become-itil-foundation-certified-abhinav-kaiser(www.ebook-dl.com)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 4 ■ Service Strategy<br />
Risks are inherent in every business, including the business of providing IT services. The<br />
world’s most popular entrepreneurs wouldn’t have reached peaking heights if they hadn’t<br />
taken risks at various instances. An IT service provider has to take risks in order to <strong>com</strong>e<br />
out on top.<br />
When a service is conceived, it <strong>com</strong>es inherent with risks. They cannot be avoided.<br />
The smart thing would be to identify and manage them. It is like harnessing the sun’s rays<br />
for power generation rather than staying indoors during the day.<br />
A risk is a possible event that could cause harm or loss or affect the ability to<br />
achieve objectives.<br />
There are two parts to risks:<br />
1. The first is being pro-active and assessing risk. Based on<br />
the assessments, mitigation activities are planned and<br />
implemented.<br />
2. No matter how pro-active an organization is, it may not be<br />
able to avoid the risk triggers (e.g., economic recessions).<br />
For such instances, risks need to be managed when they<br />
materialize.<br />
4.6.1 Risk Assessment<br />
Planning plays a major role in ITIL and it involves assessing risks before they materialize.<br />
It is an exercise that needs to be done at various stages of the service lifecycle. In most<br />
organizations, there are separate risk management teams that think of the worst possible<br />
thing that can happen to an IT service and start mapping it out with the impacts and the<br />
possible mitigations that can be achieved. Who said there is no place for pessimists in ITIL?<br />
Under assessment of risks, there are two major activities:<br />
1. Risk identification<br />
2. Risk analysis<br />
4.6.1.1 Risk Identification<br />
Risks have to be identified before they happen. The best way to do this is by having<br />
brainstorming sessions with all stakeholders. When you brainstorm risks, just start listing<br />
them out. It could be as silly as the janitor tripping over power cables in the datacenter. Well,<br />
it’s not silly really, as there have been instances of it that have been widely case studied.<br />
After identifying the risks, add a column for identifying the possible impact <strong>com</strong>ing<br />
from the risk. For the janitor tripping over power cables, the impact is not primarily<br />
servers shutting down, but the impact that the customer faces, say web sites going offline<br />
or business applications losing connection to databases.<br />
The placeholder for this information is a risk register. It is a fancy name for the<br />
spreadsheet or Word document where all the identified risks are recorded.<br />
52