Email this Article Email   

CHIPS Articles: Navigating DoD ITSM Policy

Navigating DoD ITSM Policy
DoDI 8440.01 Points the Way Toward IT Service Management Convergence
By Lt. Cmdr. James L. Fisher, Navy IT Service Management Office and Phil Withers, NAVITSMO Contractor Support Staff - July-September 2016
For years, the Navy IT Service Management Office has emphasized that international standards and industry best practice are the necessary rungs on the ladder as Navy networks climb toward a common IT Service Management (ITSM) lexicon, governance and management approach, monitoring and measuring capability and evaluation methodology.

The inevitable convergence of thought, discipline, education and capability have been hampered due to a lack of overarching service management policy direction as Navy rightly maintains a laser-focus on the warfighter and the pragmatics of formulating and following doctrine that brings information resources to their warrior fingertips.

The minutiae by which this primary task is accomplished varies from service to service, program to program, infrastructure to infrastructure, and even day to day; there really was no “true north” that planners, designers and managers of network capabilities could point to for alignment with other resources. One can only conjecture how many information technology force multipliers were not recognized due to a lack of commonality in thought or design from one program to the next.

Fortunately, a coalition of ITSM stakeholders and leadership from each of the services and Defense Information Systems Agency (DISA) met over the past several years to hammer out the details of a DoD policy document that would provide the missing purpose, policy, responsibilities and procedures to establish a working guidepost for existing and future ITSM efforts. Signed in December 2015, the DoD Instruction 8440.01 – IT Service Management begins to exact a high-level alignment framework using the DoD Enterprise Service Management Framework (DESMF).

The DoD Chief Information Officer (CIO) signed DoD Enterprise Service Management Framework (DESMF) Edition III on June22, 2016, updating much of the framework and including more emphasis on risk management, guidance on standing up an IT Service Management Office, Information on Service Quality Management, IT Performance Management, Process Capability Assessments, and Entitlement Management represented in the Access Management Process.

As with DoDI 8440.01, the services and DISA collaborated on the development of Edition III, but this time with direct input from key ITSM industry experts. It is the DESMF that DoD ITSM Policy uses as a framework against which stakeholders and users can align their ITSM strategy, design, transition, operation and functional capabilities.

As a substantive contributor to the policy and framework, NAVITSMO is positioned to support the purposes put forward in the policy and to equip Navy ITSM efforts with ready-made references, templates, tools and training that are already aligned with policy intent. Four of the five stated purposes of the policy are discussed below with supporting NAVITSMO products and services that enable compliance with minimal effort.

First, the instruction establishes the policy, assigns responsibilities, and provides procedures for ITSM. This is nothing less than a monumental leap forward in the roadmap leading to uniformity of ITSM design and implementation within the DoD. For the first time, services and agencies have a true-north beacon (clad in purple) that gathers together the hodge-podge of program and parochial initiatives for ITSM implementation, strips them down to their essential elements, and allows DoD component heads to set their own service or agency-specific policy that aligns with DoD policy. This initial provisioning of an overarching policy and framework removes the ambiguity so often found in service or theater-level efforts.

Secondly, the policy provides a DoD-wide standard ITSM framework for the implementation and management of high quality IT services. This includes service management standards that enable conformance to objectives, integrated operations, audit, and capability assessment. The framework to be used is the DESMF. Embedded within that framework is a service quality measurement model to support comparison, evaluation, and improvement of DoD IT services.

Additionally, the policy provides for continual improvement of the DESMF leading to efficient integrated enterprise service management capabilities, improved IT service quality, and better IT investment decisions. The NAVITSMO’s Process Capability Assessment Tool (PCAT) is a defined capability within the framework that supports the assessment of all DESMF processes. It has been put through its paces recently as all 13 Next Generation Enterprise Network (NGEN) [contract] processes and one function have been assessed using this model and tool, and it is available for DoD component organizational entities to use in assessing their process alignment and capabilities on an increasing scale leading to a fully optimized level five assessment.

And finally, the policy purports to establish the governance mechanisms required to develop DoD ITSM standards, develop integrated capabilities, and to monitor conformance. It is interesting to note the conformance criteria is specific to DESMF and uses a phased approach for both enterprise or shared IT services and IT services offered to a single DoD component.

With the purposes and intent established, the policy goes on to stipulate that the DoD will promote the effective use of enterprise standards for the management of IT services across the DoD in accordance with the “Department of Defense (DoD) Information Technology (IT) Enterprise Strategy and Roadmap” and the DESMF. This is significant because it is a widely known, if somewhat disregarded, tenet of IT Governance that executive leadership/sponsorship is absolutely crucial to effective implementation of a governance construct.

The NAVITSMO has created a 20-step process guide that pulls together the various references on this topic and outlines a clear step-by-step approach to establishing an IT Governance system. Step one in the guide sets the tone:

“Obtain executive sponsorship and commitment from the highest level of authority possible. If the sponsorship is limited to line level managers or anyone below the executive level, you should abandon all thoughts of having effective IT Governance mechanisms. Your sponsor not only sets the resource and outcomes expectation of the governance initiative, but enforces organizational compliance to the IT Governance Implementation Project Plan.”

In concert with the purpose, the policy itself asserts that Service Quality and integrated service management capabilities for DoD IT services will be measured and evaluated based on DoD ITSM standards as articulated in the DESMF... another huge leap forward in service management convergence among the various service and agencies by using the DESMF as the “gold” standard for service quality. Services will be measured and evaluated. Creating a baseline for comparison is a bedrock principle of Continual Service and Process Improvement and the NAVITSMO’s PCAT (again, assimilated into the DESMF) provides the capability to establish a baseline and then uses successive levels of assessment to find gaps and recommend actions for achieving the next level of process capability.

The policy also plainly establishes the DESMF as the model by which IT services will be defined, categorized, published, and measured. The model provides for general steps required in process design and is revealing of how expansive the framework is to ensure inclusion of all design requirements:

  • Define Scope and Objectives
  • Validate the Current Environment
  • Develop High-Level Process Definition
  • Define Roles and Responsibilities
  • Document Detailed Work Flow
  • Build the Process
  • Develop Appropriate Metrics & Supporting Measures
  • Define and Document Communications Plan including:

  • -- Knowledge Transfer
    -- Training Requirements
  • Identify & Implement Quick Wins
  • Finalize the Process Guide

The NAVITSMO has informed these design elements of the DESMF in its ITSM Lifecycle: A Guide for Implementation which contains the lifecycle phases for Strategy, Plan, Preliminary Design, Logical Design, Physical Design, Build and Test, Deploy and Operate and Sustain. Supporting templates are also available on the NAVITMSO milWiki for each of the ITSM lifecycle phases to assist those entities seeking to create structured ITSM process design elements that conform to DESMF requirements.

Support for Joint Information Environment (JIE) requirements is interwoven throughout the DESMF. The DESMF describes the manner in which ITSM is to be performed in the JIE in accordance with the Joint Information Environment White Paper. As alluded to earlier, conformance to the DoD ITSM policy across the DoD is provided in a phased approach for each DoD service and agency component and service-specific instructions should be promulgated that take into account the unique requirements, capabilities and mission of each in support of JIE while aligning to DESMF models.

For Navy, the “99 percent solution” to conformance with DoDI 8440.01 is represented in the voluminous artifacts and subject matter expertise available at the NAVITSMO. Reviewing the wiki portal will provide an overview of the resources that can be appropriated immediately; additional support can be garnered through the NAVITSMO Service Request System where tailored resources can be constructed to meet individual needs.

About the NAVITSMO
Chartered in April 2012, NAVITSMO provides IT Service Management thought leadership and assistance by creating usable products and services for the Navy ITSM community. The NAVITSMO strives for alignment of enterprise IT architecture through discreet but interlocking practice areas to help define and support organizational IT governance and management requirements. The NAVITSMO résumé boasts industry-certified expertise in ITIL, COBIT, Program and Project Management, DoDAF, IT Risk Management and Control, IT Skills Framework, Service Quality, CMMI, ISO/IEC-20000, ISO/IEC-33000, Information Security, Enterprise IT Governance, and Assessment and Audit.

The NAVITSMO Wiki is located at: https://www.milsuite.mil/wiki/Navy_IT_Service_Mangement_Office/ and the NAVITSMO can also be contacted at itsmo@navy.mil.

Access to milSuite is Common Access Card (CAC) controlled. First time users will need to register their CAC with milSuite by clicking the Register button, confirming their information and clicking Submit.

The Navy Process Reference Model is located at:
https://www.milsuite.mil/book/docs/DOC-165127
More information about ISO/IEC 20000 can be reviewed at:
https://en.wikipedia.org/wiki/ISO/IEC_20000
More information about COBIT can be reviewed at:
http://www.isaca.org/cobit/pages/default.aspxReferences

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy
CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988