ISO20000: What it is and how it relates to ITIL v3 John DiMaria; Certified Six Sigma BB, HISP BSI Product Manager; ICT (ISMS,ITSM,BCM) © 2006 BSI Management Systems All Rights Reserved Objectives and Agenda To raise awareness, to inform and to enthuse • ISO20000 – what is it? • ISO20000 – how does it relate to ITIL3? • ISO20000 – why do you need it? • ISO20000 – how to achieve certification • Summary © 2006 BSI Management Systems All Rights Reserved -2- ISO20000 – What is it? ISO/IEC 20000 • Part 1 – Specification for Service Management ISO/IEC 20000-1: 2005 • Part 2 – Code of practice for Service Management ISO/IEC 20000-2:2005 ‘To promote the adoption of an integrated process approach to deliver managed services to meet the business and customer requirements’ ISO/IEC 20000-1:2005 © 2006 BSI Management Systems All Rights Reserved -4- Part 1 and Part 2 Audit is against part 1. Assess and Aim initially for minimum requirements – part 1; Use Part 2 for guidance and continuous improvement Part 1 – Specification Part 2 – Code of Practice • Management with appropriate authority shall approve an information security policy that shall be communicated to all relevant personnel and customers where appropriate. • The service providers staff with information security roles should be conversant with BS7799 (ISO17799/ ISO27001). © 2006 BSI Management Systems All Rights Reserved -5- History • UK Government launches IT Infrastructure Library (ITIL) in 1989 • ITIL defines ‘best practice’ processes and procedures • ITSMF formed in 1991 to further develop best practice • BSI Service Management committee develops a code of practice book and then a standard aligned to ITIL • BS 15000 first published in 2000 as a specification • Early adopters programme led to revised edition in 2002 • Certification scheme available from November 2003 • Adopted as ISO 20000 in December 2005 © 2006 BSI Management Systems All Rights Reserved -6- Product Fit ISO 20000 ISO 27001 ISO 9001:2000 © 2006 BSI Management Systems All Rights Reserved -7- Process mapped to organizational unit Organization Operations and Network Management Print and Mail IT Manager Office Automation and Telematics Software Department Project Organization Process © 2006 BSI Management Systems All Rights Reserved -8- Service Desk Software Maintenance and Application Management The world’s first IT service management process standard … that provides the industry with a standard that can be used for auditing and assessing internal service providers and external suppliers across the supply chain To help organizations provide a quality service and be cost effective via professional service management Supplier A Service Provider Supplier B (Lead Supplier) Supplier12 © 2006 BSI Management Systems All Rights Reserved Scope of ISO 20000 Supplier23 -9- Customer ISO20000 Process Framework © 2006 BSI Management Systems All Rights Reserved - 10 - Plan, Do, Check, Act Management System Manage Services Management Management Responsibility Responsibility Business Business requirements requirements PLAN PLAN Plan Plan service service management management Customer Customer requirements requirements Request Request for for new new or changed services or changed services Other Other process, process, business, business, supplier, supplier, customer customer Customer Customer Satisfaction Satisfaction DO DO Implement Implement Service Service Management Management ACT ACT Continuous Continuous Improvement Improvement CHECK CHECK Business Business Results Results New New or or changed changed service service Other Other process, process, business, business, supplier, supplier, customer customer Monitor, Monitor, Measure Measure Other Other Teams, Teams, e.g. Security e.g. Security © 2006 BSI Management Systems All Rights Reserved Source: ISO 20000 and and Review Review - 11 - Team Team & & People People Satisfaction Satisfaction ISO20000 – How does it relate to ITIL IT Service Management Framework © 2006 BSI Management Systems All Rights Reserved - 13 - ITIL® v3 Lifecycle Framework Governance Methods & Continual Service Improvement Al ig nm en t Spe cialt y To pics s die Stu se Ca Service Design Service Strategies ITIL ITIL ice erv l S nt ua eme in nt rov Co Imp Service Transition Co n Im tinu pr al ov Se em rv en ice t on cti du ro Int ve uti ec Ex St ud y Templates Service Operation s in W ick Qu Ai ds Qualifications © 2006 BSI Management Systems All Rights Reserved Sc ala bil ity e dg e l w no K St an da rd s s ill k S - 14 - (c) Crown Copyright 2007 Reproduced under Licence from OGC ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office Common processes across ISO20000 and ITIL v3 • Incident Management • Problem Management • Service Level Management • Service Reporting • Supplier Management • Capacity Management • Information Security Management • Change Management © 2006 BSI Management Systems All Rights Reserved - 15 - Similar processes across ISO20000 and ITIL v3 • Release Management Release and Deployment Management in ITIL v3 It additionally covers deployment approaches and knowledge transfer in more detail, and early life support • Configuration Management Service Asset and Configuration Management in ITIL v3 • Manages service assets from acquisition to disposal • Provides a configuration model of services, assets and infrastructure, and their relationships • Service Continuity and Availability Management Two separate processes in ITIL v3 • Budgeting and Accounting for IT Services Financial Management in ITIL v3 © 2006 BSI Management Systems All Rights Reserved - 16 - Processes within ISO20000 but not ITIL v3 • Business Relationship Management This is mentioned briefly in the ITIL v3 Service Strategy book but is not expanded to be a process Some elements such as Customer Satisfaction Survey and addressing complaints are covered in the ITIL3 SLM process © 2006 BSI Management Systems All Rights Reserved - 17 - Functions ISO20000 ITIL v3 • None – ISO20000 is process based and does not cover functions • Service Desk • IT Operations Management • Application Management • Technical Management © 2006 BSI Management Systems All Rights Reserved - 18 - Roles ISO20000 ITIL v3 Top/Executive Management not defined Senior Responsible Owner not defined not defined Service Owners Process Owners Process Owners/Managers not defined Functional Group Managers Contract Managers Contract Managers Individual(s) responsible for customer satisfaction and the whole business Business Relationship Manager relationship process not defined Product Manager not defined Service Design Manager not defined Chief Sourcing officer © 2006 BSI Management Systems All Rights Reserved - 19 - Key Corresponding Documents ISO20000 ITIL v3 Service Improvement Policy Continual Service Improvement Policy Configuration Management Policy Service Asset and Configuration Management Policies Release Policy Release Policy Financial Policy Financial Plans and Budgets Information Security Policy Information Security Policy Service Level Agreements, Supporting Service Agreements and Contracts Service Level Agreements, Operating Level Agreements and Contracts Emergency Change Policy Change Management Plans Service Improvement Policy Plan for improving the service Service Improvement Plans Availability, Service Continuity, Capacity, Roll Out and Release Plans Availability, IT Service Continuity, IT Recovery, Capacity and Release Plans Documented Processes and Procedures Appropriate Process Documentation © 2006 BSI Management Systems All Rights Reserved - 20 - Other Key Documents ISO20000 ITIL v3 • Service Management Policy • Stakeholder Management Strategy • Service Management Plan • Service Portfolio • Definitions of Service Management Roles, Responsibilities and their competencies • Service Design Package • Framework of Management Roles and Responsibilities • Test Strategy • Plans for New and Changed Services • Service Catalogue • Document Management Procedures • Reporting Policy • Risk Management Approach • Knowledge Management Strategy • Methods for Monitoring and Measuring Processes • Projected Service Outage • Service Level Package • Change Schedule • Audit Procedure and Audit Plan • Complaints process • Security Controls • List of Stakeholders and Customers • Service Report Descriptions © 2006 BSI Management Systems All Rights Reserved - 21 - Mapping Summary ISO20000 ITIL v3 Standard and Code of Practice Best Practice Certification for a service provider Qualifications for individuals Definitive high-level requirements for processes and management system Detailed Best Practice guidance, description and implementation aids Organisational structure independent Defines many function and process roles and responsibilities 13 processes; no functions, lifecycle not explicitly specified 26 processes and four functions documented in five lifecycle stages Definitive set of required documents Descriptions of key documentation © 2006 BSI Management Systems All Rights Reserved - 22 - ISO20000 – Why do you need it? Why do we need Service Management? • The Business is more and more dependent on IT • Complexity of Technology constantly Increases • Customers are demanding more for less • Global competitiveness growing at rapid rate requiring a more flexible approach to integration • Stronger focus on controlling costs of IT • Low customer satisfaction levels (Not surveys) • Information Governance Regulations • Customers have become services focused with a strong orientation related to service levels and costs. © 2006 BSI Management Systems All Rights Reserved - 24 - Drivers • Move from investing in tools to develop software to managing the quality of these systems and linked processes once they are “live” • The need to deliver cost effective service delivery • Lack of guidance and accepted standards • Raising the profile of the IT department • Government / ITIL / ISO20000 II nn vv ee ss tt m m ee nn tt Revenue Revenue growth growth Employee Employee retention retention Internal Internal Services Services Quality Quality Employee Employee satisfaction satisfaction © 2006 BSI Management Systems All Rights Reserved Value Value for for customers customers Employee Employee productivity productivity - 25 - Customer Customer satisfaction satisfaction Customer Customer loyalty loyalty Profitability Profitability Drivers to achieving certification to ISO20000 External service providers Generic drivers for all • ISO20000 is becoming a basic bid requirement especially for IT Service Providers, in the same way as ISO9000 ten years ago • Hard evidence that Quality of ITSM is taken seriously • Gives confidence to customers in selecting an external service provider who is ISO20000 certified • Enforces a method of review and assessment linked to continuous improvement • Provides a competitive edge • Staff morale boosted by working in a controlled environment Internal service providers • Enforces process compliance by turning the “shoulds” into “shalls” so that all the benefits of best practice ITSM will be gained • Significant milestone for an IT department demonstrating professionalism that has been independently certified © 2006 BSI Management Systems All Rights Reserved • Supports the business to operate more effectively - 26 - Certification to ISO 20000 • ISO 20000 is increasingly seen as the quality standard for IT Service Management • Many companies striving to adopt for its benefits to them and to also help qualify and choose suppliers and partner organizations • Only a formal certification scheme provides independent verification of compliance • Raises internal profile © 2006 BSI Management Systems All Rights Reserved - 27 - Gartner view of ISO20000 - 2006 By 2008 ITIL Compliance will be a buying criteria in 75% of relevant IT sourcing decisions (0.8 probability) By year end 2008 at least 60% public sector and at least 30% private sector relevant IT sourcing deals in mature ICT economies will demand ISO/IEC 20000 certification in their RFPs (0.6 probability) © 2006 BSI Management Systems All Rights Reserved - 28 - Samsung Case Study Benefits • Verification of IT services delivery meeting the needs of our topnotch customers • 37.5% reduction in operational problems through proactive problem management • Paradigm shift on IT service management from the technology-centered to the customeroriented • Demonstrating strengths as a strategic partner in IT outsourcing market both internally and externally © 2006 BSI Management Systems All Rights Reserved - 29 - ISO20000 – How to achieve certification Implementing Service Management Some of the biggest challenges IT teams face when implementing Service Management include: 1) getting the attention and commitment of senior management and 2) ensuring acceptance and adoption of managed change throughout the organization. © 2006 BSI Management Systems All Rights Reserved - 31 - Implementing Service Management Service Improvement Program Preparation What is the vision? What are our objectives? © 2006 BSI Management Systems All Rights Reserved Assessment Implementation Are we there? Where are we now? Where do we want to be? How do we get there? - 32 - Implementing Service Management Preparation © 2006 BSI Management Systems All Rights Reserved Assessment - 33 - Implementation Preparing for ISO20000 © 2006 BSI Management Systems All Rights Reserved - 34 - Planning and Business case • Use gap analysis to plan way forward including quick wins • Costs: Auditors Internal staff involvement External consultancy Training Tools • Benefits: Quantifiable – service improvements, staff savings, cost savings and control, holding onto contracts, winning contracts if requirement of bids, taking on more services with same staff numbers etc Non-quantifiable – quality improvements, competitive edge, staff morale, customer satisfaction etc © 2006 BSI Management Systems All Rights Reserved - 35 - Establish Management System and Processes • Use a process approach to implementation • Examine each key component in the process • Examine issues • Compare current status VS requirements • Take action on the differences and improve Process ownership • R esponsibility • A uthority • S kills • A ccountability • R ecognition The RASAR’s edge • Organizational skills assessment and training plan • Use a specified case study as guidance © 2006 BSI Management Systems All Rights Reserved - 36 - Certification Assessment Stages • Pre- audit assessment (optional) • Documentation Assessment • Compliance Assessment Pre-certification Certification Body Issues Certificate • Continuing Assessment • Triennial Re-assessment © 2006 BSI Management Systems All Rights Reserved Post-certification - 37 - Common Pit Falls to implementation 1. Existing processes & procedures did not always align 2. Some processes did NOT exist, others not being used 3. Some staff did not really understand the difference between process & procedure 4. Implementation resource – staff still had to do their “day job” 5. Staff reluctant to admit if they don’t know or understand requirements 6. Scope creep 7. Not EVERYTHING recorded or measured, especially performance of identified improvements 8. Concentration on tools rather than process implementation © 2006 BSI Management Systems All Rights Reserved - 38 - How long will it take? • For a company who has not yet implemented ITIL Approx. 18 months • For a company who has implemented ITIL well Approx. 9 months • Remember that once the processes are designed and documented, they need to be rolled out and run for about 3 months before being audited to prove compliance © 2006 BSI Management Systems All Rights Reserved - 39 - Summary Qualifications • ISO20000 consultant (ITSMF) 3 day course examining part 1, part 2 and the certification process Pre-requisite is ITIL Foundation + 5 years relevant IT experience • ISO20000 auditor (ITSMF) 2 day course examining part 1 in detail with an overview of part 2 and the certification process Pre-requisite is ISO9000/ISO27001/TickIT certified auditor or certified internal auditor • Service Quality Management Foundation (EXIN) 3 day course examining part 1, part 2 and the quality management systems in ISO9000 Pre-requisite is IT Service Management experience, preferably the ITIL Foundation • Many training providers offer non-accredited courses including awareness, planning to implement ISO20000 © 2006 BSI Management Systems All Rights Reserved - 41 - ISO 20000 Publicly AvaliableTraining • Understanding ISO 20000:2005 1 Day • ISO 20000:2005 - Internal Auditor course 3 Days • Implementing ISO 20000:2005 2 Days • Lead Auditor ISO 20000:2005 • 5 Days – Expected Launch October 2007 © 2006 BSI Management Systems All Rights Reserved - 42 - ISO20000 Certified Organizations • 161 Certified Organizations at April 2007 • External:Internal service provider ratio is approx. 2:1 © 2006 BSI Management Systems All Rights Reserved - 43 - ISO 20000 – The Future • Businesses are beginning to demonstrate increasing demand for ISO 20000-1:2005 certification • Certification will become a key market differentiator and pivotal in the selection of supplier and partner organizations. • Because of it’s strong structure and ability to show ROI, ISO 20000 will be THE frame work of choice for IT Service Management. • The standard itself will evolve to aid clarity, respond to feedback and align with ITIL3 © 2006 BSI Management Systems All Rights Reserved - 44 - References • ISO/IEC 20000 www.iso.org www.bsi-global.com www.ansi.org • ISO20000 pocket guide www.itsmf.com • BSI: Achieving ISO20000 series • BSI: A managers guide to service management • BSI: Self assessment workbook www.bsi-global.com • ITSMF Certification scheme www.isoiec20000certification.com © 2006 BSI Management Systems All Rights Reserved - 45 - Thank You [email protected] 314-831-7835 [email protected] www.bsiamericas.com 703-437-9000 © 2006 BSI Management Systems All Rights Reserved - 46 -
© Copyright 2026 Paperzz