM primarily focuses on organizational processes related to IT services. These include core IT services such as system upgrades, access control, and application deployment. ESM, on the other hand, applies to a wide range of organizational processes going beyond IT such as human resources, employee onboarding processes, customer service or resource procurement.
  • ITSM focuses on the technical aspects of IT operations while ESM focuses on the business-oriented use cases.
  • ESM can address non-technical needs that ITSM might not cover. An example of this need could be the need for human resources to maintain a specified amount of data privacy. Another example is the need to ensure safety and compliance regulations such as HIPAA, GDPR, etc.

Summary

Service management is an integral part of an organization’s operations, either at the IT level or a company-wide level, that ensures optimum performance, efficient & effective delivery, and ultimately offers enhanced business value.

To have better planning and management, IT operations are typically broken down into multiple services. Service management ensures smooth delivery of these qualitative and standardized services that support organizational activities. Efficient and effective service management frameworks not only facilitates organizations to adapt better to changing customer requirements but also helps in developing long term relationships with the customers.

The ITSM approach addresses service management at the IT level while ESM extends the principles and processes of service management to various departments and business verticals of an organization. Though the goals of ESM and ITSM overlap to an extent, both adopt similar processes and tools to manage services of an organization.

Related reading

 

]]>
ITIL® Service Delivery https://www.bmc.com/blogs/itil-service-delivery/ Thu, 31 Mar 2022 00:00:11 +0000 http://www.bmc.com/blogs/?p=10038 Whether it is a government agency, a hospital, or a food chain, almost all entities exist to provide services to their clients. How they go about it varies, depending on their operational context, requirements of customers and stakeholders, availability of resources as well as culture. And in the digital age, technology-centric service delivery is becoming […]]]>

Whether it is a government agency, a hospital, or a food chain, almost all entities exist to provide services to their clients. How they go about it varies, depending on their operational context, requirements of customers and stakeholders, availability of resources as well as culture.

And in the digital age, technology-centric service delivery is becoming the preferred model by organizations of all types and sizes. According to UNCTAD, in 2020 digitally deliverable services increased to nearly 64% of total services export, a result driven mainly by the COVID-19 pandemic.

The ITIL® framework, that has been in existence for the last 30 years, remains a useful guidance that organizations can adopt in delivery of services of a technology nature. In this article, we will look at how the ITIL 4 framework can be leveraged in improving service delivery efforts that lead to valuable outcomes for themselves and their customers.

(This article is part of our ITIL 4 Guide. Use the right-hand menu to navigate.)

What is Service Delivery?

A subset of service management, service delivery is defined by the Cambridge Dictionary as the act of providing a service to customers. Service delivery is usually seen as the last leg once a service has been developed, gone live and is ready to be offered to any customer who requests for it.

Success in service delivery is usually measured from the customer’s perspective—whether they are satisfied with the service received and the provider’s efforts in delivering it:

  • Obviously, a poorly performing service (such as failed login, poor response, bad UI etc.) will not meet the grade.
  • And even if the service is good, if the provider is poor at delivery (delays, bad customer service, erroneous billing etc.), then the customer’s perception remains negative.

Successful service delivery requires an understanding of the competencies needed and the amount of each resource required. The ITIL 4 CDS publication informs us that the four dimensions of service management (organization & people, information & technology, partners & suppliers, value streams and processes) must be holistically considered, to identify the right resource needs in terms of amount as well as quality.

People involved in service delivery, particularly those facing the customer directly such as service desk, must be equipped with the right tools and knowledge to effectively cater to customer needs in line with agreed service targets. They must also be motivated and led in the right way, under a culture that values services and customers.

Technology resources must be deployed in a way that eases the provision of services to customers especially when it comes to onboarding which is the primary activity in service delivery.

  • Automation should be pursued where there are repetitive, manual tasks which can be optimized leading to faster delivery times and better quality.
  • Where third party vendors or partners are involved, contracts and agreements need to define the right approach to ensure customer satisfaction is paramount.
  • Value streams and processes should be regularly reviewed and optimized to ensure they do not hamper efforts to meet customer needs effectively.

The ITIL 4 Service Value Chain

In ITIL 4, we are introduced to the service value chain, the central element of the service value system.

The service value chain is an operating model which outlines a set of loosely coupled activities required to respond to demand and facilitate value realization through the creation and management of products and services. A specific combination of these activities plus associated practices results in a value stream which starts from demand and ends in value through the provision of products and services.

For example, a value stream involving access to a SharePoint folder might begin with Engage activity where the user requests the Service Desk for access (by email or raising a request on an ITSM tool), then the Service Desk Agent fulfils the request for access through the Deliver and Support activity.

ITIL 4 Service Value Chain

ITIL 4 Service Value Chain (Copyright Axelos)

In the Service Value Chain, the Deliver and Support activity is the main facet of service delivery. The purpose of the deliver and support value chain activity is to ensure that services are delivered and supported according to agreed specifications and stakeholders’ expectations.

The Deliver and Support activity will get inputs from other service value chain activities including:

  • New and changed products and services provided by Design and Transition
  • Service components provided by Obtain/Build
  • Improvement initiatives provided by Improve
  • Improvement status reports from Improve
  • User support tasks provided by Engage
  • Knowledge and information about new and changed service components and services from Design and Transition, and Obtain/Build
  • Knowledge and information about third-party service components from Engage

The key outputs of the Deliver and Support activity will include:

  • Services delivered to customers and users
  • Information on the completion of user support tasks for Engage
  • Product and service performance information for Engage and Improve
  • Improvement opportunities for Improve
  • Contract and agreement requirements for Engage
  • Change requests for Obtain/Build
  • Service performance information for Design and Transition

ITIL 4 Service Delivery Practices

The ITIL 4 guidance lists 34 management practices which are a set of organizational resources designed for performing work or accomplishing an objective. Practices support value chain activities at various points in the value stream and must be organized one way or another to ensure value creation since a practice is of no value as a stand-alone resource. While all practices have value, not all of them will be directly applicable in core service delivery activities.

When we consider the Deliver and Support activity within the Service Value Chain, certain practices are more instrumental in service delivery as demonstrated in the heatmap below from the ITIL 4 Foundation publication:

ITIL 4 Service Delivery Practices

Heat Map of Practice Contribution to Deliver and Support activity

The practices that contribute most to service delivery include:

  • Service Request Management. The practice of supporting the agreed quality of a service by handling all predefined, user-initiated service requests in an effective and user-friendly manner. Handling of requests is at the heart of service delivery.
  • Service Desk. The practice of capturing demand for incident resolution and service requests. It should also be the entry point and single point of contact for the service provider with all of its users. The service desk’s capturing of demand for requests is tied directly to service delivery.
  • Change Enablement. The practice of maximizing the number of successful service and product changes by ensuring that risks have been properly assessed, authorizing changes to proceed, and managing the change schedule. With regard to service delivery, standard changes are the type of change that would be most involved as some customer requests would be fulfilled as changes.

Related reading

]]>
Infrabel Delivers on the Promise of Sustainable Mobility with BMC Helix Discovery https://www.bmc.com/blogs/infrabel-delivers-sustainable-mobility-with-bmc/ Tue, 01 Mar 2022 15:17:47 +0000 https://www.bmc.com/blogs/?p=51798 Infrabel is a government-owned railway management company responsible for building, maintaining, expanding, and improving the Belgian railway network and its infrastructure, as well as directing and coordinating all operating trains and ensuring effective distribution of capacity. With over 3,602 kilometers of railway lines, the Belgian rail network is one of the densest railway systems in […]]]>

Infrabel is a government-owned railway management company responsible for building, maintaining, expanding, and improving the Belgian railway network and its infrastructure, as well as directing and coordinating all operating trains and ensuring effective distribution of capacity. With over 3,602 kilometers of railway lines, the Belgian rail network is one of the densest railway systems in the world.

Infrabel aims to meet society’s current and future mobility needs through a sustainable, safe, modern, and reliable rail network—and the company’s reputation, customer relationships, and success rely heavily on the performance of its IT infrastructure and applications.

As part of its Autonomous Digital Enterprise evolution, Infrabel needed a way to improve its service reliability, moving away from a solution that did not give infrastructure and operations teams adequate insight to the impact of changes in their environment. Asset discovery processes were mostly manual, inaccurate, and unrepeatable. As a result, 30 to 40 percent of the company’s assets weren’t encoded in its CMDB.

Infrabel turned to BMC and BMC partner Devoteam for a solution to better support its business operations and its customers, and were happy to learn about BMC Helix Discovery, a SaaS-based, cloud-native discovery and dependency modeling system that provides instant visibility into hardware, software, and service dependencies across multi-cloud, hybrid, and on-premises environments.

Completing its implementation in under a month, Infrabel’s 180 infrastructure and operations team members were quickly able to being using BMC Helix to solve migration challenges, facilitate release management, and monitor security as part of the life cycle management of the company’s applications and operating systems. In addition:

  • A comprehensive and automated solution for change, release, and lifecycle management, BMC Helix allows Infrabel to update the platform and its myriad applications, ensuring systems are up to date, migrated, and patched appropriately.
  • The company can easily and quickly respond to twice-annual government requests for investment and operating cost reports.
  • “Showback” models help Infrabel demonstrate service and application costs, helping forecast and audit processes.
  • CMDB accuracy has improved by nearly 48 percent thanks to the solution’s comprehensive mapping capabilities.
  • With efficiency gains from automated asset discovery, Infrabel has been able to move valuable skilled personnel to other transformation initiatives.

Says Frederik Dumarey, Infrabel’s IT infrastructure manager, “We are looking forward to our continuing partnership with BMC as we continue our journey to become an Autonomous Digital Enterprise. I strongly encourage anyone who is interested in embarking on the path to digital transformation to talk with BMC.”

To learn more about Infrabel’s digital transformation with BMC Helix Discovery, watch the video now.

]]>
Signal-to-Noise Ratio: Bridging the ITSM-ITOM Divide https://www.bmc.com/blogs/bridging-itsm-itom-divide/ Wed, 09 Feb 2022 08:07:46 +0000 https://www.bmc.com/blogs/?p=51664 Over the past couple of years, I’ve been working with a large financial services organization and its director of IT operations, who has a mandate to improve operational efficiency, reduce costs, and rationalize the organization’s tool stack. Of course, they still need to deliver a five-star user experience while doing more with less. While the […]]]>

Over the past couple of years, I’ve been working with a large financial services organization and its director of IT operations, who has a mandate to improve operational efficiency, reduce costs, and rationalize the organization’s tool stack. Of course, they still need to deliver a five-star user experience while doing more with less.

While the organization’s digital transformation projects were delivering better customer self-service, the interaction between new (public cloud) and old (mainframe) technology stacks was proving to be a challenge. DevOps was pushing the boundaries with small and frequent releases, but monitoring was showing blind spots in end-to-end user interactions and slow recovery from system failures was impacting customer confidence. Key business stakeholders were getting nervous because increased customer churn could have a direct impact on revenue.

The director was facing three key challenges in:

  • Observability at a business service level for prioritizing resources during critical situations.
  • Noise reduction and artificial intelligence and machine learning (AI/ML)-based root cause recommendations to automate and speed recovery from poor performance and outages.
  • Operating expenditures (OpEx) costs attributed to service and operations management tool sprawl.

The director talked about a recent outage where his staff was overwhelmed with 30,000 events that spanned user-initiated complaints to the global help desk and system-generated alarms from multiple monitoring tools. While AI/ML techniques were reducing alarm noise, it was still difficult to narrow down root cause, which slowed the resolution time. The organization had no way to correlate between the incidents or to change and monitor events. They had plenty of tools, but it was like having dozens of watches where none of them could give an accurate time.

To put the problem in mathematical terms, he was dealing with a signal-to-noise ratio problem. Mission-critical business services are supporting an omnichannel user experience (mobile, web, voice, API); systems of engagement are hosted on cloud architectures; and systems of record hosted in private data centers are running distributed and mainframe applications. When something goes wrong, like the 30,000-event problem, a lot of noise is created from the events triggered by complex user transactions.

Noise is increased by end users opening service desk tickets, changes from DevOps automation, alarms based on static service level agreements (SLAs), faults from network equipment, and even automatically generated anomalies based on abnormal system behavior. Deciphering the signal from the noise to find the root cause of a system outage is a complex mathematical problem that’s best addressed by a machine-based algorithmic approach instead of the traditional approach of putting business users and different IT departments on bridge calls. That just adds more noise to the blame game as disparate teams race to improve their mean time to innocence (MTTI).

For the purposes of this discussion, I am going to focus on the need for a more holistic end-to-end approach to automating noise reduction and root cause analysis. A machine-based algorithmic approach that applies trained AI/ML models can help bridge the divide between different teams and their disparate tools to increase the odds of quicker resolution and overall cost savings.

I will use the example of a mobile application where a user transaction that starts on a mobile device depends both on modern microservices running on a public cloud and monolithic applications hosted in private data centers. Slow response time on the mobile device can be difficult to triage because it can be attributed to code execution, infrastructure resource constraints, or network congestion anywhere on this long and complex execution path, as shown in Figure 1.

End-to-End Mobile Transaction Flow

Figure 1. End-to-End Mobile Transaction Flow

The two areas that we need to focus on to more quickly decipher the signal from the noise are IT service management (ITSM) and IT operations management (ITOM). Per our example above, a mobile application experiencing slow response times can potentially generate thousands of events. Figure 2 below shows how ITSM and ITOM systems exist in silos, with multiple tools that generate tickets, metrics, logs, and alarms, etc.

Event Noise from ITSM and ITOM

Figure 2. Event Noise from ITSM and ITOM

To address this, advanced analytics should be applied to ITSM and ITOM datasets to build situational awareness of impacted users and business services. ITSM systems deal with incident and change management and are a goldmine of historical and real-time data of user issues, change/work orders, and knowledge base articles. AI service management (AISM) applies AI/ML techniques like natural language processing (NLP), clustering, and classification to reduce incoming ticket noise, group major incidents/change events, recommend knowledge base articles, or automatically assign support groups.

Figure 3 illustrates how AISM can automatically group and create situational awareness, represented by the cluster of solid circles, diamonds, and squares. This automatic grouping of incidents and change events based on text, time, and relationships can help service desk agents focus their efforts on higher priority issues.

AISM Real-Time Incident Cluster

Figure 3. AISM Real-Time Incident Cluster

In our mobile application example, if the business service is impacted by slow response times, real-time incident correlation will help accelerate the triage process by eliminating the manual work that would have been done by multiple service desk agents. Figure 4 shows a real-time incident correlation dashboard where AISM automatically correlates and groups related incidents into a single view.

If the mobile application slowness is caused by a known issue, then this would trigger a runbook for quick remediation. However, in many cases this will require further investigation and correlation with the ITOM systems for further diagnosis. Speeding resolution requires an ITSM and ITOM integration strategy, which can be complex.

Our research shows only 23 percent of organizations have integrated the two disciplines. Without such integration, there are many hand-offs between teams and inefficient, error-prone manual processes that result in delays and customer dissatisfaction.

Real-Time Incident Correlation

Figure 4. Real-Time Incident Correlation

ITOM systems deal with observability and automation to improve operational efficiency across applications, infrastructure, and networks. A typical mobile application journey is monitored by many tools that collect performance metrics, alarms, anomalies, logs, and topology information. Additionally, modern DevOps practices have increased the volume and frequency of changes in this dynamic landscape. Triaging and diagnosing production issues is akin to trying to find a needle in a haystack when dealing with very large and diverse datasets.

AI for IT operations (AIOps) applies AI/ML to these datasets to reduce noise and find root cause more quickly. AIOps creates situational awareness by applying algorithms for noise reduction, anomaly detection, clustering, and graph theory to automatically assess impact and arrive at a root cause, represented by the cluster of crossed circles, diamonds, and squares shown in Figure 5. Automatic grouping of alarms, metrics, logs, and topology for an impacted business service accelerates root cause analysis and recovery from outages.

AIOps Probable Root Cause Clusters

Figure 5. AIOps Probable Root Cause Clusters

In our mobile banking application example, AIOps will accelerate the diagnosis process by identifying a probable root cause for the slow response time. Figure 6 below shows a service monitoring dashboard for an impacted business service where metrics, topology, events, and change are grouped together with an identified root cause. This saves support staff hours, if not days, of triaging and collecting evidence. A probability score for the determined root cause can also increase confidence and lead to automation for self-remediation in the future.

AIOps Service Monitoring Dashboard

Figure 6. AIOps Service Monitoring Dashboard

Recognizing the lack of an integration strategy between ITSM and ITOM systems, there’s still a need to correlate and bridge the gap between the insights discovered by AISM and AIOps to avoid error-prone hand offs and inefficient manual processes. Figure 7 illustrates how solid and crossed cluster groups can be automatically correlated using advanced analytics and common relationships. Automatic correlation between real-time incident clusters and probable root cause recommendations requires a service-centric approach that shares a common data model and datastore to correlate across shared resources.

AISM and AIOps Correlation

Figure 7. AISM and AIOps Correlation

In our mobile example, the system would automatically correlate the reported slow response time incidents and change requests with the probable root cause, as shown in Figure 8 below. This empowers the service desk agent with the context to intelligently engage the right support groups, initiate tasks, or automate runbooks for quick remediation.

Incident and Probable Root Cause Correlation

Figure 8. Incident and Probable Root Cause Correlation

The ability to improve service delivery with integrated ITSM and ITOM capabilities is what BMC refers to as ServiceOps. It brings technology and data together in one central platform (BMC Helix Platform) that spans organizational silos and has a common data store with open integrations to third-party tools, further strengthened by our recent StreamWeaver acquisition. The entire solution is designed to help your organization reduce the signal-to-noise ratio, improve response time, and provide a better customer experience.

]]>
Identify Problems for Incident Management Using AI/ML https://www.bmc.com/blogs/identify-problems-using-ai-ml/ Thu, 27 Jan 2022 13:23:08 +0000 https://www.bmc.com/blogs/?p=51563 Introduction The primary goal of the problem management process is to prevent recurring incidents. However, identifying critical problems from thousands of incidents is a tedious and error-prone activity. Let’s understand how artificial intelligence/machine learning (AI/ML) technologies can help us identify problems more easily. Let’s understand the problem identification process flow. Challenges faced by problem managers […]]]>

Introduction

The primary goal of the problem management process is to prevent recurring incidents. However, identifying critical problems from thousands of incidents is a tedious and error-prone activity. Let’s understand how artificial intelligence/machine learning (AI/ML) technologies can help us identify problems more easily.

Let’s understand the problem identification process flow.

problem-identification-process-flow

Challenges faced by problem managers

Incident information that describes the problem faced by the end user is textual data, and identifying patterns in that data using existing reporting or analytical tools such as Excel is time-consuming and  error-prone.

When identification of patterns is not complete (a highly likely outcome when humans are responsible for recognizing patterns in data), a lot of problems may go unnoticed.

How can AI/ML help solve this problem?

Because the incident data is textual in nature, we need a natural language processing (NLP) module to process it, which will remove stop words (common words/filler words), help identify the intent of the textual data, and convert it to numerical data.

With numerical data, clustering algorithms such as k-means clustering can be applied to group similar data points together.

Let’s see how this data processing pipeline looks.

Data-Processing-Pipeline

 

Let’s understand each step in further detail.

Tokenization

In this step, individual words in the sentence are separated. This also separates any punctuation and word separators such as dashes or semicolons.

Stop words removal

In this step, filler words or common words are removed. For example, company names or words like “prod” or “dev” may be appearing in incident text repeatedly, making pattern identification for problems more difficult.

Stemming

In this step, affixes to words are removed to get to the base form of the word. For example, words like “working” or “worked” will be reduced to “work.”

Lemmatization

This step is similar to stemming, but here the root word of the given word is found, whereas stemming just removes affixes. etc. For example, the root word for “is,” “are,” and “was” is “am.”

Vectorization

In its simplest term, vectorization is used to represent text data in numerical vectors. Word vectorization is an NLP method for mapping words or phrases to a corresponding vector of real numbers, which is used to find word predictions and word similarities.

K-means clustering

K- means clustering is an unsupervised learning algorithm where K represents a number of clusters. K-means performs the division of objects so that similar objects are grouped together as clusters.

Once a group of incidents’ summary/description is tokenized, preprocessed, and converted into its vectors, the K-means clustering algorithm groups similar vectors together, forming clusters of incidents that have similar text or intent.

For more information on K-means clustering, refer to https://developers.google.com/machine-learning/clustering/algorithm/run-algorithm

Problem identification

With AI/ML, we have greatly automated the analysis and identification of a problem. What took hours and days can now take minutes with AI-based clustering for finding patterns in the incident data to generate clusters. Once clusters of similar incidents (by intent) are created, the problem manager can easily perform further analysis (e.g., clusters with a high number of incidents or clusters with high effort or high time to resolve) to identify critical problems from incident information and prioritize the most high-value problems to investigate.

Problem-identification

Conclusion

AI/ML technologies can help IT problem managers to identify impactful problems quickly, reduce manual efforts, and isolate recurring problems that impact business and operational efficiency.

At BMC, with the vision to transform any business into an Autonomous Digital Enterprise (ADE), we maximize the use of AI/ML to make processes easier, enhance actionable insights, and increase organizational agility.

Our AIOps solutions apply machine learning and predictive capabilities across IT operations and DevOps environments for real-time, enterprise-wide observability, data-driven insights, and automated remediation.

]]>
What’s KCS®? Knowledge-Centered Service Explained https://www.bmc.com/blogs/what-is-knowledge-centered-support-kcs-explained/ Tue, 25 Jan 2022 01:20:01 +0000 http://www.bmc.com/blogs/?p=11017 “In order to get dramatically different results, we have to do something dramatically different.” While technical support used to be an internal, back-office department that customers never saw, today’s customers interact with technical support and service desk teams on a daily basis. Support teams within organizations may struggle to keep up with demand, but Knowledge-Centered […]]]>

“In order to get dramatically different results, we have to do something dramatically different.”

While technical support used to be an internal, back-office department that customers never saw, today’s customers interact with technical support and service desk teams on a daily basis. Support teams within organizations may struggle to keep up with demand, but Knowledge-Centered Service is changing that.

Knowledge-Centered Service (KCS®) emphasizes knowledge as a critical asset for delivering service and support—across the enterprise. In this article, we are exploring the KCS principles and methodology. We’ll take a look at these topics:

What is Knowledge-Centered Service?

Knowledge-Centered Service (KCS) is a best practice methodology that provides a detailed description of how service organizations can work more effectively with knowledge in order to:

  • Improve service delivery
  • Become more productive in the service organization
  • Decrease costs
  • Increase service levels to customers

The KCS methodology is developed and continues to be maintained by the Consortium for Service Innovation (CSI), a non-profit alliance of service organizations. Current CSI members include DELL Technologies, Hewlett-Packard Enterprise, Ericsson, Cisco, Oracle, BMC, and many more. BMC is proud to sponsor the Consortium and take part in the ongoing development of the KCS methodology.

KCS stood for “Knowledge-Centered Support” until the v6 release in April 2016 at which time the name was updated to “Knowledge-Centered Service”—because it goes beyond support.

(See how KCS can benefit your organization in this introductory webinar.)

History of KCS

In 1992, the Consortium for Service Innovation (CSI) formed as a non-profit alliance of support organizations. The membership-based organization focused primarily on designing tools with specific features and functionality that would assist organizations in capturing and reusing knowledge as a by-product of work performed.

Within a couple years, the members within the Consortium realized an inherent truth—no matter how good the tools, knowledge management success rests with people and their behaviors.

By the mid-1990s, the Consortium switched focus to defining enterprise best practices that focus on people instead of technology. In the 2000s, CSI started to promote and facilitate understanding and implementing the KCS approach to knowledge management.

Today, the methodology focuses on knowledge as a key asset of an organization.

Who practices KCS?

KCS has been effectively and successfully implemented in organizations large and small, including some multi-national groups including Apollo Group, Autodesk, Avaya, Dell, EMC, Ericsson, HP Enterprise, Oracle, and Salesforce.

Challenges that KCS solves

Like related frameworks such as ITIL®, which aims to improve all aspects of enterprise service delivery, KCS focuses particularly on knowledge management across the enterprise.

To understand KCS, let’s take the long view of service teams in digital workplaces.

In most organizations, regardless of size, service desks of all kinds—IT, HR, marketing, and more—are swamped with requests, ranging from small, tedious items that are easy to accomplish but take time, to larger problems that must be dealt with immediately. IT service teams are always balancing these requests, based on priority, individual knowledge of a problem, time required researching, and time reaching out to people beyond the service team.

The problems with these issues are clear:

  • Time spent solving repetitive issues
  • Time and resources spent researching complicated issues

Knowledge is a major solution to these bottlenecks. Accessing pre-existing knowledge helps drastically reduce the time spent solving problems, therein saving money and resources. This practice—knowledge management—helps mitigate the challenges of service teams that are under increasing pressure to respond to customers correctly, quickly, and flexibly.

When a service team solves an issue, often handled by only one person, it is very common for that knowledge solution to go by the wayside. With one problem solved, employees move to the next problem. In a knowledge-centered organization, that information would be captured for future use, in a knowledge base, in order to save time and resources when the same or similar issues arise again.

If no knowledge base has been built, there’s no place for that specific knowledge to become part of a collective, collaborative knowledge.

Knowledge alone is not enough

While knowledge is a clear solution to the chaotic reality for service and support teams, implementing knowledge management effectively still eludes many organizations. The challenges are two-fold: building a knowledge base, then using it successfully.

Building a knowledge base takes time, priority, and a joint approach with teams beyond the service desk. Unfortunately, knowledge management often isn’t prioritized or embraced by a large enough group of knowledge experts—it’s often seen as an extra task for an already overloaded team.

In cases where organizations have already implemented some type of knowledge center, there are still bottlenecks to successful implementation: too much bureaucracy in the way of reviews or approval cycles or a lack of priority or time in developing it. In some situations, content that has been created often isn’t relatable or contextual to the customer experience.

This is where KCS comes in. The theory maintains that speeding up service is very doable within a provided network for the service and support teams to access and maintain knowledge.

KCS principles

There are four principles of KCS that aim to create an environment optimized for knowledge sharing:

  • Abundance: Share more, learn more
  • Value creation: Work tasks; think big picture
  • Demand driven: Knowledge is a by-product of interaction
  • Trust: Engage, empower, motivate

KCS isn’t just theoretical though: its tenets provide both a method and techniques that help organizations respond to issues quicker, including shortening the time necessary to address complex issues, and provide consistent answers for customers that enable self-service support.

The goal of KCS is to integrate the use of a knowledge base into an organizational workflow in order to:

  • Create content as a by-product of solving issues
  • Evolve content based on usage and demand
  • Develop a knowledge base of the collective experience to-date
  • Recognize learning, collaboration, sharing, and improving

Benefits of Knowledge-Centered Service

“KCS® improves time to proficiency up to 70% and gives you 30% more satisfied employees.”

In order to get dramatically different results, we have to do something dramatically different. KCS represents a new way in thinking about work, people, process, and measures—and the benefits are profound. You can expect to see these outcomes:

Solve cases & incidents faster

Optimize use of resources

  • 70% improved time to proficiency of new support employees
  • 20-35% improved support employee retention
  • 20-40% improvement in support employee satisfaction

Enable self-service strategy

  • Improve customer success and use of self-help
  • Support center cost avoidance of up to 50%

Build organizational learning

  • Actionable information to product development about customer issues
  • 10% issue reduction due to root cause removal

Rely on up-to-date content

KCS also brings a cultural shift that embraces the “content is king” concept: teams can now rely on collaborative knowledge instead of individual, untracked learning experiences. Collective knowledge means the service team doesn’t have to be the only team solving issues, and it helps the organization onboard new agents a lot quicker and reliably while staying flexible and relevant to the customer.

How KCS works: The two loops of Knowledge-Centered Service

KCS provides a continuous improvement concept for managing, sharing, and improving knowledge, effectively becoming the way support and service teams provides support, both to internal and external users.

Relying on core concepts such as continual improvement, collective experience, and collective ownership, and seeking to understand before seeking to solve, KCS helps organizations create and review knowledge articles. The articles go through draft, approval, and publishing phases, which in combination with the KCS roles and licensing model, support increased confidence in both content and people.

The resulting cost-benefit savings includes fewer support calls and fewer cases logged. It helps users become more self-sufficient and more proficient If implemented properly, KCS does not add handle time to the task of resolving issues Instead, KCS becomes the way in which issues are resolved.

The Double Loop Process

Knowledge-Centered Service relies on two continuous loops, the Solve Loop and the Evolve Loop, together known as the Double Loop Process.

  1. The Solve Loop is the more immediate loop, a reactive process.
  2. The Evolve Loop is the reflective and continuous improvement process, working continuously in the background.

Let’s look at each component.

KCS Double Loop Process

The Solve Loop

The Solve Loop is the request-response workflow. Creating knowledge articles is a by-product of resolving issues. Articles can be used for many different types of content including a simple question, a complex problem, or a procedure. The knowledge articles must be:

  • Timely
  • Findable
  • Within the context of the audience being served

Articles are reviewed and improved over time based on demand and usage with the concept “reuse is review”. The access to the knowledge base increases the service organization’s speed, accuracy, and consistency in solving issues that have already been solved before.

There are four practices of the Solve Loop:

  • Practice 1: Capture knowledge. We focus on capturing knowledge during the interaction because it is very hard to re-create it later. The requestor’s context is in focus: how they experience the issue and the environment of the issue. If an article doesn’t already exist in the knowledge base, one is created.
  • Practice 2: Structure knowledge. Using a simple template—issue, environment, resolution and, if applicable, cause—makes knowledge articles consistent, findable, and reusable.
  • Practice 3: Reuse knowledge. To minimize rework, we want the knowledge base to be the first place people go to find resolutions and answers that can be reused. By linking a case to a knowledge article, linking an article to another article or an external resource, we make sure knowledge is reused and that relevant actions can be taken to eliminate errors and issues.
  • Practice 4: Improve knowledge. Reuse is review, just-in-time improvement is one of the biggest differences between KCS and traditional knowledge engineering. We only spend time on improving knowledge articles that are being used, and knowledge articles will reflect our collective experience on a daily basis.

The Evolve Loop

The Evolve Loop reflects on and learns from a collection of Solve Loop tasks and associated knowledge articles. It identifies areas for improvement in the Solve Loop and to the business, such as improvements to products, services, processes, and policies.

The Evolve Loop has four practices, focused on knowledge base health, workflow, value assessment and leadership’s role throughout the KCS journey.

  • Practice 5: Content health. This practice teaches us how to create a healthy knowledge base. It includes recommendations on templates and article structure, archiving strategies, content health measures and self-service success factors, and more.
  • Practice 6: Process integration. By integrating the solve loop practices into the problem-solving work and the daily work of the service and support teams, we can maximize the benefits of KCS. Aim for a seamless workflow where technology enable everyone to do the rights things right.
  • Practice 7: Performance assessment. The KCS roles and licensing model is an important element of performance assessment. Learning and motivation are built in to the model, where adherence to the KCS process is rewarded. To determine if we are creating value, a robust measurement model is a key part of this practice.
  • Practice 8: Leadership and communication. Many years of experience confirms that an organizational and cultural change require strong leadership and timely and relevant communication. The last practice focuses on leadership responsibility, motivation, and the importance of a vision.

KCS training & certification

With KCS training, you will learn the KCS Principles and Core Concepts, as well as the techniques and organizational requirements for successful KCS implementation and adoption.

KCS AcademyThe KCS Academy, a wholly owned subsidiary of the Consortium for Service Innovation, offers KCS training and certification for people and KCS Verified and Aligned designations for tools and services. The KCS Academy is the only authorized certifying body for KCS, through KCS certified trainers.

On top of training, the Consortium and the KCS Academy offer regular workshops, meetings, web sessions and forums for practitioners and vendors to nurture and develop the methodology.

BMC supports KCS & knowledge management

BMC provides you with the needed knowledge, skills, services, and solutions to achieve knowledge management and self-service success across the enterprise. Our experts can help you set up the processes and solutions based on your needs and our experience.

BMC is one of the members of the Consortium for Service Innovation, and provide official KCS Academy training and certification in Knowledge-Centered Service (KCS®) via our KCS Certified trainers.

You will get the skills needed to launch, improve, or refresh your knowledge management processes.

KCS v6 Fundamentals Overview

  • Summary: Official KCS Academy training with optional KCS v6 Fundamentals Certification Exam
  • Course length: 1 day
  • Style: Instructor-led training

This training is intended for individuals who are, or will be using, the KCS Practices in support and service centers to resolve issues for internal or external customers. This entry-level KCS training is a great way to ensure a common understanding of the methodology, and to help individuals demonstrate a basic understanding of the KCS concepts.

(Read more & register at BMC Education.)

KCS v6 Practices Workshop

  • Summary: Official KCS Academy training with optional w KCS v6 Practices Certification Exam
  • Course length: 3 days
  • Style: Instructor-led training

This training and optional certification exam is intended for individuals who require a thorough understanding of both the KCS methodology and its adoption. This includes people who manage or advise on the adoption and continuous improvement of the KCS practices. This course is also appropriate for product managers whose products align with or enable the KCS practices.

(Read more & register at BMC Training and Certification.)

Related resources

]]>
Telecom: Service Assurance in the Age of AI and Autonomous Networks https://www.bmc.com/blogs/telecom-service-assurance-for-ai-and-autonomous-networks/ Fri, 21 Jan 2022 11:39:08 +0000 https://www.bmc.com/blogs/?p=51514 As networks become more complex, elastic, and autonomous, communications service providers (CSPs) need to take new approaches to service assurance to maintain the high quality that customers demand. While artificial intelligence (AI) will play an important role in these efforts, the move to lights-out operations won’t happen overnight. To get there, CSPs must learn to […]]]>

As networks become more complex, elastic, and autonomous, communications service providers (CSPs) need to take new approaches to service assurance to maintain the high quality that customers demand. While artificial intelligence (AI) will play an important role in these efforts, the move to lights-out operations won’t happen overnight. To get there, CSPs must learn to balance automation with human activity to increase speed, minimize risk, and ensure the data quality required for making business-critical decisions.

In a recent podcast, FutureNet World Founder and CEO Giles Cummings interviewed BMC Software Technology Strategist Ian Russ on the key operational and technological changes that will enable CSPs to meet more aggressive service level agreements (SLAs) and customer expectations.

Topics explored in the far-reaching conversation include:

  • Shifting service assurance from a resource-centric model to a service-centric model guided by the impact on customers
  • Building trust and strengthening governance for AI-driven network orchestration

The conversation also covered the growing adoption of DevOps, DataOps, and site reliability engineering (SRE) concepts within service assurance. “If we look at taking some of the DevOps principles and applying them to DataOps, where instead of having multiple teams…getting, transforming, and consuming the data, [we] give the teams who consume the data the ability to manage how they retrieve, [transform, and process] it…you can get much higher levels of speed [and] much better quality of data,” Russ explains.

According to Russ, distributing information correctly while minimizing distraction, understanding the root cause of issues when they occur, and being proactive in their resolution are integral to a successful solution. “Being able to understand the scope of the issue in terms of how widespread the problem is…the impact on the services that have been delivered, and also being able to prompt for root cause [is necessary so] not only do we know who’s affected [and] why…but we also understand where the problem actually resulted or originated,” he says.

“Today, teams behave in reactive model where, when they find something broken, they…go and look for the data that supports that. I think we actually need to switch that on its head, [so] the systems that are involved in service assurance are pushing the right information to the right users at the right time.”

Listen to the full podcast to gain more insight into the evolution of modern autonomous networks and learn how CSPs are addressing the challenges of evolving to full network automation.

]]>
Risk Management: A Complete Introduction To Managing Enterprise Risk https://www.bmc.com/blogs/risk-management/ Tue, 18 Jan 2022 00:00:28 +0000 http://www.bmc.com/blogs/?p=11761 Global pandemics such as the scale of Covid-19 or the Spanish Flu have an annual occurrence probability that varies between 0.27% and 1.9%. And while organizations with robust enterprise risk functions had identified pandemics as one of their risks, the low probability meant that few had put in place measures to mitigate against the potential […]]]>

Global pandemics such as the scale of Covid-19 or the Spanish Flu have an annual occurrence probability that varies between 0.27% and 1.9%. And while organizations with robust enterprise risk functions had identified pandemics as one of their risks, the low probability meant that few had put in place measures to mitigate against the potential occurrence.

Safe to say, we have all been schooled at the moment.

From cyberattacks to air crashes, third party compromise to regulatory changes, employee unrest to economic downturn, the business environment is rife with uncertainties. Having an approach to anticipate and limit the impact should such materialize is critical for any enterprise that wants to remain.

As an organization defines its strategic goals and objectives, a realistic look at threats to success can go a long way in enabling the enterprise to remain on track. Investing in a risk management approach is the mark of mature companies who are well aware that the path to their vision is not always straightforward.

Let’s look at some of the key aspects define risk management.

What is risk?

The ISO 31000 standard for risk management guidelines defines a risk as:

The effect of uncertainty on objectives.

The outcome of the uncertainty can swing in either a positive or negative manner. If the risk is negative, then the uncertain outcome results in harm or loss for instance lost customers, regulatory penalties being imposed or reduced business revenue. On the other hand, if the risk is positive, the uncertain outcome can result in benefits if exploited e.g., regulation changes can be favorable in terms of new business opportunities.

Elements of risk

To fully express a risk, one has to consider the following elements:

  • Risk source. An element which, alone or in combination, has the potential to give rise to risk. Examples here include weather conditions, government agencies, disgruntled employees, etc.
  • Risk event. The potential occurrence or change of a particular set of circumstances. For example: a cyberattack, flooding of a data center, mass resignation, adverse regulation, etc.
  • Risk consequence. The outcome of an event affecting objectives. For instance lost revenue, penalties from a regulator, disrupted operations, corrupted data, etc.
  • Risk likelihood. The chance of something happening—for instance, low or high probability which can be objectively or subjectively computed.

Responding to risk

In order to effectively respond to risks, an approach is required. That’s where risk management comes into play.

Defining risk management

ISO 31000 defines risk management as

Coordinated activities to direct and control an organization with regard to risk.

ITIL® 4 outlines the purpose of the risk management practice is to ensure that the organization understands and effectively handles risk to guarantee ongoing sustainability and value co-creation.

Principles for effective risk management, as outlined in ISO 31000 include, ensuring that your risk management practice:

  1. Creates and protects value.
  2. Is made an integral part of all organizational processes.
  3. Is made part of decision making.
  4. Explicitly addresses uncertainty.
  5. Is systematic, structured, and timely.
  6. Is based on the best available information.
  7. Is tailored.
  8. Takes human and cultural factors into account.
  9. Is transparent and inclusive.
  10. Is dynamic, iterative, and responsive to change.
  11. Facilitates continual improvement of the organization.

(Learn more about risk management in ITIL 4 & ITIL v3 environments.)

Risk management steps

Let’s look at a couple well-known frameworks.

Management of Risk framework

At a high level, the risk management process can be broken down into five iterative steps as outlined by Axelos’ Management of Risk (M_o_R) framework:

M o R Risk Management Process

M_o_R Risk Management Process

1. Identify

The organization identifies its strategic and operational context, and then identifies the risks based on that context. The context leads to a determination of the organization’s capacity and tolerance to risks should they materialize. Risks identified are documented in a risk log or register.

2. Assess

The risks identified are then assessed to determine the likelihood and consequence. This then leads to an evaluation of the assessment to rank the risks from a priority perspective, where risks with higher consequence and likelihood are prioritized higher. A risk heat map is a tool that can be used to visualize risk prioritization.

3. Plan

Planning involves identifying and evaluating the appropriate risk response to remove or reduce threats, and to maximize opportunities. Responses can be categorized as follows:

  • Avoid: Making the uncertainty void by not proceeding with the plan of action where the risk would materialize. For example, not hosting your data on the cloud due to risk of transfer of personal data outside local jurisdiction.
  • Reduce: Identify actions to reduce the probability and/or consequence should the risk materialize by putting in place mitigation controls. For example, putting policies to prevent senior officials from travelling on same flight or vehicle.
  • Transfer: Identify a third-party who is willing to take up the risk on behalf of the organization. This option is usually tagged to insurance covers.
  • Share: Identify a third-party who is willing to take up part of the risk with the organization. This option is usually applied to customers, partners or suppliers.
  • Accept: Live with the uncertainty and take no action to forestall it.

4. Implement

Here the planned risk responses will be actioned, their effectiveness monitored and corrective action taken where responses do not match expectations.

5. Communicate

This is a standalone step that occurs concurrent to the previous four. Risk information and treatment status is reported to key stakeholders based on agreed channels. This step is also very relevant whenever an identified risk materializes.

NIST risk management framework

The NIST risk management framework (RMF) provides a comprehensive, flexible, risk-based process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle through 7 steps outlined below:

NIST RMF Steps

NIST RMF Steps

  1. Prepare. Carry out essential activities to help prepare all levels of the organization to manage its security and privacy risks.
  2. Categorize. Determine the adverse impact with respect to the loss of confidentiality, integrity, and availability of systems and the information processed, stored, and transmitted by those systems.
  3. Select. Select, tailor, and document the controls necessary to protect the system and organization commensurate with risk.
  4. Implement. Implement the controls in the security and privacy plans for the system and organization.
  5. Assess. Determine if the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization.
  6. Authorize. Provide accountability by requiring a senior official to determine if the security and privacy risk based on the operation of a system or the use of common controls, is acceptable.
  7. Monitor. Maintain ongoing situational awareness about the security and privacy posture of the system and organization to support risk management decisions.

Risk Management Roles

Now that we understand the purpose and steps in any risk management practices, let’s look at the people involved. Key roles required for effective risk management in an organization include:

  • Risk Committee. This is a subset of the organization’s board whose mandate is the oversight and approval of the enterprise risk management framework. This includes defining risk tolerance and appetite, providing resources for risk mitigation, setting governance policies, and evaluating performance of the implemented risk mitigation.
  • Risk Manager. This role is responsible for coordinating the implementation of the enterprise risk management framework including guiding the rest of the organization in identifying, assessing, mitigating, and monitoring risks. The role will provide reports on the status of the risk management framework and can be elevated to Chief Risk Officer or Head of Risk depending on the size of the organization.
  • Risk Officer. This role reports to the risk manager and carries out the basic risk management activities and maintains documentation on the same.
  • Risk Owner. This role is responsible for the management, monitoring, and control of all aspects of a particular risk assigned to them, including the implementation of the selected responses to address the threats or to maximize the opportunities.
  • Risk Actionee. This role is responsible for implementation of selected risk responses. It can be carried out by the Risk Owner or be outsourced to a third party.

Success factors in risk management

Success in risk management is a chance in itself—that’s because you can never plan perfectly (unless you can see the future). However, having a robust yet flexible framework can be the difference between successfully navigating through a challenging risk or seeing your enterprise going under.

Key elements required in successful risk management according to the ITIL 4 practice guide include:

  • Establishing governance of risk management
  • Nurturing a risk management culture and identifying risks
  • Analyzing and evaluating risks
  • Treating, monitoring, and reviewing risks

Related reading

]]>
Automating Enterprise Services Seamlessly https://www.bmc.com/blogs/automating-enterprise-services-seamlessly/ Fri, 14 Jan 2022 09:42:03 +0000 https://www.bmc.com/blogs/?p=51490 Automation is a buzzword nowadays, especially in enterprises. In this era of convenience, automation is almost regarded as a necessity because it saves time, energy, and money, and reduces errors, especially human error. It’s already playing an important role in across the business, including in the areas of software development, delivery, and support, and in […]]]>

Automation is a buzzword nowadays, especially in enterprises. In this era of convenience, automation is almost regarded as a necessity because it saves time, energy, and money, and reduces errors, especially human error.

It’s already playing an important role in across the business, including in the areas of software development, delivery, and support, and in enterprise service management. That latter use case begs a few questions, such as:

  • What is the need?
  • What are the different challenges?
  • How can we do it effectively?

In this article, we are going to talk about all of this, in brief.

The need

Digitization has increased the complexity of IT processes across all industries, accelerating the need to orchestrate the management of the enterprise services that support them. Those services now involve integrating new software and upgrading and maintaining the existing infrastructure. To keep up, organizations can expend valuable time, energy, and resources, or they can simply automate it.

So, let us take a simple example of a process of getting salary slip, in both ways manually and automated.

Manually, you would go to your company website or third-party website, login, follow the prompts, and request a download, etc. This requires your awareness of the process of getting salary slip and you need to follow that path on that website. So indirectly you are bound to that website and their steps to perform a simple operation like downloading a salary slip. Now, if the website changes, for any reason, you must learn the steps all over again till you become aware again. This cost some time and money for sure. Also, on top of it every individual has a different experience and feeling about the same process.

Instead, if we automate this process, you could simply go to your company website and request the slip through an automated, self-service interface and have it delivered to your email’s inbox. Any backend changes would be invisible to you as the end user because the customer-facing, automated interaction remains unchanged. That’s awesome, isn’t it?

By automating the task, you can get what you need quickly and easily—and with fewer clicks—and instead focus on more important aspects of your job.

Imagine automating every mundane, repetitive task that you encounter throughout the day, and how much time it could save so you could focus on more productive tasks. That also holds true at the business level—automation can tackle the mundane tasks so workers can dedicate their efforts to tasks that require a higher level of critical thinking and advance the overall business strategy.

The obstacle

If automation makes life easier, why isn’t everyone doing it? Because the “how” is not as easy as it might seem. Some of the challenges can include:

  • An enterprise service management system that does not have a codeless way to integrate with other software without writing code.
  • An enterprise service management system that has codeless ways, but a limited ability to integrate with third-party software.
  • An organization that has the latest automation software like robotic process automation (RPA), however, the enterprise service management system does not have a direct, codeless, or workflow way of connecting to it.

As organizations have evolved, they have purchased multiple software solutions to satisfy their needs, which has created technology and integration challenges. Sometimes those challenges are so complex that it might seem better to manage the processes manually rather than rely on automation. This leads to running the business as usual, and the organization misses out on the benefits of automation.

Automation to the rescue

So, the question then becomes, how can you maximize your investment in your current infrastructure and prepare for new technology as it emerges? We think the first goal is to consider the benefits of automation. The second is to understand which software can satisfy your needs now and, in the future, and integrate easily and smoothly with the multiple software solutions you already have, ideally in a codeless way through configuration and not by writing code.

At BMC, we’re helping companies embrace automation as they evolve toward becoming an Autonomous Digital Enterprise with solutions that leverage emerging technologies like AI and ML to enable data-driven business decisions, enhance quality, reduce unnecessary manual labor, empower employees, and optimize IT resources.

Learn more at bmc.com/ade.

]]>