ITIL Case Study ® Managing Digital Inform
Read, analyse, understand and summarise this ITIL case study
The summary must be authentic, your own original work, technically correct, without spelling and grammar mistakes and presented in word file format. and do not copy content from the internet.
Use Calibri font with font size 11
Plagiarised content will not be considered.
White Paper
January 2011
ITIL® Managing Digital Information Assets
Shirley Lacy, ConnectSphere
Frieda Midgley, Digital Continuity Project
Judith Riley, Digital Continuity Project
Nigel Williamson, Digital Continuity Project
© The Stationery Offi ce 2011
Contents
Synopsis 3
Introduction 3
1 Information asset management 4
1.1 Why manage information assets? 4
2 What are the digital challenges? 4
2.1 Adapting to manage the growth in digital content and information 4
2.2 Understanding how digital information supports the business 5
2.3 Identifying digital information assets and their relationships 5
2.4 Ensuring digital continuity through business and technology change 5
2.5 Managing the liabilities and risks associated with information assets 5
2.6 Managing information across the supply chain 5
2.7 Reducing redundancy and duplication, and disposing of information 5
3 Where digital continuity fits in 5
3.1 Business or organisational change 6
3.2 Technical change 6
3.3 Identifying business needs and technical dependencies 7
3.4 ITIL principles that support digital continuity management 7
3.5 Organising for digital continuity 7
3.6 Financial management and service portfolio management 7
4 Using your IAR to understand the relationships between your information
assets, business requirements, and technical environment 8
4.1 Defining the scope of your IAR and identifying starting points 9
4.2 Designing your IAR 9
4.3 Adopting the ITIL asset and configuration management practices with the IAR 10
5 Using the IAR to improve the way you manage digital information 10
5.1 Planning for effective and efficient information asset management 10
5.2 Identifing risks to digital continuity 10
5.3 Identifying and planning the realisation of savings and efficiencies 11
5.4 Contracting with new IT service providers 11
5.5 Obligations on suppliers to use an IAR when contracting for IT services 11
6 Manage information assets over time, and during periods of change 12
6.1 Using the ITIL service lifecycle to manage digital continuity 12
7 Conclusion 13
Annex A Glossary of terms and definitions 14
Annex B Key roles and responsibilities 14
Annex C Managing digital continuity 15
Annex D Bibliography and references 17
Acknowledgements 17
Trademarks and statements 17
© The Stationery Office 2011
2 ITIL® Managing Digital Information Assets
© The Stationery Office 2011
ITIL® Managing Digital Information Assets 3
Synopsis
Information is a valuable asset and needs to be managed
as carefully as any other tangible asset, such as money or
equipment. In particular, you need to ensure that digital
information assets can be used as needed, for as long as
needed, to support business requirements. This is called
managing digital continuity.
This White Paper uses ITIL service management best practices
to explain the principles of providing services to business
customers that are fit for purpose, stable and reliable. It is
complementary guidance to ITIL on digital continuity.
This paper explains what IT service providers, and key points of
contact with external IT suppliers, need to do to manage digital
continuity in relation to their business activities.
In brief, you need to take action to make sure that your
technical environment adequately supports the digital
information your organization relies on. That means making
sure it supports the way your organization needs to use its
information, and provides sufficient functionality now and in
the future.
Key recommendations are as follows:
• Understand what information the business needs and how
that information is used in a business context.
• Define information assets by content and business use rather
than by what system holds the information.
• Define the scope of your information asset register (IAR).
Design it, then use it to improve the way you manage your
digital information.
• Use your IAR to help you to understand and record the
relationships and dependencies between your information
assets, business requirements and technical environment.
• Use your IAR when contracting with new IT service providers,
to ensure good information asset management. Through the
active management of the IAR in the IT services contract,
information assets become true configuration items. This will
help you to effectively manage and maintain digital
continuity, reducing risks as the technology and the
organization itself change.
As part of good information asset management we also
recommend that you assess the impact of asset, business or
IT change on digital continuity. Good change management is
essential if you are to ensure your information assets continue
to support your business requirements.
For more information visit www.nationalarchives.gov.uk/
digitalcontinuity.
This White Paper provides complementary guidance to ITIL. For
more information visit www.itil-officialsite.com.
Introduction
‘Information is a valuable asset that must be safeguarded.
In the case of information held by public authorities and
businesses … people want to be certain that it is held
securely, maintained accurately, available when necessary
and used appropriately’
Sir Richard Mottram, Foreword, National Information
Assurance Strategy
Organizations depend on digital information to manage and
operate their business. This makes information an asset that
needs managing and protecting as carefully as more tangible
assets such as money or equipment. If you manage your
information assets well, you can operate legally and accountably,
improve customer and public services, and save or avoid costs.
Information asset management can deliver IT efficiencies. It
helps you to identify where you are providing unnecessary
support or where you have under-utilized capability.
If you do not manage your information assets well, you could
lose business-critical digital information. You could also lose
the ability to use digital information as you need to, with all
the associated financial and reputational costs. You could be
storing information that has no business value – and although
technology allows us to store more and more information cost-
effectively, this has knock-on costs which continue to grow.
These include the increased costs of maintaining and backing up
the data, and the need for more expensive technologies to find
and retrieve the right information in a timely fashion.
This White Paper provides introductory guidance for IT providers,
complementing ITIL guidance1. It explains how IT can support
the management of digital continuity; that is, the ability to use
digital information as needed, over time and following change.
It provides guidance on how to manage digital information
assets across an IT service supply chain. This includes what you
can do to identify opportunities and manage risk.
It explains what we mean by information assets, and introduces
the basic concepts and principles of managing them. It includes
advice on why and how to manage digital information assets
as a configuration item, linking into the information asset and
configuration management responsibilities covered in ITIL.
It outlines the obligations for contractors to maintain an IAR
for the duration of their contracts. It also summarizes key
recommendations from the UK government’s Digital Continuity
Project2.
1 ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is registered in the US Patent and Trademark
Office. ITIL is a collection of best practice guidance on the management of IT services. It is a comprehensive framework from which organizations, and their agents,
can adopt and adapt their own practices and procedures.
2 The Digital Continuity Project is funded by central government and managed by The National Archives. It is developing a service that will help you to ensure digital
information is usable over time, and following change. For more information visit www.nationalarchives.gov.uk/digitalcontinuity.
© The Stationery Office 2011
4 ITIL® Managing Digital Information Assets
This White Paper will also be of use to anyone interested in
managing digital information assets in central government, the
wider public sector, and commercial organizations.
ITIL service management best practices referenced in
this White Paper
• Managing services through the service lifecycle
• Service portfolio and service catalogue management
• Financial management
• Demand management
• Capacity management
• Service level management
• Information security management
• IT service continuity management
• Availability management
• Service asset and configuration management
• Change management
• Incident management
1 Information asset
management
An information asset is information held by an
organization, categorized from the perspective of its content
and business use rather than by the IT system that holds it.
An information asset is information that has been grouped in
a way that enables you to protect, manage, share and exploit
it effectively. An organization will need to decide how to
group its information to ensure that the asset is both useful
and able to be effectively managed. An information asset can
contain structured or unstructured information and may
range from a single file to many files.
Information asset management is the effective
management, control and protection of information assets
within an organization. Asset management is the process
responsible for tracking and reporting the value and
ownership of assets throughout their lifecycle.
1.1 Why manage information assets?
Information can be a valuable asset, and it needs to be
managed as such. In this digital age, managing information
assets requires input and support from IT and the people
responsible for knowledge and information in the organization.
Good information asset management protects the information
your business relies on – and that means you can operate legally
and accountably, and take informed decisions. It protects you
from risk – the risk that you will lose information, or lose the
functionality required to use the information you have to
support your business requirements.
Specific IT benefits include:
• Understanding where you are maintaining IT to support
information no longer required by the organization. This will
enable you to take evidence-based cost-saving decisions; for
example, on standardizing applications and software, or
reducing the number of licences you pay for
• The potential for reducing storage costs. If you are keeping
only the information your business needs, this could lead to
reduced back-up costs and time savings, reduced electricity
costs and a need for fewer servers
• A clearer understanding of how your technical environment
needs to support the business. You will be helping to ensure
that business-critical information is usable, i.e. that you are
maintaining the required level of functionality
• More effective use of your IAR, with clearer responsibilities
for IT service providers, their customers, suppliers and
business sponsors.
2 What are the digital
challenges?
Understanding the digital challenges for each specific business
context helps all the parties to work together and map
information assets to business need.
2.1 Adapting to manage the growth in digital
content and information
Factors driving the growth of information include the increased
computerization of businesses, the improved ease of use, the
decreasing cost and increased availability of digital technology,
and internet applications for e-commerce and customer support.
This growth causes many challenges for IT teams, such as:
• Adopting new technologies and techniques to search, store
and secure digital information
• Supplying the right capacity at the right cost as the business
information needs and technology change
• Adapting to store and manage digital content and
information assets effectively and efficiently
• Meeting the green IT agenda during the rapid growth in
digital information
© The Stationery Office 2011
ITIL® Managing Digital Information Assets 5
• Developing strategies to manage digital information
effectively throughout its lifecycle.
2.2 Understanding how digital information
supports the business
Users need information to work efficiently to deliver business
benefits effectively, and to operate legally, accountably and
transparently. One challenge is to know what information is
required, when, where, by whom, and how it is used (now and
in the future); also, how the underlying IT services and
infrastructure support the delivery of information to users over
time and through change.
2.3 Identifying digital information assets and
their relationships
Information is used in many ways and in many formats, through
different channels and interfaces. The challenge is to identify
information assets, their relationships and dependencies.
Without this understanding, it is difficult to manage the costs
and other impacts of change on information assets.
2.4 Ensuring digital continuity through
business and technology change
Digital information is particularly vulnerable to change. It is
reliant on complex systems, formats and media to support it,
and the expertise and understanding of the people who
manage it. Although organizations have procedures to protect
and back up digital data, these will not necessarily ensure the
continuing completeness, availability and usability of digital
information. They cannot protect against changes in the
business and technical environments. The challenge is to ensure
that you can use digital information in the way that you need to
as the underlying IT changes, digital information ages, and
organizational structures and business needs change.
2.5 Managing the liabilities and risks
associated with information assets
Information that is not usable or disposed of at the appropriate
time can become a financial, reputational and legal liability; for
example, where there are concerns about privacy, security, and
intellectual property protection associated with digital
information assets.
2.6 Managing information across the supply
chain
Delivering services in today’s world often involves activities that
are carried out by multiple suppliers. This adds to the complexity
of the responsibilities and processes involved in managing data
and information across a supply chain.
2.7 Reducing redundancy and duplication,
and disposing of information
With the complexity of systems and IT services it is often
difficult to know what information to keep. Organizations often
either lack the confidence to make decisions and take action on
what to dispose of or archive, or they do not yet have in place
the systems and procedures to enable them to do this.
3 Where digital continuity
fits in
Complete This means that everything you need to use and
understand the information is there, including the content
and context, such as metadata – so, for example, you still
have links to external files or you have maintained important
connections between files and metadata.
Available This means you can find what you need and that
it can be opened with available technology – so, for example,
you have the metadata you need, or you have information in
versions that can be processed using available IT applications.
Usable This means that it is fit for purpose and can be used
in a way that meets the business needs of the organization –
so, for example, information is not locked into formats or
systems that restrict your ability to use or reuse it, or that
restrict the tools you can use to process it.
Digital continuity is the ability to use digital information for as
long as needed, to meet business requirements. Managing
digital continuity means making sure that anyone who needs
information can identify it, retrieve a copy, read, or otherwise
use the content as required. They will also be confident that the
information is complete, available and usable. To achieve this
you will need to make sure that your business needs, your
information assets and your technical services are aligned (see
Figure 1).
© The Stationery Office 2011
6 ITIL® Managing Digital Information Assets
Digital continuity is about managing digital information
through change. Change of any kind puts digital information
at risk, because it alters the alignment between your business
requirements, your information and your technical environment.
When these things move out of alignment, you might lose
digital information, or the ability to use it as you need to.
3.1 Business or organizational change
If your organization is given new responsibilities, for example,
you might be required to do new things with your information.
If your IT or information management do not allow that to
happen, then you are at risk of losing digital continuity. That
could be for a variety of reasons. Perhaps your IT service
contract is not flexible enough, so making changes to meet your
new needs is too expensive. Or perhaps your metadata policy is
now inadequate, because it does not provide the rigorous audit
trail you now require.
3.2 Technical change
Changes to your IT environment can also impact on digital
continuity. You can lose essential bits of your information,
such as metadata, during transfer to a new IT system. Or you
could lose functionality if formats or applications are no longer
supported or are upgraded.
Technologies can also become obsolete. If you do not have a
plan in place to migrate at-risk information to new formats
or systems that provide the functionality you need, you could
easily lose digital continuity.
Technical Services and
Environment
You are maintaining
technical capability that
you don’t need
You are maintaining
information assets that
you don’t need
You don’t have the
right technical
capability to use your
information assets to
meet your business
needs
You don’t have
the right (form
of) information
assets to meet
your business
need
You are
maintaining
technical
support for
information
assests that you
don’t need
Effective and
Efficient Information
Asset Management:
You have the right
information assets and
the right technical
capability to meet your
business need
You have business needs
that are not being met
Business Needs
Information Assets
Effective and
Efficient Information
Asset Management:
You have the right
information assets and
the right technical
capability to meet your
business need
Figure 1 Effective and efficient information asset management
© The Stationery Office 2011
ITIL® Managing Digital Information Assets 7
Managing digital continuity means defining and managing
information from a content perspective and a technology
perspective.
3.3 Identifying business needs and technical
dependencies
Effective management of digital information assets means
that you have the right capabilities and resources to meet your
ongoing business needs, as shown in Figure 1.
This requires that:
• You understand how your organization needs to use its
information to support its business requirements (i.e. what
information you need, for how long, who needs to use it and
in what way)
• You then make sure that your technical environment and the
way you manage your information assets support the
identified business requirements.
Your IT should provide support for your information assets in
the way you need to use them – not just today, but as business
needs and technology change, and digital information ages.
The National Archives’ Digital Continuity project is developing a
service for the public sector that will support digital continuity
management. You can find guidance at www.nationalarchives.
gov.uk/recordsmanagement/dc-guidance.htm
3.4 ITIL principles that support digital
continuity management
ITIL defines a ‘service’ as a means of delivering value to
customers by facilitating the outcomes that customers want to
achieve without the ownership of specific costs and risks.
If we consider a business service such as ‘payments’, the
business outcomes are making the right payments on time,
with the expected resources, and without any unexpected
costs or risk. The ‘payments’ business services are supported
by a number of technology services such as ‘information access
administration’, ‘database service’ and ‘storage administration’.
Managing the entire business service along with its underlying
components ensures that we are delivering the required
functionality (or utility – i.e. accurate payments) and service
levels (or warranty) to the business customer.
Managing digital continuity is about making sure that your
technical environment supports your organization to use its
digital information assets as it needs to, now and in the future.
This fits with the ITIL principles of delivering service utility and
warranty:
• Utility Delivering a service that has a positive effect on the
performance of tasks associated with desired business
outcomes. This is fitness for purpose.
• Warranty The positive effect is available when needed, in
sufficient capacity or magnitude, and dependable in terms of
continuity and security. This is fitness for use.
The following examples illustrate how ITIL is used by many IT
service providers to ensure that the warranty is delivered:
• Demand management and capacity management to
ensure that sufficient capacity is provided to deliver the
current and future demand for services; for example,
payment workload and digital storage needs
• Service level management to ensure that agreed service
level targets can be met; for example, performance levels for
a specified workload
• IT service continuity management to support business
continuity
• Availability management to ensure that all IT components
are appropriate to deliver the agreed service level targets
• Information security management to ensure the
confidentiality, integrity and availability of an organization’s
assets, information, data and IT services
• Incident management to restore service as quickly as
possible to users.
Managing digital continuity will help you to ensure that the
utility and warranty you are providing support the ongoing use
of digital information to fulfil business requirements, at the right
cost.
3.5 Organizing for digital continuity
Digital continuity should fit within a wider spectrum of activity
within your organization, including the appointment of a senior
sponsor for digital continuity who champions governance. The
senior sponsor may delegate responsibility for this to someone
like a chief information officer, head of knowledge and
information management or chief technology officer – that is,
someone who has the authority to escalate issues to board level
if required. Your organization may also have information asset
owners – senior individuals who have been given additional
responsibility for managing information risk. Every organization
is different, and job titles may vary.
We recommend that you work closely with other disciplines
to manage digital continuity effectively. Find out who is
responsible for knowledge and information in your organization
– they should understand their information assets and map
them against business requirements. You could also talk to your
enterprise architects or strategists, your information assurance
specialists, the people responsible for change management, and
procurement or contract managers.
Annex C provides more detail on these roles and their
responsibilities, and how what they do can support you.
3.6 Financial management and service
portfolio management
Financial management provides the business and IT with the
quantification, in financial terms, of the value of IT services,
the value of the assets used to provide those services, and
operational forecasts.
© The Stationery Office 2011
8 ITIL® Managing Digital Information Assets
In ITIL, service portfolio management helps organizations to
consider all the relevant factors when deciding which IT services
to offer to which customers and which to withdraw from their
service portfolio. Robust service portfolio management must
factor in digital continuity. The process of managing digital
continuity will enable you to understand where your technology
is supporting unneeded information, where essential
information assets are not adequately supported by technology
(or are likely to become unsupported; for example, as a result
of technological obsolescence or changes to systems and
contracts), and where technology could improve information
asset usability.
The service portfolio can be a valuable tool in decision
making, supporting you to manage changes to information
assets, model the resource requirements required to manage
information assets and deliver digital continuity. Within the
service portfolio, the view of the operational services is the
service catalogue.
The service catalogue management process ensures that
information in the catalogue is accurate and reflects the current
details, status, interfaces and dependencies of all services that
are being run or being prepared to run in the live environment.
It helps to set the customers’ expectations of the value and
potential of their IT service providers.
4 Using your IAR to
understand the relationships
between your information
assets, business
requirements, and technical
environment
The five stages shown in Figure 2 provide a framework of the
actions your organization can take to help you assess and
improve the management of your digital information assets (for
more detail see Annex C). One of the principal ways you can
manage your digital information assets is by adapting your IAR.
The IAR is a conceptual rather than a physical entity. In practice,
your IAR is likely to consist of a number of separate registers,
documenting particular aspects of your digital information and
its environments. It might build on existing lists of information
assets or use the ITIL service asset and configuration
management process to link the various elements. This does
not matter, as long as you can understand what information
assets you have, how the business needs to use them, the
technical dependencies between them, and you can identify
the information assets dependent on each component of your
technical environment. Whatever way you develop your IAR,
you need to be able to use it to assess and manage the impact
of change.
Within an IT services environment, the IAR identifies the
information assets as distinct configuration items which relate
to the technology that enables them and the business outcomes
that they are required to support. Once the IT services IAR
is under active management (including with outsourced
IT suppliers), any impacts on the information assets can be
Figure 2 Key steps to improve the management of your information assets
1. Understand
the issues and
take action
2. Identify your
scope,
information
assets, how they
are used and their
technical
environment
3. Assess current
capability, risks,
opportunities and
implement
improvement
4. Manage
information assets
overtime and
through business
and technological
change
5. Establish and maintain the Information Asset Register (IAR)
© The Stationery Office 2011
ITIL® Managing Digital Information Assets 9
more easily assessed at times of change. This ensures that the
business outcomes continue to be delivered, both at the time of
the change and for the duration of the IT services contract.
4.1 Defining the scope of your IAR and
identifying starting points
• Which information assets are you going to focus on initially?
Are there priority areas of the business, IT services or key
information assets that should be tackled first? For example,
new or business-critical services, their applications and
information assets and technology platform.
• What level of detail do you require? You may want to start
with a high-level overview, and take a phased approach to
developing the underlying detail.
• Are there plans to change or implement information systems
that would provide opportunities for developing sections of
your IAR?
• Are you due to renew or replace your service contract?
• Do you already have components of the IAR in place that
could be built upon?
4.2 Designing your IAR
• Decide how you will identify your information assets. How
will you define and classify them? How will you ensure that
each one you identify is unique? Who is the business owner
of each one? How will you quantify the value they provide to
the business? What do they cost to create and maintain?
Work with your knowledge and information management
team to understand what is currently being done and
whether it meets business needs. Roles are defined in Annex
B. If you do not have these specific roles in your …
