Description

This curriculum spans the equivalent of a multi-workshop program used in large-scale IT transformations, covering the design, governance, and operational integration of IT services across strategy, security, and compliance functions.

Module 1: Service Strategy and Business Alignment

Define service portfolio boundaries by evaluating existing IT capabilities against business unit SLAs and financial constraints.
Select service pricing models (e.g., cost recovery, fixed fee, usage-based) based on organizational funding policies and stakeholder incentives.
Conduct demand management workshops to forecast service utilization and align capacity planning with business roadmaps.
Negotiate service level agreements with legal and procurement teams to ensure enforceability and compliance with regulatory requirements.
Establish a business relationship management function to maintain ongoing alignment between IT services and evolving business priorities.
Implement value stream mapping to identify redundant services and prioritize investments based on business outcome metrics.

Module 2: Service Design and Architecture

Design service solutions using reference architectures that enforce separation of duties and data classification requirements.
Select integration patterns (e.g., API gateways, message queues) based on latency, security, and system coupling constraints.
Define non-functional requirements (e.g., availability, scalability) in design specifications and validate them through architecture review boards.
Implement service modeling using CMDB schemas that support impact analysis and change risk assessment.
Enforce design standards through automated validation in CI/CD pipelines for infrastructure as code.
Coordinate with enterprise architecture to ensure compliance with technology standards and retirement timelines.

Module 3: Service Transition and Change Management

Classify changes (standard, normal, emergency) using risk criteria and delegate approval authorities accordingly.
Integrate deployment automation tools with change management systems to enforce audit trails and rollback procedures.
Conduct failure mode analysis for high-risk changes and document fallback plans in the change record.
Manage parallel testing environments to validate service behavior under production-like conditions.
Enforce change advisory board (CAB) attendance policies and document dissenting opinions for governance audits.
Track change success rates and rework incidents to refine change models and reduce deployment failures.

Module 4: Configuration and Asset Management

Define CI ownership and update responsibilities across teams to maintain CMDB accuracy.
Implement discovery tooling with exclusion policies to prevent unauthorized scanning of sensitive systems.
Reconcile asset procurement records with configuration items to close license compliance gaps.
Establish lifecycle states for CIs (e.g., planned, live, decommissioned) and automate state transitions.
Integrate software metering tools with CMDB to detect underutilized or unauthorized applications.
Conduct periodic audits to validate CI relationships and correct topology inaccuracies affecting incident impact analysis.

Module 5: Incident and Problem Management

Define incident categorization and prioritization rules based on business impact and technical urgency.
Implement event correlation rules to suppress noise and identify root cause signals in monitoring systems.
Escalate unresolved incidents using predefined communication paths and stakeholder notification templates.
Conduct major incident post-mortems with action tracking to prevent recurrence.
Classify problems by error type (e.g., design flaw, configuration drift) to guide remediation strategy.
Link known errors to knowledge base articles and validate resolution steps with operations teams.

Module 6: Service Operation and Monitoring

Configure monitoring thresholds using historical performance baselines and business transaction patterns.
Assign alert ownership based on runbook responsibility and on-call schedules.
Implement synthetic transaction monitoring for critical user journeys to detect degradation before user reports.
Enforce log retention policies in SIEM systems to balance compliance requirements and storage costs.
Validate failover procedures through scheduled, non-disruptive DR tests with documented outcomes.
Rotate credentials and certificates automatically and log rotation events for audit review.

Module 7: Continual Service Improvement and Governance

Define KPIs for each service using balanced scorecard methodology across availability, cost, and user satisfaction.
Conduct service reviews with stakeholders using performance dashboards and action backlogs.
Map process maturity using assessments (e.g., ISO 20000) and prioritize improvement initiatives based on ROI.
Integrate customer feedback channels (e.g., surveys, support tickets) into service improvement planning.
Track technical debt in service designs and allocate improvement time in release cycles.
Report on compliance with internal policies and external regulations using automated evidence collection tools.

Module 8: Security and Compliance Integration in ITSM

Embed security controls in service design checklists and require sign-off from information security teams.
Map ITSM processes to regulatory frameworks (e.g., GDPR, HIPAA) to identify control gaps and evidence requirements.
Restrict access to sensitive service data using role-based permissions and attribute-based access controls.
Integrate vulnerability management workflows with incident and change processes to prioritize patching.
Conduct access reviews for privileged ITSM roles (e.g., change approvers, CMDB admins) on a quarterly basis.
Enforce encryption of data at rest and in transit for ITSM tools handling personal or regulated data.