ISO20000 Document

Understanding ISO/IEC 20000-1:2011 Presentation Slides
Understanding ISO/IEC 20000-1:2011 IT - Service Management
Copyright 2012 BSI. All rights reserved.
V2.1 June 2013 ITS-010-01-ENUS
Welcome!
Safety - be aware of emergency exits Restroom and Telephones - nearest locations Contact Number - for urgent messages Personal Property - keep possessions secure Phones and Pagers - please avoid interruptions Recording Devices - not allowed in class Lunch and Breaks - please return on time Smoking - not permitted in the classroom
ITS01001ENUS v2.1 June 2013
The British Standards Institution 2012
Student Introductions
Student Name Company and Product/Service Job Position Knowledge of ISO/IEC 20000 (scale of 1-10) Course Expectations
Fundamentals of IT Service Management and the ISO/IEC 20000 Series
Learning Objectives
Explain the management system framework Understand the purpose of ISO/IEC 20000-1:2011 Understand the role of service management processes Understand the primary requirements of ISO/IEC 200001:2011 and how they apply to IT service management systems
Service Management
Service management is defined as the:
Set of capabilities and processes to direct and control the service providers activities and resources for the design, transition, delivery and improvement of services to fulfill service requirements 3.30, ISO/IEC 20000-1:2011
ISO/IEC 20000 Series of Standards

ISO/IEC 20000-1:2011 ISO/IEC 20000-2:2012 ISO/IEC 20000-3:2012 ISO/IEC TR 200004:2010 ISO/IEC TR 200005:2010 Service management system requirements Guidance on the Application of Service Management Systems Guidance on scope definitions and applicability of ISO/IEC 20000-1 Process reference model Exemplar implementation plan for ISO/IEC 20000-1
Objectives of ISO/IEC 20000-1:2011

To improve the overall delivery of your business by improving the delivery of IT services To promote the adoption of an integrated process approach to deliver managed services to meet the business and customer requirements To help coordinate integration and implementation of the service management processes . Provides ongoing control, greater efficiency and opportunities for continual improvement To enable the organization generate revenue or be cost effective via professional service management
The Overall Purpose

Move from investing in technology to develop services to managing the quality of these systems and services Ensure cost effective service delivery Offer internationally accepted guidance, best practices, and standards Transform IT departments from reacting to business requirements to become an integral and proactive part of the business
Outcomes
Provides control, greater efficiency and opportunities for improvement Turn technology focused departments into ones with a service focus Ensure IT services are aligned with and satisfy business needs Improve system reliability and availability Provide a basis to agree levels of service and the ability to measure IT service quality Help establish the true cost of IT
10
SMS Documents
Certification
ISO/IEC 20000-1 Specification for Service Management
ISO/IEC 20000-2 Guidance on the Application of Service Management Systems BIP 0005 Management Guidance Booklet and PD 0015 IT Service Management Self-assessment workbook
Process definition
FOUNDATION
All based on foundation of the IT Infrastructure Library. The only comprehensive documentation of best practice for Service Management
11
Standards Fit
ISO/IEC 27001:2005 & ISO/IEC 27002:2005
ISO/IEC 20000:2011
ISO 9001:2008
12
ISO/IEC 20000-1:2011 and ITIL
ISO/IEC 20000:2011 and ITIL
14
ISO/IEC 20000 and ITIL Relationship

ITIL and ISO/IEC 20000 serve different purposes:
ISO/IEC 20000 provides a management system suitable for independent certification by an organization ITIL provides best practices in IT Service Management and provides certification to individuals.
It is not a requirement to adopt ITIL to achieve compliance with ISO/IEC 20000, but it will make it much easier and more robust.
15
Overview of ISO/IEC 20000-1:2011
Introduction
ISO/IEC 20000-1 requires an integrated process approach when planning, establishing, implementing, operating, monitoring, reviewing, maintaining and improving a SMS Plan Do Check Act to be applied to all parts of the SMS and its services
17
Process Approach
A process is a set of interrelated or interacting activities that uses resources to transform inputs into outputs The process approach systematically identifies and manages the linkage, combination, and interaction of a system of processes within an organization
ISO/IEC 20000-1 is based on a process

approach to service management
18
Process Approach
The process approach emphasizes the importance of:
Understanding and meeting service requirements Establishing policy and objectives for service management Design and deliver services that add value to the customer Obtaining results of SMS and service performance Continual improvement of SMS and services
19
PDCA Model
20
10
Policy and Objectives

Policy and objectives are established to:
Give focus to direct the organization Determine the desired results Assist in applying the resources
Policy is the framework for the objectives Objectives are measureable targets
Meeting the objectives has a positive impact on service quality and customer satisfaction
21
Service management system
22
11
Management System Evaluation

System processes need to be evaluated, are the:
Processes appropriately defined? Authorities and responsibilities assigned? Processes implemented and maintained? Processes achieving desired results?
System evaluations include:

Audits Management reviews
23
Continual Improvement
Set targets for improvements Implement approved improvements Revise service management documentation Measure implemented improvement against targets
Where targets not achieved, take action
Report on implemented improvements
24
12
Requirements
ISO/IEC 20000-1:2011
1. Scope
ISO/IEC 20000-1 may be used by:
Businesses that tender their services Businesses that require a consistent approach by all service providers in a chain Service providers as a benchmarking tool Organizations requiring independent assessment of IT service management Organizations the need to demonstrate the ability to provide services that meet customer requirements Organizations that aim to improve service
26
13
1.2 Application
Requirements are generic applies to any organization Exclusion of any requirement in clauses 4-9 not acceptable Requirements of clause 4 must be met by the service provider not by other parties Clauses 5-9 can be fulfilled by other parties
27
2.
Normative references
None currently cited

Clause is included for upcoming release of ISO/IEC 20000-2; Guidance on the application of service management systems.
28
14
3. Terms and Definitions

Availability Configuration Item (CI) Document Ability of a component or service to perform its required function at a stated instant or over a stated period of time Element that needs to be controlled in order to deliver a service or services Information and its supporting medium
29

Incident Unplanned interruption to a service, a reduction in the quality of a service or an event that has not yet impacted the service to the customer Root cause of one or more incidents Document stating results achieved or providing evidence of activities performed
Problem Record
30
15

Release Collection of one or more new and/or changed configuration items deployed into the live environment as a result of one or more changes Proposal for a change to be made to a service, service component or the service management system
Request for Change
Service Level Documented agreement between the service Agreement provider and customer that identifies the (SLA) services and service targets
31
4. Service Management System General Requirements

Note: SMS = Service Management System
16
Requirements
Please note: Requirements stated in the following slides are paraphrased and are not all-inclusive The slides contain high level requirements in order to provide an understanding of the standard Please consult the standard directly for definitive requirements
33
4.1 Service Management System General Requirements

4.1 4.2 4.3 4.4 4.5 Management responsibility Governance of processes operated by other parties Documentation management Resource management Establish and improve the SMS
34
17
4.1.1

Management commitment
Establish scope, policy and objectives Create the service management plan Communicate importance of meeting service requirements Communicate importance of meeting legal requirements Ensure provision of resources Conduct management reviews at planned intervals Ensure risks to services is assessed and managed
35
4.1.2

Service management policy
Appropriate to the organization Commitment to meet service requirements Continually improve the SMS and services Establish a framework for SM objectives Be communicated and understood by SM personnel Be reviewed for continuing suitability
36
18
4.1.3
Authority, responsibility and communication
SM authorities and responsibilities are defined and maintained Documented procedures for communication are established
37
4.1.4
Management representative
Member of management who shall: Ensure activities are performed to identify, document and fulfill requirements Assign authorities and responsibilities Ensure service management processes are integrated Ensuring assets used to deliver services are managed Report performance and improvements to top management
38
19
4.2 Governance of processes operated by other parties

Must identify processes or parts operated by other parties Can be internal groups, customer or supplier Governance demonstrated by Showing accountability for the process Controlling the process definition Determining process performance Controlling the planning of improvements Suppliers managed through supplier management Internal groups/customers controlled through service level management
39
4.3.1 Establish and maintain documents

Must maintain documents and records to include:
Policy and objectives Service management plan Policies and procedures specified in this standard Service catalog SLAs Service management processes Procedures and records required by this standard Documents determined by the service provider as necessary to ensure control of the SMS and delivery of services
40
20
4.3.2 Control of documents

Documents needed by the SMS must be controlled. A documented procedure will define controls to: Create and approve documents Review and maintain documents Ensure current revisions are identified Ensure relevant versions are available at point of use Prevent unintended use of obsolete documents
41
4.3.3 Control of records

Records are kept as evidence of conformity to requirements A documented procedure will define controls needed for: Identification Storage Protection Retrieval Retention Disposal
42
21
4.4.1 Provision of resources

Service provider must determine and provide human, technical, information and financial resources to: Establish, implement and maintain the SMS and services Enhance customer satisfaction
43
4.4.2 Human resources

Personnel performing work affecting conformity to service requirements must be competent. The service provider shall: Determine competencies Where applicable, provide training to achieve competence Evaluate effectiveness of actions taken Ensure personnel are aware of importance of their contribution to achieving SM objectives Maintain records of education, training, skills and experience
44
22
4.5.1 Define scope

Define and include scope in the service management plan. Defined by name of organizational unit providing services and services delivered
45
4.5.2 Plan the SMS (Plan)

SM plans must contain or reference: Scope of SM Objectives to be achieved and requirements to be met Approach taken for management of risks and criteria for accepting risk Framework of management roles and responsibilities Interfaces between SM processes How effectiveness of the SMS will be measured, audited, reported and improved
46
23
4.5.3 Implement and operate the SMS (Do)

Allocating funds and budgets Allocating authorities, responsibilities and process roles Management of human, technical and information resources Identifying, assessing and managing risks to the service Management of service management processes Managing and reporting on performance
47
4.5.4 Monitor and review the SMS (Check)

Objectives of internal audits and management reviews must be documented. Results of internal audits and management reviews must be recorded. Internal audits conducted at planned intervals. Documented procedure for internal audits Management reviews conducted at planned intervals must be recorded and cover:
Customer feedback Risks Results and follow-up from previous management reviews
48
24
4.5.5 Maintain and improve the SMS (Act)

Documented policy on continual improvement Documented procedure for approving, managing and measuring improvements Opportunities for improvement must be documented Causes of nonconformities must be corrected Corrective actions performed to prevent recurrence Preventive actions performed to prevent occurrence Set targets for improvements Ensure improvements achieve desired results
49
5. Design and transition of new or changed services

25
5.
5.1 5.2 5.3 5.4
Design and transition of new or changed services

General Plan new or changed services Design and development of new or changed services Transition of new or changed services
51
5.1 General
This process used where new/changed services have the potential to have a major impact on services or customer Changes determined by change management policy Assessment, approval and scheduling through change management process Cis affected by new/changed service controlled through configuration management process
52
26
5.2 Plan new or changed services

New/changed services must be planned to fulfill service requirements Planning must be agreed with the customer Planning shall contain or reference:
Authorities and responsibilities for design, development and transition Human, technical, information and financial resources Identification, assessment and management of risk Testing required Expected outcomes in measureable terms
53
5.3 Design and development of new or changed services

New/changed services must be documented to include: Authorities and responsibilities for delivery of new service Activities performed by service provider, customer or others New/changed technology to support the service New/changed plans and policies New/changed SLAs Updates to the service catalog
54
27
5.4 Transition of new or changed services

New/changed services must be tested Verified against acceptance criteria agreed between the service provider and interested parties Release and deployment process used to deploy the change Following transition, service provider must report on outcome achieved against expected outcomes
55
6. Service delivery processes

28
6.
6.1 6.2 6.3 6.4 6.5 6.6
Service delivery processes

Service level management Service reporting Service continuity and availability management Budgeting and accounting for services Capacity management Information security management
57
6.1 Service level management

Service catalog must be documented and agreed with customer Each service provided, SLAs shall be agreed with the customer and documented Services and SLAs must be reviewed with customer at planned intervals Changes to SLAs, catalog or requirements are controlled through change management For service components provided by an internal group, the service provider must maintain a documented agreement
58
29
6.2 Service reporting

The description, purpose, audience frequency and data sources for reports must be agreed by interested parties Produce service reports for the delivery of services and the SMS including:
Performance against targets Information on major incidents, deployments and invocation of the service continuity plan Detected nonconformities Trend information Customer satisfaction
59
6.3.1
Service continuity and availability requirements
Must assess and document risks to service continuity and availability of services Continuity and availability requirements must be agreed with the customer and interested parties. These shall include at least:
Access rights to services Service response times End to end availability of services
60
30
6.3.2 Service continuity and availability plans

Service continuity and availability plans must be created, implemented and maintained Changes to plans controlled through change management Service continuity plans, contact lists and the CMDB must be accessible when access to normal locations is prevented Availability plans must include availability requirements and targets Requests for change must be assessed for impact on service continuity and availability plans
61
6.3.3 Service continuity and availability monitoring and testing

Availability must be monitored and results recorded Unplanned non-availability must be investigated and actions taken Service continuity and availability plans must be tested against requirements Plans must be re-tested after major changes to environment Results of tests must be recorded Reviews must be conducted after each test and action taken where deficiencies are found
62
31
6.4 Budgeting and accounting for services

Organization must have documented policies and procedures for:
Budgeting and accounting for service components Apportioning indirect costs / allocating direct costs to provide an overall cost for each service Effective financial control and authorization
Monitor and report costs against budget Provide information to change management for costing requests for change
63
6.5 Capacity management

Identify and agree capacity and performance requirements with the customer and interested parties Create and maintain a capacity plan Changes to plan controlled through change management Plan to include at least:
Current and forecast demand for services Timescales, thresholds and costs for upgrades Potential impact of legal changes Potential impact of new technologies or techniques
64
32
6.6.1 Information security policy

Management with proper authority must approve an information security policy. Management shall:
Communicate policy to all relevant personnel , customers and suppliers Ensure information security objectives are established Define approach for managing security risks and criteria for accepting risks Ensure information security risk assessments are conducted at planned intervals Ensure internal information security audits are conducted Ensure audit results are reviewed and acted upon.
65
6.6.2 Information security controls

Information security controls must be documented and include the risks to which the controls relate Review the effectiveness of controls Identify external organizations with a need to access, use or manage the service providers information or services Controls for external organizations must be agreed and documented
66
33
6.6.3 Information security changes and incidents

Requests for change must be assessed to:
Identify new or changed information security risks Identify potential impact on existing policy and controls
Incidents are managed according to a procedure Service provider shall analyze types, volumes and impacts of information security incidents Information security incidents shall be reported and reviewed
67
7.
Relationship Processes
34
7. Relationship Processes
7.1 7.2 Business relationship management Supplier relationship
69
7.1 Business relationship management

Service provider must:
Identify and document customers, users and interested parties of the services Provide an individual for each customer to manage the relationship
Review performance of services with customer at planned intervals Agree with customer on definition of a formal service complaint Document a procedure for managing complaints
70
35
7.2 Supplier management

Service provider may use suppliers to implement and operate some parts of the service management processes Each supplier shall have a designated supplier manager The service provider and supplier shall agree to and document a contract and controlled by change management Roles and relationships between lead and sub-contracted suppliers must be documented Service provider shall monitor supplier performance at planned intervals and record results
71
8.
Resolution Processes
36
8. Resolution processes
8.1 8.2 Incident and service management request management Problem management
73
8.1 Incident and service request management

Documented procedure for all incidents to define recording, priority, classification, update, escalation, resolution and closure Documented procedure for service requests Personnel in incident and service request management must have access to relevant information Document and agree with customer on definition of a major incident Top management must be informed of all major incidents
74
37
8.2 Problem management

Documented procedure to identify problems and minimize or avoid impact of incidents Analyze data and trends of incidents and problems Problems requiring changes to a CI must be controlled by raising a request for change Known errors shall be recorded The effectiveness of problem resolutions shall be monitored, reviewed and reported
75
9. Control Processes
38
9. Control processes
9.1 9.2 9.3 Configuration management Change management Release and deployment management
77
9.1 Configuration management

Document a procedure for each type of CI Cis must be uniquely identified and recorded in the CMDB Document a procedure to record, control and track Cis CMDB records shall be audited at planned intervals Information from the CMDB shall be provided to the change management process A configuration baseline shall be taken prior to deployment Master copies of Cis must be stored in secure libraries and include documentation and license information
78
39
9.2 Change management

Document a change management policy Document a procedure to record, classify, assess and approve requests for change Document and agree with the customer a definition for an emergency change Document an emergency change procedure All changes to a service or service component must be raised using a request for change The CMDB shall be updated following successful deployment
79
9.3
Release and deployment management
Establish and agree with customer a release policy Plan new/changed service deployment with the customer Document and agree with customer the definition of an emergency release Emergency releases managed to a documented procedure Release shall be tested in a controlled test environment prior to deployment Acceptance criteria shall be agreed with the customer Activities to reverse or remediate a release shall be planned
80
40
Summary
Summary and Questions?

Purpose and benefits of ISO/IEC 20000-1:2011 Purpose of ISO 20000 standards Overview of the Management system Process approach and PDCA Management responsibilities Documentation requirements Service management processes
82
41
Contact Information
Address: BSI Group America, Inc. 12110 Sunset Hills Road Suite 200 Reston, VA 20190-5902 Telephone: 1 (888) 429-6178 Fax: 1 (703) 437-9001 Email: Solutions.msamericas@bsigroup.com Web www.bsiamerica.com
83
Thank you for participating!

ISO/IEC 20000-1:2011 Understanding
42
43

ISO20000 Document

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISO20000 Document

Uploaded by

Copyright:

Available Formats

Understanding ISO/IEC 20000-1:2011 Presentation Slides

Understanding ISO/IEC 20000-1:2011 IT - Service Management

Copyright 2012 BSI. All rights reserved.

V2.1 June 2013 ITS-010-01-ENUS

Copyright 2012 BSI. All rights reserved.

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

Copyright 2012 BSI. All rights reserved.

Fundamentals of IT Service Management and the ISO/IEC 20000 Series

Copyright 2012 BSI. All rights reserved.

V2.1 June 2013 ITS-010-01-ENUS

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

Copyright 2012 BSI. All rights reserved.

Copyright 2012 BSI. All rights reserved.

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

ISO/IEC 20000 Series of Standards

Copyright 2012 BSI. All rights reserved.

Objectives of ISO/IEC 20000-1:2011

Copyright 2012 BSI. All rights reserved.

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

The Overall Purpose

Copyright 2012 BSI. All rights reserved.

Copyright 2012 BSI. All rights reserved.

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

Copyright 2012 BSI. All rights reserved.

ISO/IEC 27001:2005 & ISO/IEC 27002:2005

Copyright 2012 BSI. All rights reserved.

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

ISO/IEC 20000-1:2011 and ITIL

Copyright 2012 BSI. All rights reserved.

V2.1 June 2013 ITS-010-01-ENUS

ISO/IEC 20000:2011 and ITIL

Copyright 2012 BSI. All rights reserved.

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

ISO/IEC 20000 and ITIL Relationship

Overview of ISO/IEC 20000-1:2011

Copyright 2012 BSI. All rights reserved.

V2.1 June 2013 ITS-010-01-ENUS

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

Copyright 2012 BSI. All rights reserved.

ISO/IEC 20000-1 is based on a process

Copyright 2012 BSI. All rights reserved.

ITS01001ENUS v2.1 June 2013

The British Standards Institution 2012

Understanding ISO/IEC 20000-1:2011 Presentation Slides

Copyright 2012 BSI. All rights reserved.

Copyright 2012 BSI. All rights reserved.

ITS01001ENUS v2.1 June 2013