Determining Service Value
To understand how to manage IT operations and activities based on service value, you must understand where IT value originates―at the boundaries of the enterprise. IT services are simply lubricants to business transactions. IT value becomes visible when the enterprise is able to better serve the marketplace and outperform competitors.
It is important to remember that the purpose for valuing an IT service is to make resource allocation decisions. Also recall that IT services can have a strategic impact on the enterprise and its marketplace. When we combine these two points it becomes clear that the IT organization ought to focus on those services which have the most opportunity to improve the business outcomes desired and expected of the enterprise.
Understanding Service Value
IT services represent potential risks to the business. Of course, IT services also represent potential benefit to the business, but for the purposes of IT service valuation it is important to understand what can happen to the enterprise and its marketplace should be IT service fail to perform as required.
From a business viewpoint, the higher the risk, the higher the value of the IT services. While this may seem strange to IT managers, this is how average business managers consider IT: as a risk. Generally accepted risk management frameworks include three major types of risks that IT services face. These risks to IT services represent risks to the business, and thus contribute to IT service valuation.
The components of IT service value (ordered by risk) are:
Confidentiality - From an IT service valuation perspective confidentiality refers to the requirements for an IT service and the business processes it underpins, supports, or creates with regard to maintaining closed or controlled distribution of information, output or artifacts. An example of a confidentiality issue might be the disclosure of service artifacts to unintended or unauthorized parties.
Integrity - Integrity refers to the modification of data without the awareness of appropriate change management control. Examples of integrity issues include malicious modification of data, for example by a hacker. Another example might include the unintended modification of data by a userperhaps misspelling a name.