Viktorija Donceva
Trajkovski & Partners Management Consulting
Ohrid, May 2009
 Introduction
regulation from the National bank of the
Republic of Macedonia
 ISO
20000:2005 standard requirements
 Practical
experience from implementation of
ISO 20000:2005
31.07.2017
If you don’t want to help
yourself, no one can
 Law
2
If you don’t want to help
yourself, no one can
3
31.07.2017
 First

Describes processes for delivery of services
 Aligned
with and complementary to the
process approach defined within ITIL
 ISO/IEC


20000 consists of two parts:
ISO/IEC 20000-1, the formal Specification
ISO/IEC 20000-2, the Code of Practice
 Formerly
British Standard 15000, adopted by
ISO in December, 2005
31.07.2017
If you don’t want to help
yourself, no one can
worldwide standard specifically aimed
at IT Service Management
4
If you don’t want to help
yourself, no one can
5
31.07.2017
 Introduction
terms and definitions
 Requirements
 Planning
for a management system
and implementing ITSM
 Planning
and implementing new or changed
IT services
 Process
If you don’t want to help
yourself, no one can
 Scope,
and overview
groupings
31.07.2017
6
Overall management system
Planning and implementing service management
Service delivery processes
Capacity management
Service continuity and
availability
management
Service level
management
Service reporting
Information security
management
Budgeting and
accounting for IT
services
Control processes
Configuration management
Change management
Release processes
Resolution processes
Release management
Incident management
Problem management
Relationship
processes
If you don’t want to help
yourself, no one can
Planning and implementing new/changed services
Business relationship
management
Supplier management
31.07.2017
7
If you don’t want to help
yourself, no one can
8
31.07.2017
 DECISION
 DECISION
on amending the Decision on the
bank's information system security ("Official
Gazette of RM" No. 78/08)
 DECISION
on amending the Decision on the
bank's information system security ("Official
Gazette of RM" No. 31/2009)
31.07.2017
If you don’t want to help
yourself, no one can
on the bank's information system
security ("Official Gazette of the Republic of
Macedonia" No. 31/2008)
9
company of the bank with main
activity of managing data processing system
and which based on written agreement
manages and stores bank data while
performing bank or financial activities.
 The
outsourcing company shall obligatorily
be certified in accordance with the
international standard ISO/IEC 20000.
31.07.2017
If you don’t want to help
yourself, no one can
 Outsourcing
10
If you don’t want to help
yourself, no one can
11
31.07.2017
31.07.2017
If you don’t want to help
yourself, no one can
To provide a management system,
including polices and a framework
to enable the effective
management and implementation
of all IT services
12
 Policies
Service management and improvement policy,
Budgeting and accounting policy, Release policy
etc.
 Plans

Service management plan, Service improvement
plan, Capacity plan etc.
 Processes

Improvement process, supplier management
process, Change management process etc.
31.07.2017
If you don’t want to help
yourself, no one can

13
 Procedures
Document control, Incident management,
Problem management etc.
 Records

Service level agreements, Management review
report, Proposal for new or changed services,
Risk Assessments, Configuration management
database (CMDB)etc.
31.07.2017
If you don’t want to help
yourself, no one can

14
If you don’t want to help
yourself, no one can
15
31.07.2017
QMS based on ISO 9001:2000
 Implemented
ISMS based on ISO 27001:2005
 Implementing


ITSMS based on ISO 20000:2005
The Scope of the IT Service Management System
are all the services that the organization
provides for its customers and for the internal
users.
ITSMS Framework + ITSM processes
 Connections
and overlaps between the
management systems
31.07.2017
If you don’t want to help
yourself, no one can
 Implemented
16
ISO 9001:2008
ISO/IEC 27001:2005
1 Scope
1
1
2 Terms & definitions
3
3
3 Requirements for a
management system
4 Planning and implementing
service management
5 Planning and implementing
new or changed services
4
4, A.6.1
7.1
A.6
7.2
A.10.3, A.12.1
6 Service delivery process
7.2
7 Relationship processes
8 Resolution processes
9 Control processes
10 Release management
7.2.3/4.1
4.1, 4.2, A.10.8
8.5
A.10.10
7.5.1
A.12.2
If you don’t want to help
yourself, no one can
ISO/IEC 20000-1:2005
7.3
31.07.2017
17
1.
3.
4.
5.
6.
7.
8.
9.
10.
31.07.2017
If you don’t want to help
yourself, no one can
2.
Introduction
Service Management and Improvement Policy
IT Service Management System Overview
Management Responsibility
Organization for Service Management
ITSMS Documentation
Services overview
Planning and implementing service
management
Planning and implementing new or changed
services
Service Management Process Model
18

31.07.2017
If you don’t want to help
yourself, no one can
Defined 13 processes based on ISO 20000:2005
standard
 Service Improvement
 Planning and implementing new or changed
services
 Service level management and reporting
 Service continuity and availability management
 Budgeting and accounting for IT services
 Capacity management
 Business Relationship management
 Supplier management
 Incident management
 Problem management
 Configuration management
 Change management
 Release management
19
 Service
Level Management
 Service

To maintain and improve IT Service quality,
through a constant cycle of agreeing,
monitoring and reporting upon IT Service
Achievements.
 Service

Level Management Goal
Level Management objective
If you don’t want to help
yourself, no one can
ISO20000-1:2005 ref. number: 6.1
To define, agree, record and manage levels of
service
31.07.2017
20
If you don’t want to help
yourself, no one can
21
31.07.2017
 List
of all services IT provides to Customers
a clear explanation of the services,
Customers/Users, descriptions and costs
 Essential
to any service provider business in
order to define products and services
 Managed
and updated by the Business
Development Department
31.07.2017
If you don’t want to help
yourself, no one can
 Provides
22
 Separate
 Each
service separately described through
the following information:
 Service
name, Status of service, Description of
service, Standard and additional service
features, Frequency of service delivery, Service
availability, Client technical requirements for
using the service, Service support (description
and hours), Service owner, Standard and
additional Tariff costs, Service delivery level
31.07.2017
If you don’t want to help
yourself, no one can
catalogs for services provided to
clients and internal services
23
Services included/excluded
 Service hours
 Availability / Reliability targets
 Throughput, transaction response times, batch
turnaround times
 Support arrangements / targets
 Change targets
 Security Plan
 IT Service Continuity Plan
 Service costs and charges
 Reviews and reporting
 Penalties and Incentives

If you don’t want to help
yourself, no one can
31.07.2017
24
If you don’t want to help
yourself, no one can
Questions?
Thank you for your
attention!
31.07.2017
25