Covers change enablement (CE), deployment management (DM), release management (RM), service configuration management (SCM), and IT asset management (ITAM).
Page numbers refer to the pdf page numbers of the Learner Workbook, not the content page numbers.
Chapter numbers (prefixed with §) refer to the Official Book or Practice Guide.
Module 1: General intro, revision of terms
Terms from other management practices
Business as usual: Typically, repeatable routine tasks that can be carried out by people with appropriate technical skills without needing to
be managed as a project.
Continual improvement § 2.2
Risk: A possible event that could cause harm or loss or make it more difficult to achieve objectives. It can also be defined as
uncertainty of outcome and can be used in the context of measuring the probability of positive outcomes as well as
negative outcomes.
Risk management § 2.2.1
The risk capacity of an organization is the maximum amount of risk that the organization can tolerate
and is often based on factors such as damage to reputation, assets, and so on.
Risk management § 2.2.2
The risk appetite of an organization is the amount of risk that the organization is
willing to accept. This should always be less than the risk capacity of the organization.
Risk management § 2.2.3
Control: The means of managing a risk, ensuring that a business objective is achieved, or that a process is followed.
Risk management § 2.2.6
Portfolio: A collection of assets into which an organization chooses to invest its resources in order to receive the best return.
Portfolio management § 2.1
Request for change (RFC): A description of a proposed change used to initiate change enablement.
Change enablement § 2.1
Improvement initiative: Not actually defined in any practice.
Practice guides also use the phrases “improvement initiative”, “implementation initiative”, and “optimisation initiative”.
Terms from outside ITIL
Definitive media library (DML): A secure information technology repository in which an organisation’s definitive, authorised versions of software media are stored and protected. The term is also used in § 5.1.
https://en.wikipedia.org/wiki/Definitive_media_library
Infrastructure as Code: The process of managing and provisioning computer data center resources through machine-readable definition files.
Wikipedia.
Microsoft Learn.
Confusing Terms
Verification is a continuous background activity while an audit is a planned endeavour.
ITAM § 2.2.5, SCM § 2.2.6.
From SCM:
Verification: An activity that ensures that a new or changed IT service, process, plan, or other deliverable matches its design specification and is complete, accurate, and reliable.
Audit: A planned, structured, and documented inspection of the organization’s configuration items, that aims to assess the correctness of the CMDB data in scope.
From ITAM:
Verification: An activity that ensures a new or changed IT service, process, plan, or other deliverable is complete, accurate, reliable, and matches its design specification.
Audit: A planned, structured, and documented inspection of an organization’s IT assets, including data collection, examination, verification, and correction activities that may be initiated and upheld by internal or external parties.
However, the books also use “verification” as a general term for the identification and remediation of gaps between what assets should be found and what assets are actually found. A better term for this is “reconciliation”.
From ITAM:
“The IT asset register indicates what should be found, while audit and verification via inventory and discovery reveal what is found; this occurs during the verification stage of the IT asset lifecycle.”
Inventory is data collection and clean up, performed as manual tasks; Discovery is data collection and clean up, achieved through automation technology and tools.
Annoyingly, the results of both inventory and discovery activities is called “inventory data” (see SCM § 3.1.3).
Module 2: Change enablement
§ 2.1 Purpose and description
(Question for PeopleCert) Given that “control” has a specific ITIL definition (risk management § 2.2.6.), does “risk control” here have a specific meaning or does the guide just mean general “risk management”?
§ 2.2.1 Complexity-based approach to changes
Re Table 2.2 Characteristics of types of changes:
I’d argue that normal changes can be low, medium, or high risk, and have a low, medium or high risk of unexpected outcomes and of uncertainty.
§ 2.2.2 Change definitions and scope
Is “Respective changes” supposed to be “Retrospective changes”?
§ 2.3 Scope
Note all the positive language. No mention of “failure” or “minimising” or “managing”. It’s all about “enabling”.
To discuss: Can a change not be an improvement? Can an improvement not be a change?
§ 2.5 Key metrics
(Question for PeopleCert) What is a timeliness processing index? How is it calculated? As far as I can find, the only mention of it on the internet is its two mentions in this document.
§ 3.1.1 Change enablement planning and optimization
I think the key inputs section should include the following:
• Change review reports.
• Security policies and plans.
In the key outputs column, replace “Change review analysis reports” with “Change reports” .
In the activities column, replace “Change review analysis” with “Change review and planning”.
In the text label for figure 3.1, replace “Workflow of the proactive problem identification process” with “Workflow of the change enablement planning and optimization process”. Note that the list of figures section at the start of the guide has the correct text.
§ 3.1.2 Change lifecycle management
In the key outputs column, replace “Change review reports” with “Change reports”.
As an aside, SRM uses “service request model initiation and control” for the activity that CE calls “change realization control”.
§ 3.2.2 Change enablement in service value streams
“Figures 3.4 and 3.5 illustrate the involvement of the change realization control process in multiple value streams initiated by various triggers.”
A small clarification: Change realization control is not a process — it is an activity in the change lifecycle management process.
§ 3.2.2 Change enablement in service value streams, Figure 3.4
The diagram (figure 3.5) is slightly different in CE, RM, and DM. It has the same boxes, but the labels are different.
I think the meaning is the same across all three, but since I’m not 100% sure about the meaning, I’m not confident about that.
Table 3.5 and the paragraph after it are a better description of where RFCs can originate from. I’d add problem resolution to the table (see above). Note that we should create change models for all of these sources, whenever possible.
DM, RM
In all cases, deployment and release are part of change implementation. The CE practice ensures that the correct deployment or release model is selected, scheduled and managed. DM and RM ensure that valid models are available and correctly executed.
§ 4.2 Organizational structures and teams
“With the decrease of manual processing of changes, there is also less need for formalized structures for change enablement.”
Not “no need”.
7.1 The practice capability levels
(Question for PeopleCert) Why is “Change processing and implementation are integrated into the relevant value streams” a level 3 criterion? Comparing it to other practice guides, and to the definitions of the levels, it seems like it should be level 4.
(Question for PeopleCert) Why is “The stakeholder satisfaction with the changes is measured and reported” a level 3 criterion? Comparing it to other practice guides, and to the definitions of the levels, it seems like it should be level 4.
Module 3: Deployment management
§ 3.1.1 Deployment model development and improvement
I really like how the authors added “lessons learnt” as an output.
I think the key inputs section should include the following:
• Risk information.
• Financial guidelines and constraints.
• Product architecture.
This is included in RM and is listed in § 5.1.
• Service catalogue.
This is included in RM and is listed in § 5.1.
In the key inputs section, why “Deployment failure reports” instead of just “Deployment review reports”?
Consistency: In the key inputs section, why “Release models” instead of “Current release approach, models and procedures”? In the key outputs section, why “Updated deployment models and procedures” instead of “Updated deployment approach, models and procedures”?
Typo: In the key outputs section, one “update” needs to be removed from “Communication of updates to deployment models and procedures update”.
Consistency: In RM the last activity is called “Release model communication”; in DM it is called “Deployment model update and communication”.
§ 3.1.2 Deployment lifecycle management
I think the key outputs section should include the following:
• Deployment reports.
Why is there no “Identification of applicable model” activity? Why is “Current deployment approach, models and procedures” not an input? Why does the process not discuss models at all?
See release management § 3.1.2
§ 3.2.2 Deployment management in service value streams, Figure 3.3
Same comment as in change enablement.
§ 4 Organisations and people
Why is there no mention of the deployment practitioner role (§ 4.1.2) in tables 4.2?
§ 4.1.3 Roles involved in the deployment management activities
What is “supplier” doing in table 4.2?
§ 4.2 Organizational structures and teams
I think the first paragraph is easier to understand if you replace “designated” with “dedicated” (though this might be a New Zealand English thing).
§ 5.1 Information exchange
Delivery hint: I feel that the guide needs to explain more what entry, exit and acceptance criteria are, in particular the situation where the acceptance criteria have been met but the exit criteria haven’t.
7.1 The practice capability levels
(Question for PeopleCert) Why does the PSF “Ensuring the effective deployment of services and service components in the context of the organization’s value streams” not have a VSP 4 criterion of “Deployment models, plans, and scenarios are monitored and evaluated” (like almost every other PSF does)?
(Question for PeopleCert) Why does DM not have a criterion like “The competencies required for performing the release management are identified and skilled human resources are available” (from RM)?
Module 4: Release management
§ 2.1 Purpose and description
Key point: Release management supports onboarding and offboarding. In other words, all IMAC/R/D operations.
§ 2.2.4 Hypothesis testing and experimentation
What are blue/green and canary deployments?
https://www.redhat.com/en/topics/devops/what-is-blue-green-deployment.
https://circleci.com/blog/canary-vs-blue-green-downtime/.
https://en.wikipedia.org/wiki/Blue%E2%80%93green_deployment.
https://en.wikipedia.org/wiki/Feature_toggle#Canary_release.
https://en.wikipedia.org/wiki/A/B_testing.
§ 3.1.1 Release model development and improvement
I really like how the authors added “lessons learnt” as an output.
I think the key inputs section should include the following:
• Risk information.
• Financial guidelines and constraints.
“Market position and financial conditions” is listed in table 3.2.
• Service configuration information.
• Current deployment approach, models and procedures.
I think the key outputs section should include the following:
• Communication of release management approaches and models.
• Release review reports.
Consistency: In RM the last activity is called “Release model communication”; in DM it is called “Deployment model update and communication”.
Consistency: Replace “release management approaches and models” with “release approach, models and procedures”. Also applies to the next section.
§ 3.1.2 Release planning and coordination
I think the key outputs section should include the following:
• Change requests and improvement initiatives.
It in the workflow diagram.
Typo: Replace “Figure 3.2 Workflow of the ‘reactive problem identification’ process” with “Figure 3.2 Workflow of the ‘release planning and coordination’ process”.
Typo: In the heading row of table 3.4, replace “componen” with “component”.
§ 3.2.2 Release management in service value streams, Figure 3.3
Same comment as in change enablement.
§ 4.1.2 Roles involved in the release management activities
The “Release model communication” activity should include Service Desk Agent. It is included in the equivalent activity in DM but is more important here in RM (which is a service management practice) that in DM (a technical management practice).
This also applies to the Release Review activity.
§ 4.2 Organizational structures and teams
I think the first paragraph is easier to understand if you replace “designated” with “dedicated” (though this might be a New Zealand English thing).
Module 5: Service configuration management
Overview
For all value streams, SCM plays a supporting role, but a very important one, as does ITAM.
It is rare to see SCM and ITAM activities in the core value streams of an organisation, however those value streams often reply on the information provided by the SCM and ITAM practices. Assessment and planning activities, in particular, are often highly dependent on the trustworthiness, timeliness, and usefulness of this information.
Key point
SCM (and ITAM) could manage our resources, upstream providers’ resources, and downstream consumers’ resources.
Terms
CMS and CMDB are used interchangeably a lot, both in PeopleCert’s publications and in the wider industry.
Sometimes organisations will define the CMS as the organisation’s CMDBs and AMDBs (though ITIL 4 uses the term “asset register” instead of “asset management database”).
List of tables
Typo: In the heading for table 5.2, replace “configuiration” with “configuration”.
Figure 2.1 A high-level service configuration model
Typo: Replace “Cloud Infrastracture” with “Cloud Infrastructure”.
§ 2.1 Purpose and description
The question “Is a person a CI?” has generated a lot of discussion during Foundation classes.
On the “yes” side, we have the idea that a person’s knowledge and certifications need to be managed. For example, I am required to be an Authorised PeopleCert Instructor to teach these classes. Someone’s role includes making sure that Lumify’s trainers have current certs. Doesn’t that come under service configuration management?
On the “no” side we have the idea that CIs are things and we shouldn’t treat people as things. In this case, the organisation might manage certifications as part of the workforce and talent management practice.
The general consensus has been that the answer is “no”.
§ 2.2.4 CI lifecycle models
ITAM has a formal definition of “IT asset lifecycle” but SCM does not have one for “CI lifecycle”.
§ 2.2.6 CI verification and audit
Typo/Error: In the definition of Inventory, replace “CI register” with “CMDB”.
(Question for PeopleCert) Why are the definitions of verification and audit different in ITAM and SCM?
§ 2.3 Scope
I would add “accurate”, “timely”, “useful”, and maybe “convenient” to “trustworthy configuration data”. SCM and ITAM are essentially a data warehouses, and those are all success factors for a data warehouse.
§ 2.4.2 Ensuring that the costs of providing configuration information are continually optimized
There is no mention of “risk” or “outcome” in the title of this section, just “cost”, but we should be optimising all three. See the “effectiveness and efficiency” comment in the first paragraph.
(Question for PeopleCert) Why is “avoid adding new sources and tools unless they are justified” under SWYA, not KISP?
§ 3.1.1 Managing a common approach to service configuration management
The activities and outputs for this process are the same in ITAM and SCM, but the inputs are very different.
I think the key inputs section should include the following:
• Technology trends.
• Financial data.
• Organisational strategy.
The above three are all listed in § 5.1.
• SCM approach performance reports.
I think the key inputs section should include “Current Service configuration management approach” and the key output of “Service configuration management approach” should be replaced with “Updated service configuration management approach”.
Typo/Error: In the key inputs column, the entry “Monitoring datas” (note the boldfaced s) should be two entries.
• Monitoring data.
• Practice records.
In the key outputs column, replace “CMDB” with “CMS”.
In the key outputs column, is “implementation initiatives” supposed to be “improvement initiatives”?
§ 3.1.3 Verifying configuration data
Note that this process is very different to the equivalent one in ITAM (§ 3.1.3).
Despite not including the word “audit” in the name, this process does include audit activities. See table 3.6. I’m assuming it also includes discovery activities, though they are not mentioned at all.
I think the key inputs section should include the following:
• Discovery data.
§ 3.2.2 Service configuration management in service value streams
I would add “risk management”. SCM and ITAM information is highly important in managing risk.
§ 4.1.3 Resource owner role
In SCM, owners are responsible for developing and maintaining CI lifecycle models, and for ensuring that models are consistently applied. Note that in ITAM, owners do not have this responsibility (§ 4.1.6).
§ 4.1.4 Other roles involved in the service configuration management activities
Typo/Error?: In table 4.2, replace “Resource ownert” with “Resource owner”. I don’t know if there are additional bullet points here behind the typo.
Typo? Consistency?: In table 4.2, should “Configuration librarians” be singular?
§ 5.2 Automation and tooling
Typo: In the heading of table 5.2, replace “configuiration” with “configuration”.
§ 5.2.1 Recommendations for the automation of service configuration management
Considering this section in ITAM, we might also add:
• Consider leveraging super-users.
• Ensure that self-help capabilities are available and convenient.
In the last bullet point, replace “CMDB” with “CMS”.
§ 6.1 Service configuration management in the service relationship ecosystem
Typo/Error: In the first paragraph, replace “svice” with “service”.
§ 7.1 Practice Capability Levels
Why is “Configuration information is exchanged between the organization and its suppliers and partners, where needed” a level 4 criterion? Because level 4 includes “integrated with other standards and approaches”.
(Question for PeopleCert) Why is “Configuration information is managed using an integrated information system” a level 4 criterion, not the level 3 I’d expect from looking at other practices and at the description of the levels?
(Question for PeopleCert) ITAM (like most practices) has a level 4 criterion of “The quality and availability of the IT asset information are measured and reported”. Why does SCM not have an equivalent for this in the “Ensuring that the organization has relevant configuration information about its products and services” PSF?
(Question for PeopleCert) Same question for “IT asset utilization is measured and reported” in the “Ensuring that the costs of providing configuration information are continually optimized” PSF.
§ 8 Recommendations for practice success
”Develop the practice continually but don’t overcomplicate it” is great advice for every practice.
Module 6: IT asset management
§ 2.2.3 IT asset register
Phrasing? Typo?: Replace “define media libraries” with “support definitive media libraries”.
§ 2.2.4.5 IT asset decommissioning
The word “consumer” here refers to “IT asset consumer” (§ 4.1.7), not “service consumer”.
§ 2.2.5 Verification and audit
(Question for PeopleCert) Why are the definitions of these two terms different in ITAM and SCM?
Clarification: Replace “…this occurs during the verification stage of the IT asset lifecycle.” with “…this occurs during the audit and verification stage of the IT asset lifecycle.”. See figure 2.3.
Typo: Replace “Since the IT asset is the source of truth…” with “Since the IT asset register is the source of truth…”.
§ 2.3 Scope
I would add “accurate”, “timely”, “useful”, and maybe “convenient” to “trustworthy configuration data”. SCM and ITAM are essentially a data warehouses, and those are all success factors for a data warehouse.
§ 2.4.2 Ensuring that the utilization of IT assets is continually monitored and optimized
What this section is talking about is not just technical debt but also waste.
https://theleanway.net/The-8-Wastes-of-Lean.
It is technical debt because we have accepted a workaround of underutilisation instead of a systemic solution of reconfiguring the assets and/or our use of them.
Page 149: The key PSF metrics
What is ROI and VOI?
https://institute.uschamber.com/move-from-roi-to-voi/.
https://visitjeromeidaho.com/2019/05/roi-vs-voi/.
§ 3.1.1 Managing a common approach to IT asset management
The activities and outputs for this process are the same in ITAM and SCM, but the inputs are very different.
Financial guidelines and constraints is deliberately not listed as an input. ITAM doesn’t cover making purchase decisions; just on providing information to assist decision-making and on managing the assets that have been purchased.
I think the key inputs section should include the following:
• Stakeholder requirements
They are listed in the workflow, and the first activity involves analysing them.
• Organisational architectures.
• Organisational portfolios.
• Exception reports.
See § 3.1.2.
I think the key inputs section should include “Current IT asset management approach” and the key output of “ITAM approach” should be replaced with “Updated IT asset management approach”.
In the key outputs column, is “implementation initiatives” supposed to be “improvement initiatives”?
The activity title in table 3.2 of “Define and agree the ITAM approach, scope, data structure, and lifecycle models” doesn’t match the BPMN diagram in figure 3.1.
The risk management practice does not use the term “opportunity register”. It just notes that risk is associated with opportunity. Risk management practice guide § 2.2.4.
Tiny, picky little typo that nevertheless bugs me: In the key outputs section, replace “Requests for changes…” with “Requests for change…”.
§ 3.1.2 Managing the IT asset lifecycle and records
Consistency?: The equivalent SCM process included an input of requests for data. This process doesn’t include that at all. I think it should be added.
§ 3.1.3 Verifying, auditing, and analysing IT assets
Note that this process is very different to the equivalent one in SCM.
I think the key inputs section should include the following:
• Surveys.
They are listed in table 5.2.
(Question for PeopleCert) Why is there no “Identify an IT asset lifecycle model” activity? The lifecycle model is where the audit and verification procedures are listed.
Consistency: In the key outputs section, replace “Request for change” with “Requests for change and improvement initiatives”.
§ 3.2.2 IT asset management in service value streams
I would add “Risk management”.
Typo: Replace “Assessment events’ impact on IT assets” with “Assessment of events’ impact on IT assets”.
§ 4.1.6 IT asset owner
Note that in SCM, the concept of “owner” is very different.
§ 4.2.1 Level of centralization
Typo?: In figure 4.2, I think that “IT asset administrator” should be “IT asset register administrator”.
§ 5.2 Automation and tooling
Work planning and prioritisation tools includes an application of “plan verification activities”. Shouldn’t this be “plan audit activities”? Verification activities aren’t planned - they are continual.
Workflow management and collaboration tools includes an application of “plan verification activities”. It should be “plan verification and audit activities”. Ticketing systems assist in both types of activity.
Presentation tools and survey tools are listed in table 5.2, but not in table 5.1.
§ 7.1 Practice Capability Levels
(Question for PeopleCert) Why is “IT asset information is managed using an integrated information system” a level 4 criterion, not the level 3 I’d expect from looking at other practices and at the description of the levels?
Typo: In table 7.1. in the “Ensuring that the utilization of IT assets is continually monitored and optimized” row, second criteria, replace
“Where e Organization’s requirements for optimizing IT asset utilization are identified and agreed rrors cannot be fixed, they are controlled and mitigated.”
with
“Organization’s requirements for optimizing IT asset utilization are identified and agreed.”.
Sample paper 1
27) An organization has a small, centralized IT asset management team. One team member is responsible for the maintenance of all IT assets throughout their lifecycle. They are also the most knowledgeable person in how to manage software and cloud assets.
What TWO roles is this staff member carrying out?
1. IT asset analyst
2. IT asset manager
3. IT asset custodian
4. License manager
A. 1 and 2
B. 2 and 3
C. 3 and 4
D. 1 and 4 (Correct)
My comment: This is an example of a “least worst answer” question. The staff member is definitely not an IT asset manager (who manages the ITAM approach) or an IT asset custodian (who ensures that ITAM procedures are consistently applied), so they have to be the other two, even though nothing in the question (apart from the word “cloud”?) is in the description of license manager. To confuse things even further, the practice guide says “… this role is commonly combined with the software IT asset manager role.” (§ 4.1.5).
Sample paper 2
2) Which TWO activities should be covered as part of change enablement initiation?
1. Informing stakeholders about any changes to change models
2. Analysing the procedures related to change enablement
3. Describing the rules used to assign priorities to changes
4. Agreeing on the roles and responsibilities for change enablement
A. 1 and 2
B. 2 and 3
C. 3 and 4 (Correct)
D. 1 and 4
My comment: I think this is another “least worst answer” situation. The ”change enablement initiation” activity (the first in the “change enablement planning and optimization” process) involves documenting the initial version, not about agreeing on anything. However, 1 (the “change model and procedure update communication” activity) and 2 (the “change review and planning” activity) are certainly incorrect.
45) An organization has noticed that releases involving products developed in-house are more successful than those involving third-party products.
What action should the organization take to improve this situation?
A. Create metrics for each stage of the release planning and coordination process and automate the data capture and analysis of the metrics
B. Create appropriate models for each type of release and automate the execution of the activities in each model (Correct)
C. Create collaboration opportunities for each group of specialists working within the organization’s value steams
D. Create a single set of automated procedures for releases which are close in nature to the procedures used for the successful third-party product releases
My comment: Wouldn’t your first action be to find out why? Only then can we create/modify the appropriate models. Then again, “least worst answer”.