Professional Documents
Culture Documents
Welcome!
Safety - be aware of emergency exits Restroom and Telephones - nearest locations Contact Number - for urgent messages Personal Property - keep possessions secure Phones and Pagers - please avoid interruptions Recording Devices - not allowed in class Lunch and Breaks - please return on time Smoking - not permitted in the classroom
Student Introductions
Student Name Company and Product/Service Job Position Knowledge of ISO/IEC 20000 (scale of 1-10) Course Expectations
Learning Objectives
Explain the management system framework Understand the purpose of ISO/IEC 20000-1:2011 Understand the role of service management processes Understand the primary requirements of ISO/IEC 200001:2011 and how they apply to IT service management systems
Service Management
Service management is defined as the:
Set of capabilities and processes to direct and control the service providers activities and resources for the design, transition, delivery and improvement of services to fulfill service requirements 3.30, ISO/IEC 20000-1:2011
Outcomes
Provides control, greater efficiency and opportunities for improvement Turn technology focused departments into ones with a service focus Ensure IT services are aligned with and satisfy business needs Improve system reliability and availability Provide a basis to agree levels of service and the ability to measure IT service quality Help establish the true cost of IT
10
SMS Documents
Certification
ISO/IEC 20000-1 Specification for Service Management
ISO/IEC 20000-2 Guidance on the Application of Service Management Systems BIP 0005 Management Guidance Booklet and PD 0015 IT Service Management Self-assessment workbook
Process definition
FOUNDATION
All based on foundation of the IT Infrastructure Library. The only comprehensive documentation of best practice for Service Management
11
Standards Fit
ISO/IEC 20000:2011
ISO 9001:2008
12
14
It is not a requirement to adopt ITIL to achieve compliance with ISO/IEC 20000, but it will make it much easier and more robust.
Copyright 2012 BSI. All rights reserved.
15
Introduction
ISO/IEC 20000-1 requires an integrated process approach when planning, establishing, implementing, operating, monitoring, reviewing, maintaining and improving a SMS Plan Do Check Act to be applied to all parts of the SMS and its services
17
Process Approach
A process is a set of interrelated or interacting activities that uses resources to transform inputs into outputs The process approach systematically identifies and manages the linkage, combination, and interaction of a system of processes within an organization
18
Process Approach
The process approach emphasizes the importance of:
Understanding and meeting service requirements Establishing policy and objectives for service management Design and deliver services that add value to the customer Obtaining results of SMS and service performance Continual improvement of SMS and services
19
PDCA Model
20
10
Policy is the framework for the objectives Objectives are measureable targets
Meeting the objectives has a positive impact on service quality and customer satisfaction
21
22
11
23
Continual Improvement
Set targets for improvements Implement approved improvements Revise service management documentation Measure implemented improvement against targets
Where targets not achieved, take action
24
12
Requirements
ISO/IEC 20000-1:2011
1. Scope
ISO/IEC 20000-1 may be used by:
Businesses that tender their services Businesses that require a consistent approach by all service providers in a chain Service providers as a benchmarking tool Organizations requiring independent assessment of IT service management Organizations the need to demonstrate the ability to provide services that meet customer requirements Organizations that aim to improve service
26
13
1.2 Application
Requirements are generic applies to any organization Exclusion of any requirement in clauses 4-9 not acceptable Requirements of clause 4 must be met by the service provider not by other parties Clauses 5-9 can be fulfilled by other parties
27
2.
Normative references
28
14
29
Problem Record
30
15
Service Level Documented agreement between the service Agreement provider and customer that identifies the (SLA) services and service targets
31
16
Requirements
Please note: Requirements stated in the following slides are paraphrased and are not all-inclusive The slides contain high level requirements in order to provide an understanding of the standard Please consult the standard directly for definitive requirements
33
34
17
4.1.1
Management commitment
Establish scope, policy and objectives Create the service management plan Communicate importance of meeting service requirements Communicate importance of meeting legal requirements Ensure provision of resources Conduct management reviews at planned intervals Ensure risks to services is assessed and managed
35
4.1.2
Appropriate to the organization Commitment to meet service requirements Continually improve the SMS and services Establish a framework for SM objectives Be communicated and understood by SM personnel Be reviewed for continuing suitability
36
18
4.1.3
SM authorities and responsibilities are defined and maintained Documented procedures for communication are established
37
4.1.4
Management representative
Member of management who shall: Ensure activities are performed to identify, document and fulfill requirements Assign authorities and responsibilities Ensure service management processes are integrated Ensuring assets used to deliver services are managed Report performance and improvements to top management
38
19
39
40
20
41
42
21
43
44
22
45
46
23
47
48
24
49
25
5.
5.1 5.2 5.3 5.4
51
5.1 General
This process used where new/changed services have the potential to have a major impact on services or customer Changes determined by change management policy Assessment, approval and scheduling through change management process Cis affected by new/changed service controlled through configuration management process
52
26
53
54
27
55
28
6.
6.1 6.2 6.3 6.4 6.5 6.6
57
29
59
6.3.1
Must assess and document risks to service continuity and availability of services Continuity and availability requirements must be agreed with the customer and interested parties. These shall include at least:
Access rights to services Service response times End to end availability of services
60
30
61
31
Monitor and report costs against budget Provide information to change management for costing requests for change
63
64
32
66
33
Incidents are managed according to a procedure Service provider shall analyze types, volumes and impacts of information security incidents Information security incidents shall be reported and reviewed
67
7.
Relationship Processes
34
7. Relationship Processes
7.1 7.2 Business relationship management Supplier relationship
69
Review performance of services with customer at planned intervals Agree with customer on definition of a formal service complaint Document a procedure for managing complaints
70
35
8.
Resolution Processes
36
8. Resolution processes
8.1 8.2 Incident and service management request management Problem management
73
74
37
75
9. Control Processes
38
9. Control processes
9.1 9.2 9.3 Configuration management Change management Release and deployment management
77
78
39
9.3
Establish and agree with customer a release policy Plan new/changed service deployment with the customer Document and agree with customer the definition of an emergency release Emergency releases managed to a documented procedure Release shall be tested in a controlled test environment prior to deployment Acceptance criteria shall be agreed with the customer Activities to reverse or remediate a release shall be planned
80
40
Summary
82
41
Contact Information
Address: BSI Group America, Inc. 12110 Sunset Hills Road Suite 200 Reston, VA 20190-5902 Telephone: 1 (888) 429-6178 Fax: 1 (703) 437-9001 Email: Solutions.msamericas@bsigroup.com Web www.bsiamerica.com
83
42
43