The Importance Of an ITSM Platform To Effectively Manage It Operations
Every organization needs systems to run the business and perform their functions effectively. These systems range from manual/ paper-based to highly sophisticated computer applications and services. If I asked what was the most important system for various functions that enable a business, I expect most people would answer the question correctly for many operation team functions.
For the Human Resources (HR) team, it is the HRIS/HRMS (HR Information System or Management System). For the accounting Team, it is the financial accounting system. For the sales or business development teams, it is the Customer Relationship Management (CRM) system.
So what is the most critical system for the IT department? Still thinking?
I would argue it is the IT Service Management (ITSM) platform. This may not be true today (if you aren’t using one, have the wrong one, or aren’t using it effectively). But if you have the right platform and use it properly, it can be a gold mine and the key to having the proper information to manage IT operations effectively.
An ITSM platform can also serve as a key asset as you develop or enhance your cybersecurity program
When I start a new role or client project, I frequently find that the team has a shared mailbox or free/ barebones incident management system to manage requests for support via email. However, I also discover that the information needed to assess the state of the environment is scattered across various tools and systems (e.g., network shared drives, intranet, note-taking tools, siloed applications, etc.) or worse, does not even exist. This makes it particularly difficult to identify recurring issues, risks, and vulnerabilities or develop a plan for enhancing the effectiveness of the IT organization and environment.
What kind of information am I talking about?*
• What assets does the IT organization have? Where are the assets physically located, and who has them?
• Where is the documentation on how systems and appliances are configured? Are dependencies between servers and computer systems understood and documented?
• What recurring support requests may indicate a problem that requires a comprehensive solution (e.g., multiple passwords reset requests)?
• How many users are compliant with IT and Information Security policies? Which ones are and which ones aren’t?
• Where are procedures and checklists located and documented evidence the team is following them?
• What contracts, software licenses, and subscriptions are in use within the organization?
These and other discrete information that is critical to IT operations should be managed in an ITSM platform. By collecting and consolidating this data in the platform, you can gain visibility and traceability across multiple dimensions. The platform typically includes the following features:
• Ticketing: Track and categorize support requests and assign work based on the scope of responsibility.
• Problem/incident management: Track problems and incidents and document solutions to address root causes and prevent incidents before they occur.
• Change management: Document change management activities and approvals.
• Asset management: Track and manage devices from purchase to disposition.
• Configuration management: See relationships between assets/systems. Document services and tasks are running on servers and infrastructure.
• IT service catalog: Develop automated workflows to replace manual checklists and processes.
• Knowledge management: Create solutions to enable self-service and smart suggestions (using artificial intelligence) for support requests.
• Contract management: Track contract terms and plan ahead for renewals.
• Service Level Agreement (SLA): Measure the satisfaction of users and the department’s performance against SLAs.
An ITSM platform also enables the IT organization to obtain actionable information and even export it for detailed analysis and reporting. Some examples:
• Vendor A just announced a vulnerability or released a critical patch, which of my systems are affected by this vulnerability or patch?
• How many software licenses of Product Z are deployed and need to be upgraded?
• How will a pending upgrade or change affect my environment? Which systems and users will be impacted?
So if you have an incident management system, that’s a great start. But I’d encourage you to go beyond just generating tickets from email to maximize the utility of an ITSM platform for effectively managing IT operations.
PS: An ITSM platform can also serve as a key asset as you develop or enhance your cybersecurity program. You can’t have an effective cyber program if you don’t understand the assets you are protecting or the risks and vulnerabilities inherent in your infrastructure.
*Note: There may be reasons to have some of this information stored/managed elsewhere (e.g., policy acknowledgment forms in a learning management system when the acknowledgment is tied to a specific training course).