ESM

ITIL

Service Transition

Deployment Management

Execution of moving a release to production in controlled manner

Security Triad

Confidentiality: data accessible to only authorised

Integrity: maintain accuracy, consistency, trustworthiness of data

Availability: ensure info is reliably accessible when needed

Trends

AI Integration: (C) Enhanced threat detection / (I) improved data validation / (A) Better prediction

Quantum Computing: (C) Enables quantum encryption / (I) Offer new integrity verification / (A) Faster processing and recovery

DevSecOps: (C) Early identification of confidentiality vulnerabilities / (I) Automated integrity checks throughout development / (A) Improved system resilience

Approaches

Big Bang Deployment

deploy to all targets at once / used when dependencies are incompatible between old and new components / database schema changes incompatible with prev versions / higher risk but faster complete implementation

Phased Deployment

deploy to part of production environment at a time / controlled rollout to limit potential issues and contain impact / roll out new software to users in one offce or country / lower risk but longer implementation

Pull Deployment

new software available in controlled repo / exclusive or not all users need it at the same time / optional software available through svc portal / empower users but may lead to inconsistent environments and version control issues

Push Deployment

components auto deployed to all target users / standardization and consistency across all environments / automatic security patches pushed to all corporate devices (vulnerability) / uniform deployment but less user flexibility, may disrupt if there are issues

Continuous Delivery

components integrated, tested, deployed as needed / frequent feedback loops from users, incremental improvements / DevOps environments using auto toolchains for CI/CD / responsive adaptation to new requirements with distributed risk across smaller deployments

Release Management

Release, collection of collection that are grouped together and deployed into production as a unit

Traditional/Waterfall

work over speed of delivery

CAB approves all changes, release manager creates and executes detailed release plan

Sequential Process: release management and deployment management combined into 1 process

Upfront Planning: Most work occurs before deployment with detailed plans

All-at-Once Delivery: new functionality available immediately upon deployment

Benefits

Clear Structure and Predictable outcomes

Thorough Documentation (complliance/regulatory requirements)

Minimal Scope Creep (well-defined project boundaries)

Challenges

Inflexibility to any changes after planning

Delays delivering value to users

Risk of misaligned deliverables if requirements change

Cost Analysis

Cost of fixing defects increases exponentially as they progress through development phases (requirements to design, coding, testing, production)

Agile/DevOps/DevSecOps

Prioritize speed of delivery and adaptability over comprehensive upfront planning

Cross functional teams make autonomous decisions about changes (automated pipelines replace manual approvals)

Iterative Process: software deployed in small increments

Post-Deployment Activities: significant release management occurs after deployment

Gradual Enablement: new functionality activated at later points after code deployment

Benefits

Rapid delivery through small, frequent releases

Adaptive Flexibility, Respond Quickly To New Requirements

Integrated Security throughout Development Lifecycle

Challenges

Complicated to manage multiple release streams

Steep learning curve, requires specialised expertise in automation and practice

Risk of feature sprawl without backlog management

Cost Analysis

Automated Detection Impact

Defects caught by automated testing: 1x

Defects caught in peer review: 2-3x

Defect caught in QA 5-10x

Defect in Production: 15-100x

Shift-Left Security Benefits

Security defects found during development cost 30x less than those in production

Security vulnerabilities cost 6x less when found in development vs testing, 15x less than in production

Under Sustainability: Recommendations

Plan: energy-efficient languages/frameworks

Code: Write optimized, lightweight code using green software patterns

Build & Test Stages: Use tools to measure and minimize energy use during testing

Deploy Stage: Select cloud regions with lower carbon intensity for deployment

Monitor Stage: Continuously track energy consumption and emissions using monitoring tools

Change Management

Functional Requirements

What System Must Achieve

Use Cases

Non-Functional Requirements

System Qualities (Reliability, Speed, Security)

Ensure Works Efficiently And Securely

Security Examples: Data Encryption, Authentication, Data Privacy, Vulnerability Management

Reliability Examples: System Stability, Data Integrity, Backup and Recovery, Fault Tolerance

ISO 25010

Reliability

perform consistently under given conditions

Security

protect data from unauthorised access

Portability

transferred smoothly across diff environments

Maintainability

easily updated, fixed, improved

Performance Efficiency

optimize resource usage for better speed

Usability

ease of use, user satisfaction

Functional Suitability

software meets functional req

Compatibility

Change Plans

When?

Business Impact & DownTime Low

Risk Assessment & Approval

Change Windows & Maintenance Periods

Compliance & Security Considerations

Resource Availability

Testing & Validation

Go Criteria

Testing & Validation

Approvals & Governance

Training & Communication

Implementation Readiness
(implementation plan / rollback/ backup strat)

Pre-Change

People

Change Requester / Change Manager / CAB / Technical Approvers?Subject Matter Experts / Change Coordinator / Service Owner / Release Manager / IT Operations & Service Desk

Mid-Change

Key Steps

Backup & Pre-Implementation Checks

Execute the Change

Testing & Validation

Sign-Off & Handover

Rollback Scenarios

Minor Functional Issues

Critical System Failure

Performance Degradation

Security Breach/Compliance Risks

Post-Change

Post-Implementation Cleanup & Documentation

Technical Cleanup: remove temporary/redundant files / delete all testing data / verify no outdated configurations

Finalizing Change Implementation: Documentation & Compliance: Update tracking sheets to reflect latest system changes / Ensure approvals are obtained / confirm documentation is accurate and up-to-date

Immediate Readiness

Support Team / Infrastructure & Security Teams / Customer-Facing Staff / Business Process Owners

Availability Management

Service Operations

Problem Management

cause

Problem Identification

Trend Analysis

Reports from users, svc desks, technical staff

Insights from major Incident Management

Feedback from suppliers, partners, internal teams

Problem Control

analyse problems and root causes

prioritize by risk, impact probability

investigate causes, consider all factors

create workarounds

document known errors for future ref/quick resolution

Timeline Analysis

Data Collection

Timeline Construction

Look for Patterns

Reporting & Improvements

Error Control

managing known errors

Find Permanent Solutions

Assess cost, risk, benefits of fix implementation

Re-evaluate known errors periodically to check impact, solution availability, workaround effectiveness

implement fixes if justified

Post-Incident Review (PIR)

Incident Overview

Incident Description

Remedies & Mitigations

Next Steps

References?

Incident Management

unplanned interruption to service

Incident Identification

user reported? disruption to IT svcs?

Incident Logging

IT svc mgmt sys

Incident Categorization

type, impact, affected systems

Incident Prioritization

Priority Matrix

Incident Response

Event Management

any change of state notified from monitoring tools

Metrics

Mean Time To

Repair

Resolve: resolve root cause issue (RCI)

Respond

Recovery

Cost Savings, Productivity

Reducing MTTR lowers downtime > ^ cost savings and productivity

Compliance and Risk Management

Lower MTTR helps with compliance and regulations

Quality vs Speed

Rushing MTTR without qualitative repairing leads to recurring problems, increasing MTTR overtime

Inefficient Incident Response Processes

Undefined roles, lack of clear procedures, poor communication delay responses, leading to higher MTTR

ITIL Event Template

Event Name

What Changes

Signifiance

Management Implication

Event Categories

Informational

Warning

Exception

Service Value Chain

Six Key Activities

Plan

Immerse

Enhance

Design

Obtain

Deliver

4 Dimensions

Organizations and People

Information and Technology

Partners and Suppliers

Value streams and Processes

SIX SIGMA

Define

Measure

Analyse

Improve

Control

(DORA) DevOps Research and Assessment

Lead Time For Changes

Deployment Frequency

Change Failure Rate

Time To Restore Service

Odoo

SLA

99.9% Uptime

Automated backups with 14 full backups retained for 3 months

Built-in security features including data encryption at rest and in transit

Comprehensive disaster recovery with defined RPO and RTO metrics

Kano Model

Basic Quality

Desired Quality

Excited Quality

Indifferent Quality

Reverse Qualities