Professional Documents
Culture Documents
Agenda
What is ISO 20000? Why have it? Advantages ISO 20000 & the V3 Lifecycle ISO 20000 Current and Future status Available Publications Questions
"The wonderful thing about standards is that there are so many of them to choose from". - Grace Hopper
Service Management Frameworks Governance Quality Management e tic ac es r s t P es es roc ITIL B P Maturity Measure CMMI
& it ce ud ran A u s As y lit ua Q
er riv D
SOX
External Drivers
Overall Framework
ISO 20000
COBIT
Independent Certification
BASEL II eTOM
ce ss Ma p Six Sigma Pr o
ISO/IEC 20000 is the international, independent Quality Standard for IT Service Management. This quality standard specifies the practical procedures an organisation should follow to improve the quality of its IT Service Management processes. Published in December 2005, is the first international standard for IT Service Management - based on British Standard, BS 15000. ISO/IEC 20000 is aligned with and complementary to the process approach defined within ITIL from the Office of Government Commerce (OGC).
ISO 20000-1 ('part 1') is the formal specification, it defines the requirements that must be achieved. It promotes the adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements. ISO 20000-2 ('part 2') is a 'code of practice', and describes the best practices for service management within the scope of ISO20000-1. Part 2 describes a code of practice. It comprises the same sections as 'part 1' but excludes the 'Requirements for a Management system' as no requirements are imposed by 'part 2'.
ISO/IEC 20000 is independent of all frameworks, it is framework neutral. There is no control defined or implied between the standard and frameworks such as MOF, ITIL or to their supporting qualification schemes. Each is developed autonomously to the other.
There are many defined frameworks both public (MOF) and private (inhouse best practices) that can help the drive towards recognition of capability and therefore eventually ISO/IEC 20000 certification.
Copyright 2008 NSS
Both internal and external service providers are being challenged to prove they will be able to provide the required service quality and to that end have adequate service management processes in place. External service providers have already been requested to become certified to the standard as part of invitation to tenders. The award of the ISO/IEC 20000 certificate is subject to audits conducted by Registered Certification Bodies against ISO/IEC 20000 Part 1 The Specification which ensure that a service provider is designing, implementing and managing an IT Service Management system in line with the requirements of the standard.
The new ISO/IEC 20000 (BS 15000) standard is set to become a cornerstone for improving the management of external service providers. It involves the processes, policies, documentation, roles and responsibilities associated with service delivery and support.
Source : Gartner Inc., G00136652, ISO/IEC 20000 Has an Important Role in Sourcing Management, January 5, 2006
Copyright 2008 NSS
Reduce operational exposure to risk Meet contractual requirements Demonstrate service quality Promote the adoption of an integrated process approach to deliver managed services to meet the business and customer requirements Enable the understanding of best practices, objectives, benefits and possible problems of service management Help organizations generate revenue or be cost effective via Copyright 2008 NSS professional service management
Alignment of information technology services and business strategy. Creation of a formal framework for current service improvement projects Provides a benchmark type comparison with best practices Creation of inter-enterprise operational processes Creates a progressive ethos and culture Creates competitive advantage
Copyright 2008 NSS
Reduction of risk and thus cost in terms of external service receipt Aids major organizational changes Enhanced reputation and perception Fundamental shift to pro-active rather than re-active processes Improved relationship between different departments Creation of a stable framework for both resource training and service management automation.
Copyright 2008 NSS
ITIL and ISO 20000 serve different purposes ISO 20000 provides an Independent standard suitable for third-party certification ITIL provides best practices in ITSM
Achievement
Management Overview
ITIL Master
ITIL Expert
Service Strategy
Service Design
Service Transition
Service Operation
Lifecycle Modules
Capability Modules
Auditing
Lead Auditor Certificate
Filtered
Filtered
Professional
Support of IT Services Control of IT Services Management and Improvement of IT Services Delivery of IT Services Alignment of Business and IT
Foundation
Foundation Certificate
Start Here
Objective: To provide a management system, including policies and a framework to enable the effective management and implementation of all IT services.
ISO 20000 Contents Requirements for a Management System Planning and Implementing Service Management
Business requirements Customer requirements Request for new/ Changed services Managed Services Management Responsibility Plan Plan service management Business Results Customer Satisfaction New / changed services
Objective:
Do Act Other processes a management system, including policies and To provide Implement service Continual e.g. business, to enable the effective management and implementation of management Improvement Supplier, customer Service Desk Other teams, e.g. security, IT operations Check Monitor, Measure and Review
ISO 20000 Contents Requirements for a Management System Planning and Implementing Service Management
Objective:
Objective: To provide a management system, including policies and a framework toTo ensureeffective managementand implementation of all IT services. enable the that new services and changes to services will be deliverable and manageable at the agreed cost and service quality.
ISO 20000 Contents Requirements for a Management System Planning and Implementing Service Management Planning and Implementing new or Changed Services Service Delivery Processes
Capacity Management Service Level Management Service Reporting Control Processes Objective: Configuration Management
Release Relationship To provide a management system, Management policies and a framework Change including Processesthe effective management and implementation of all IT services. Processes to enable Resolution Processes
Release Management Business Relationship Management Incident Management Problem Management Supplier Copyright Management 2008 NSS
10
Current Status
Code of Practice
Describes the best practices for service management within the scope of ISO20000-1 Covers ITIL processes within ITSM Copyright 2008 NSS
ISO/IEC 20000-3 - Scoping and Applicability ISO/IEC 20000-4 - IT Service Management Process Reference Model ISO/IEC 20000-5 - Incremental Approach Exemplar Implementation Plan
Part 1
Part 2
Part 3
Part 4
Part 5
11
(FDIS). (FDIS).
3. Committee stage -- sent out for comments until a consensus is reached. The output 3. Committee stage sent out for comments until a consensus is reached. The output of this stage is the Draft International Standard (DIS). of this stage is the Draft International Standard (DIS).
2. Preparatory stage -- a working draft of the standard is developed. 2. Preparatory stage a working draft of the standard is developed.
1. Proposal stage -- a need for a standard is determined and members are identified 1. Proposal stage a need for a standard is determined and members are identified who are willing to work on it (TC/SC). who are willing to work on it (TC/SC).
Lifecycle of a standard
Working Draft (WD) Committee Draft (CD) Final Committee Draft (FCD) Final Draft International Standard (FDIS) Standard
Copyright 2008 NSS
12
ISO 20000-1 ISO 20000-2 ISO 20000-3 ISO 20000-4 ISO 20000-5
(Working Draft 3)
itSMF created, and now manages the ISO/IEC 20000 IT Service Management Certification Scheme which provides this independent verification against ISO/IEC 20000. Operation of the scheme is closely monitored by itSMF to ensure consistency of implementation.
Any organisation wishing to be formally certified against the scheme will need to be assessed by an itSMF Registered Certification Body (RCB).
13
ISO/IEC 20000 is increasingly seen as the quality standard for IT Service Management which many companies are striving to adopt. Any organisation is able to claim compliance with an industry standard such as ISO/IEC 20000 and may put such claims in their documentation and other collateral.
It is more valuable for compliance claims to be independently verified as part of a formal certification scheme (ISO 9000 and BS 7799/ ISO 27001 are examples where such certification schemes have already been established).
Copyright 2008 NSS
Organisational Certification
8. Maintenance 8. Maintenance 7. Registration 7. Registration 6. Schedule and Complete Initial Assessment 6. Schedule and Complete Initial Assessment 5. Select the Registered Certification Body 5. Select the Registered Certification Body 4. Obtain Quotations 4. Obtain Quotations 3. Optional initial Self-Assessment 3. Optional initial Self-Assessment 2. Determine the scope 2. Determine the scope 1. Identify/determine the need 1. Identify/determine the need
Copyright 2008 NSS
14
Certified Organisations
Once an organisation has successfully completed an ISO/IEC 20000 audit by a Registered Certification Body and a certificate bearing the scheme logo has been issued, the organisation is eligible to use the logo as evidence of their achievement. The certified organisation also has the right to request a listing on the ISO/IEC 20000 site.
Users of this site should note that ISO/IEC 20000 certifies the quality management system and processes SUPPORTING the products or services provided - It does NOT certify the products or services themselves.
The scoping statements associated with each certification should be carefully read to ensure the scope of certification, and geographical Copyright 2008 NSS locations, actually cover the areas of interest
Available Publications
15
Available Publications
Pocket Guide
Certification Roadmap
Capacity Management
Enabling Change
Thank You
Questions?
16