Outsourcing and acquisition models comparison related to IT supplier selection decision analysis

This paper presents a comparison of acquisition models related to decision analysis of IT supplier selection. The main standards are: Capability Maturity Model Integration for Acquisition (CMMI-ACQ), ISO / IEC 12207 Information Technology / Software Life Cycle Processes, IEEE 1062 Recommended Practice for Software Acquisition, the IT Infrastructure Library (ITIL) and the Project Management Body of Knowledge (PMBOK) guide. The objective of this paper is to compare the previous models to find the advantages and disadvantages of them for the future development of a decision model for IT supplier selection

Inter-organizational fault management: Functional and organizational core aspects of management architectures

Outsourcing -- successful, and sometimes painful -- has become one of the hottest topics in IT service management discussions over the past decade. IT services are outsourced to external service provider in order to reduce the effort required for and overhead of delivering these services within the own organization. More recently also IT services providers themselves started to either outsource service parts or to deliver those services in a non-hierarchical cooperation with other providers. Splitting a service into several service parts is a non-trivial task as they have to be implemented, operated, and maintained by different providers. One key aspect of such inter-organizational cooperation is fault management, because it is crucial to locate and solve problems, which reduce the quality of service, quickly and reliably. In this article we present the results of a thorough use case based requirements analysis for an architecture for inter-organizational fault management (ioFMA). Furthermore, a concept of the organizational respective functional model of the ioFMA is given.Comment: International Journal of Computer Networks & Communications (IJCNC

DevOps and information technology service management: A problem management case study

The use of DevOps is a predominant attribute of businesses engaged in the development and maintenance of Information Technology systems. Although literature exploring DevOps practices has expanded, there is still much unexplored territory on its operational ramifications. This is particularly observed when considering their potential impact on ITSM frameworks such as ITIL, which governs Operations. This research aims to establish how DevOps principles and practices can be applied to Problem Management, a core Service Management process. Specifically, it explores which DevOps practices may be used throughout the Problem lifecycle, as well as benefits which may result from them. An exploratory case study was carried out with the participation of Problem Managers operating in a DevOps environment. Three data collection methods were applied: Semi structured interviews, in which participants described their experience and insight in relation to DevOps and Problem Management; documental analysis and observation, where processes and workflows were examined; and a focus group exercise in which study outcomes were discussed and systematized. This research indicates that DevOps practices have varying degrees of significance for a Problem Management process. Practices associated with continuous planning and collaboration are prone to having greater significance in a Problem lifecycle, with the potential of enabling benefits such as quicker Problem identification, higher quality Root Cause Analysis, and improved resolution times. The novelty of insight gathered in this study benefits both academics, through its contribution to an expanding body of knowledge, and professionals, considering the practical and applicable nature of findings. Future work is also presented.A utilização de metodologias DevOps é hoje uma característica predominante de organizações envolvidas no desenvolvimento e manutenção de sistemas de Tecnologia e Informação. Apesar da crescente produção de literatura a examinar práticas DevOps, existe muito território por explorar referente às suas ramificações a nível operacional. Isto é particularmente notável quando se consideram potenciais interações com frameworks de ITSM como o ITIL, que governam Operações. Esta pesquisa tem como objetivo estabelecer quais princípios e práticas DevOps podem ser aplicadas na Gestão de Problemas, um processo central para a Gestão de Serviços. Especificamente, exploramos quais práticas DevOps podem ser utilizadas ao longo do ciclo de vida de um Problema, tal como que benefícios poderão resultar da sua aplicação. Um caso de estudo exploratório foi realizado com a participação de Gestores de Problemas a operar num ambiente DevOps. Três métodos de recolha de dados foram aplicados: Entrevistas semiestruturadas, onde participantes descreveram a sua experiência e conhecimento em relação a DevOps e Gestão de Problemas; análise documental e observação, onde processos operacionais foram examinados; e uma discussão em grupo onde resultados do estudo foram discutidos e sistematizados. Esta investigação indica que práticas DevOps tem variados níveis de significância para um processo de Gestão de Problemas. Práticas associadas ao planeamento contínuo e colaboração tendem a ter maior significância no ciclo de vida de um Problema, com potencial para gerar benefícios como a mais rápida identificação de Problemas, maior qualidade na análise de causa, e melhorias nos tempos de resolução. As conclusões apresentadas neste estudo trazem benefícios tanto para académicos, expandindo o corpo de conhecimento disponível sobre o tema, como para profissionais, considerando a sua natureza prática e aplicável. Direções para trabalho futuro são também apresentadas

Managing information security risk using integrated governance risk and compliance.

This paper aims to demonstrate the building blocks of an IT Governance Risk and Compliance (IT GRC) model as well the phased stages of the optimal integration of IT GRC frameworks, standards and model through a longitudinal study. A qualitative longitudinal single case study methodology through multiple open-ended interviews were conducted over a period of four years (July 2012 to November 2015) in a retail financial institution. Our empirical study contributes to both academic research and practice in IT GRC. First, we identified the various building blocks of IT GRC domain from vertical as well as horizontal perspectives. Second, we methodologically demonstrated the gradual metamorphosis of the evolution of an IT GRC from a single ITG framework to multiple IT GRC building blocks. The journey thus throws light on the gradual staged process of attaining maturity in IT GRC by an organization. The resultant IT GRC model thus, guides managerial actions towards a better understanding of the positioning of IT GRC building blocks in an organization through the understanding of the interaction of vertical and horizontal domains. The results of the paper thus enable practitioners and academics to better understand and evaluate IT GRC implementation for effective governance, reduce risk and ensure compliance in organizations