Visitors to the Fox IT Stand E03 at the ITSMF conference can register for a special introductory offer of 1000 free points against future project

Woking — Achieving all the benefits of ITIL just got easier with the launch today of Fox IT’s new “Points of Service” framework. This new and innovative approach to planning, managing, validating and accelerating Continual Service Improvement Programs (CSIP) will enable organisations to dramatically reduce the risks, time and costs associated with implementing ITIL and achieving ISO/IEC20000 Certification. Available immediately, “Points Of Service” provides a scalable and flexible approach to meeting complete ITIL and ITSM requirements regardless of organisation size or industry sector.

Visitors to the Fox IT Stand E03 at the ITSMF conference can learn more about how “Points of Service” can extend their purchasing power by up to 20% and also register for a special introductory offer of 1000 free points to be used against future projects.

This is the first announcement of significance since FoxIT became part of 365 iT PLC – #15 in the Tech Track 100. As the company with the greatest heritage in IT Service Management, Fox IT has recognised that the success of many organisations’ ITIL implementations is restricted by the packaging and procurement terms of Suppliers’ tools and services. This leads to:

• Service Improvement Programmes failing to consider in advance all the people, process and technology implications – adding unnecessary cost and time delays
• Return on training investment not being realised due to confusion on where and how to start
• Support being procured from multiple suppliers – building in extra cost, complexity and time of managing the implementation
• Implementations taking longer or being delayed due to unavailable resources and budgets
• Improvements not sustained due to skills not being transferred effectively from suppliers to in house teams.

To remove these barriers and realise the business benefits of ITSM and ITIL, Fox IT has created an innovative points system that puts the customer in control of what, when and how to acquire the required services to support Continual Service Improvement Programmes.

It embraces the full lifecycle of business justification, awareness, baseline assessments, planning, education, implementation mentoring and interim resources. It also provides access to a range of implementation accelerator tools, including foxPRISM the Fox IT web-enabled process design and documentation tool.

This enables organisations to call off the perfect blend of services as and when required to supplement and complement the skills of their own in-house team and be responsive to the changing the needs of the core business.

Once an organisation has purchased a set number of points, it can draw down services on an as needed basis without having to procure the individual services and tools required. Should service requirements change due to skills and resource availability, new business needs and new technology, so the call down of services can be modified to enable complete responsiveness to these changes without incurring delays or additional costs.

Significant cost savings

Furthermore, organisations can access up to 20% extra free bonus points by committing to higher values of points. This dramatically reduces the cost and complexity of procuring ITSM and ITIL services resulting in greater purchasing power and value from your budget

Paul Speers, MD at FoxIT, said: “Philip Green recently highlighted how an ineffective procurement approach is costing the country billions. While not on the same scale, we believe ITIL and ITSM implementations are costing more than they need because suppliers make it harder than they should for customers to buy and use ITSM and ITIL services. We’ve swept away all those inhibitions and restrictions to deliver a breakthrough service experience that enables organisations to accelerate a tangible business return from their IT Investments”

For more information please contact Fox IT sales on +44 (0) 1483 221200 or sales@foxit.net

About Fox IT Limited

Fox IT (www.foxit.net) with headquarters in Woking, UK and Accredited Partners in over 15 countries is the leading specialist supplier of IT Service Management consulting and training services, with a loyal Client base of over 500 organisation and a delivery team of over 100 Service Management professionals. As the longest training supplier of ITIL based courses, Fox IT has trained over 100000 delegates in over 50 different countries and 15 languages, with pass rates consistently above the global averages. Reinforced through best of breed assessment and implementation services, based on proven and practical experience, Fox IT is able to translate education into successful Continual Service Improvement Programmes, enabling IT to deliver benefits to the core business faster and cheaper. A recognised leader in the International Service Management community, Fox IT has been involved with the advancement and practical application of Service Management best practice since 1981 and has been instrumental in the development of ITIL® and ISO/IEC20000 since their inception.

YET ANOTHER reason to enforce strong passwords in the corporate world.

It amazes me how many companies let employees use weak passwords, or passwords with no expiry.

Below is an excerpt from a prior article at CRMbuyer.com.

Convio, a provider of CRM applications for nonprofit organizations, has announced that e-mail addresses and passwords have been stolen from its clients’ databases. The American Red Cross is among the companies affected by the breach. No bank account information or Social Security numbers, however, appear to have been leaked.

Tad Druart, a spokesperson for Austin, Texas-based Convio, said the company has notified federal authorities of a data breach between Oct. 23 and Nov. 1.

The hacker used an employee’s password to get at the data

No Social Security numbers or bank account information was stolen, Druart said. He said the company immediately notified the 92 companies affected, though he would not name them, and it wasn’t known how much information was compromised.

Red Cross spokesperson Stephanie Millian confirmed that roughly 278,000 e-mail addresses and a smaller number of passwords were taken from a Red Cross blood drive Web site that ran on Convio’s software. She said the Red Cross notified affected users Nov. 14.

What kind of policy settings or password complexity are we looking for?

A Policy Setting should have the following:

• Enforce password history: 3 passwords remembered
• Maximum password age: 90 days
• Minimum password age: 0 days
• Minimum password length: 8 characters
• Password must meet complexity requirements.

The password complexity requirements are:

• Not contain all or part of the user’s account name
• Be at least six characters in length
• Contain characters from three of the following four categories:
  • English uppercase characters (A through Z)
  • English lowercase characters (a through z)
  • Base 10 digits (0 through 9)
  • Non-alphabetic characters (for example, !, $, #, %)

I’m not claiming the above incident was a result of a weak password, but it’s always a good reminder to set strong passwords and change them regularly between 90 – 120 days.

Part 1 of this article was yesterday.

Regulatory and Compliance Risk

All organizations are subject to a range of information-related national and international legislation and regulatory requirements. These range from broad corporate governance guidelines to the detailed requirements of specific regulations. UK organizations are subject to some, or all, of:

* Combined Code and Turnbull Guidance (UK)

* Basel2

* EU data protection, privacy regimes

* Sectoral regulation: FSA (1) , MiFID (2) , AML (3)

* Human Rights Act, Regulatation of Investigatory Powers Act

* Computer misuse regulation

Those organizations with US operations may also be subject to US regulations such as Sarbanes Oxley and SEC regulations, as well as sectoral regulation such as GLBA (4), HIPAA (5) and USA PATRIOT Act. Most organizations are possibly also subject to US state laws that appear to have wider applicability, including SB 1386 (California Information Practice Act) and OPPA (6) . Compliance depends as much on information security as on IT processes and services.

Many of these regulations have emerged only recently and most have not yet been adequately tested in the courts. There has been no co-ordinated national or international effort to ensure that many of these regulations – particularly those around personal privacy and data protection – are effectively co-ordinated. As a result, there are overlaps and conflicts between many of these regulations and, while this is of little importance to organizations trading exclusively within one jurisdiction, the reality is that many enterprises today are trading on an international basis, particularly if they have a website or are connected to the Internet.

Management Systems

A management system is a formal, organized approach used by an organization to manage one or more components of their business, including quality, the environment and occupational health and safety, information security and IT service management. Most organizations – particularly younger, less mature ones, have some form of management system in place, even if they’re not aware of it. More developed organizations use formal management systems which they have certified by a third party for conformance to a management system standard. Organizations that use formal management systems today include corporations, medium- and small-sized businesses, government agencies, and non-governmental organizations (NGOs).

Standards and Certifications

Formal standards provide a specification against which aspects of an organization’s management sytsem can be independently audited by an accredited certification body and, if the management system is found to conform to the specification, the organization can be issued with a formal certificate confirming this. Organizations that are certificated to ISO 9000 will already be familiar with the certification process.

Integrated Management Systems

Organizations can choose to certify their management systems to more than one standard. This enables them to integrate the processes that are common – management review, corrective and preventative action, control of documents and records, and internal quality audits – to each of the standards in which they are interested. There is already an alignment of clauses in ISO 9000, ISO 14001 (the environmental management system standard) and OHSAS 18001 (the health and safety management standard) that supports this integration, and which enables organizations to benefit from lower cost initial audits, fewer surveillance visits and which, most importantly, allows organizations to ‘join up’ their management systems.

The emergence of these international standards now enables organizations to develop an integrated IT management system that is capable of multiple certification and of external, third party audit, while drawing simultaneously on the deeper best-practice contained in ITIL®. This is a huge step forward for the ITIL world.

Sources:

(1) Financial Services Authority
(2) Markets in Financial Instruments Directive
(3) Anti-money laundering regulations
(4) Gramm-Leach-Bliley Act
(5) Health Insurance Portability and Accountability Act
(6) Online Personal Privacy Act

About the Author

Alan Calder is an international authority on IT Governance and information security management. He led the world’s first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and wrote the definitive compliance guide for this standard, IT Governance: A Manager’s Guide to Data Security and BS7799/ISO17799. The 3rd edition of this book is the basis for the UK Open University’s postgraduate course on Information Security. He has just written, for BSI, a management guide on integrating ISO 27001 and ISO 20000 Management Systems, drawing heavily on ITIL best practice. He is a consultant to companies around the world, including Cisco.

Part 2 of this article is here.

As information technology increasingly falls within the scope of corporate governance, so management must increasingly focus on the management of risk to the achievement of its business objectives.

There are two fundamental components of effective management of risk in information and information technology: the first relates to an organization’s strategic deployment of information technology in order to achieve its corporate goals, the second relates to risks to those assets themselves. IT systems usually represent significant investments of financial and executive resources. The way in which they are planned, managed and measured should therefore be a key management accountability, as should the way in which risks associated with information assets themselves are managed.

Clearly, well managed information technology is a business enabler. Every deployment of information technology brings with it immediate risks to the organization and, therefore, every director or executive who deploys, or manager who makes any use of, information technology needs to understand these risks and the steps that should be taken to counter them.

ITIL® has long provided an extensive collection of best practice IT management processes and guidance. In spite of an extensive range of practitioner-orientated certified qualifications, it is not possible for any organization to prove – to its management, let alone an external third party – that it has taken the risk-reduction step of implementing best practice.

More than that, ITIL is particularly weak where information security management is concerned – the ITIL book on information security really does no more than refer to a now very out-of-date version of ISO 17799, the information security code of practice.

The emergence of the international IT Service Management ISO 27001 and Information Security Management (ISO20000) standards changes all this. They make it possible for organizations that have successfully implemented an ITIL environment to be externally certificated as having information security and IT service management processes that meet an international standard; organizations that demonstrate – to customers and potential customers – the quality and security of their IT services and information security processes achieve significant competitive advantages.

Information Security Risk

The value of an independent information security standard may be more immediately obvious to the ITIL practitioner than an IT service management one. The proliferation of increasingly complex, sophisticated and global threats to information security, in combination with the compliance requirements of a flood of computer- and privacy-related regulation around the world, is driving organizations to take a more strategic view of information security. It has become clear that hardware-, software- or vendor-driven solutions to individual information security challenges are, on their own, dangerously inadequate. ISO/IEC 27001 (what was BS7799) helps organizations make the step to sytematically managing and controlling risk to their information assets.

IT Process Risk

IT must be managed systematically to support the organization in achieving its business objectives, or it will disrupt business processes and undermine business activity. IT management, of course, has its own processes – and many of these processes are common across organizations of all sizes and in many sectors. Processes deployed to manage the IT organization itself need both to be effective and to ensure that the IT organization delivers against business needs. IT service management is a concept that embraces the notion that the IT organization (known, in ISO/IEC 20000 as in ITIL, as the “service provider”) exists to deliver services to business users, in line with business needs, and to ensure the most cost-effective use of IT assets within that overall context. ITIL, the IT Infrastructure Library, emerged as a collection of best practices that could be used in various organizations. ISO/IEC 20000, the IT service management standard, provides a best-practice specification that sits on top of the ITIL.

About the Author

Alan Calder is an international authority on IT Governance and information security management. He led the world’s first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and wrote the definitive compliance guide for this standard, IT Governance: A Manager’s Guide to Data Security and BS7799/ISO17799. The 3rd edition of this book is the basis for the UK Open University’s postgraduate course on Information Security. He has just written, for BSI, a management guide on integrating ISO 27001 and ISO 20000 Management Systems, drawing heavily on ITIL best practice. He is a consultant to companies around the world, including Cisco.

‘ITIL’ is a term that is fast gaining currency around the IT world. It is often wrongly described as ‘IT governance’ – in fact, on its own, it certainly isn’t this. ITIL is a collection of best practices that helps companies implement an IT Service Management culture. However, its growing popularity reflects the substantial impact it can make on a company’s IT and business performance and the fact that, in combination with other frameworks, it is a vital ingredient in creating true IT governance.

What is IT Service Management?
Today’s businesses are increasingly delivered or enabled using information technology. Business and IT management need guidance and support on how to manage the IT infrastructure in order to cost-effectively improve functionality and quality. IT Service Management is a concept that deals with how to define and deliver that guidance and support. In common with other modern management practice, it views things from the customer’s perspective, i.e. IT is a service that the customer or consumer receives. It can be made up of hardware, software and communications facilities, but the customer perceives it as a self-contained, coherent entity.

So what is ITIL?
Standing for ‘IT Infrastructure Library’, ITIL is a set of best practices that are at the heart of the IT Service Management approach. It provides guidance on how to manage IT infrastructure so as to streamline IT services in line with business expectations. ITIL is a best practice framework, presenting the consolidated experience of organisations worldwide on how best to manage IT services to meet business expectations.

ITIL was originally developed during the 1980s by the UK’s Central Computer and Technology Agency (CCTA), a government body, which created ITIL version 1 as an approach to incorporating various vendor technologies and serving organisations with differing technical and business needs. CCTA has now become part of the Office of Government Commerce (OGC), which, as official publisher of the ITIL library, updated it, published version 2 and continues to develop and support it.

ITIL has since become widely adopted across the world in both public and private sectors and is recognised as best practice, being deployed in organisations of all shapes and sizes.

What makes up the ITIL Library?
ITIL documentation consists of seven ‘sets’ or ‘volumes’: Service Support, Service Delivery, ICT Infrastructure Management, Security Management, Planning to Implement Service Management, The Business Perspective and Applications Management.

Of these, Service Support, Service Delivery and Security Management are considered the central components of the ITIL framework, covering vital issues such as Incident Management, Configuration Management, Change Management, IT Service Continuity Management, Availability Management and IT Security Management.

Learning about ITIL
The seven ITIL volumes are published by The Stationery Office, the official publisher of the UK government. In addition, to gain an overview and a sense of how to navigate these, it is helpful to consult one of several recommended introductory texts. ‘Foundations of IT Service Management Based on ITIL – An Introduction’ is widely accepted as the best starting point and self-study guide. ‘Implementing Service and Support Management Processes – A Practical Guide’ is a thorough and comprehensive handbook on the subject, while the ‘itSMF Pocket Guides’ provide a good overview of each of the ITIL components.

Getting certified
Part of the reason for the recent growth in ITIL awareness is the publication in December 2005 of a new global standard to which businesses can become certified. ISO 20000 (or ISO/IEC 20000:2005, to give it its correct name) is closely based upon the pre-existing British standard BS15000 – in fact, it is virtually indistinguishable. The standard comprises two parts: ISO/IEC 20000-1 is the specification for IT Service Management against which an organisation’s practices can be certified; ISO/IEC 20000-2 is the ‘code of practice’ that describes best practices and the requirements of Part 1.

BS15000 has become widely used around the world since it was published in 2003 and was adopted virtually unchanged as the national standard in Australia and South Africa. A number of companies across the USA, Europe and Asia have already become certified as BS 15000 compliant. We also recommend several excellent books that provide guidance on achieving BS15000/ISO 20000 compliance.

Upon the publication of ISO 20000, BS15000 was withdrawn and individual standards and certification bodies are drawing up their own formal transition programmes for conversion to the new standard. Companies already holding BS15000 should encounter no difficulty in converting their certification to the new standard, as this should be one of the considerations addressed by the individual certifying bodies.

Practitioners can also pursue a structured programme of ITIL examination and certification, comprising the ITIL Foundation Certificate, ITIL Practitioners Certificate and ITIL Managers Certificate. Examinations and certification in Europe are managed through two independent bodies: EXIN, the European Examination Institute for Information Science; and ISEB, the Information Systems Examination Board. Between them, these two organisations control the entire certification scheme. In the United States, HDI is a principal organiser of examination and certification, and it and similar organisations provide coverage elsewhere around the world. These organisations ensure that personal certification is fair, honest and independent of the organisations that provide the training, and accredit training suppliers to bring about a consistent quality of course delivery.

ITIL and IT Governance
When combined with certain other frameworks, ITIL makes a major contribution to the creation of effective IT governance. ITIL processes can be mapped to CobiT (Control Objectives for Information and Related Technology) processes, and the two frameworks complement each other nicely: if the CobiT control framework tells the organisation ‘what’ to do in the delivery and support areas, ITIL best practices help the organisation define ‘how’ to deliver these requirements. Similarly, ITIL works very effectively with ISO 17799, the international code of best practice for information security, providing guidance on how to manage the various processes that ISO 17799 prescribes.

By drawing upon these three complementary frameworks as appropriate to its needs, an organisation can establish an IT governance regime that delivers real and lasting competitive advantage to its business.

Alan Calder is CEO of IT Governance Limited, an authorised international distributor of ITIL books (published by TSO on behalf of the Office of Government Commerce) and of British and international standards published by BSI. The seven ITIL volumes are available at http://www.itgovernance.co.uk/catalog/23, while introductory books may be accessed at http://www.itgovernance.co.uk/catalog/7. All items may be purchased online for worldwide delivery. For more information visit http://www.itgovernance.co.uk/page.itil

Helpdesk software plays an important role in managing your customer base and takes a huge load off your customer support function. A help desk, as you might know, is an IT-based resource that provides assistance and information in troubleshooting problems that your customers may face while using your products. Larger companies even have additional in-house help desk to provide a similar type of service to their employees.
In large IT corporations, the help desk is often a mandatory part of the customer support department. This is especially true for ISO/IEC 20000 companies and companies who want to be known as providers of high-quality IT services. Companies usually provide a toll-free number, a link, or an email to their customers as a means to contact their help desk. The help desk serves as the central point where users and customers can forward their requests.

Helpdesk software is used to manage the requests that customers send by tracking each customer request with a unique number or code called ticket. The software issues the ticket with the details of the request when it receives a request from a customer. The ticket is closed when the request is fulfilled or the problem is solved. The details of the request and its solution are documented in a database that can be referenced when similar problems or requests are made again.

This brings us to the additional benefit of using this software. This software can be a very useful source of information when you are looking at ways to improve your product by locating, analyzing, and removing the common bugs and weak areas of your product. Many organizations recognized the true value of their help desk long ago and use it extensively to drive their research and sales. A help desk does not merely respond reactively to customer responses but gathers useful data ranging from technical issues to customer needs, choices and satisfaction. Companies can use this information as research material for planning new product and sales strategies.

These days a wide range of software programs are available in the market to support the help desk function. However, most of these programs are complex and large because they cater to help desk at either the enterprise level or the departmental level of large companies. This leaves small and medium businesses in the lurch. They either have to learn and incorporate the unnecessary steps and levels of an expensive application into their system or choose to go without the cost-saving and image-boosting benefits of a professional helpdesk.

Premium Response offers an alternative for such companies. It is simple, economical, easy to operate and easy to integrate. You can use Premium Response to efficiently track and speed up the response to helpdesk calls. This helpdesk software has been designed after years of customer support experience and therefore incorporates all the necessary features for running a successful help desk.

If you need a powerful solution for your support make sure you check out the Premium Response Helpdesk Software for more info.