Upload
hector-armstrong
View
21
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Answers about ITIL
Citation preview
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 2005 ITSM Implementation ChecklistInterviewee: ____________________
Designation: ____________________
Interviewer: ____________________
Date: ____________________
Instructions on Use:
1. The purposes for this implementation / interview checklist are to:
a) Gauge the level of compliance to ISO20000-1:2005 requirements by your group / dept / division
b) Facilitate the provision of information necessary for ISO20000-1:2005 implementation
c) Serve as a training materials for understanding the ISO20000-1:2005 requirements
2. Please spend about 2 hours going through the checklists, answering the questions to the best of your knowledge. The Interviewer will go through the questions with you to help you to answer some of the questions during the interview session.
3. Please also provide a copy (where available) of the following:
a) Documentation, records, procedures, flow-charts relating to the questions posed in this interview checklist.
4. Areas covered in this implementation / interview checklist include:
a) 3. General Requirements for Mgmt System (Include 3.1 Mgmt Responsibility, 3.2 Documentation Requirements, 3.3 Competency, Training & Awareness)
b) 4. Planning and Implementating IT Service Mgmt (Include 4.1 Plan Svc Mgmt, 4.2 Implement Svc Mgmt, 4.3 Monitor, Measure & Review, 4.4 Continual Improvement)
c) 5. Planning and Implementing New or Changed Service s
d) 6. Service Delivery Process (Include 6.1 Service Level Mgmt, 6.2 Service Reporting, 6.3 Service Continuity & Availability Mgmt, 6.4 Budgeting & Accounting For IT Services, 6.5 Capacity Mgmt, 6.6 Information Security Mgmt)
e) 7. Relationship Mgmt (Include 7.1 Biz Relationship Mgmt and 7.2 Supplier Mgmt)
f) 8. Resolution Processes (Include 8.1 Incident Mgmt, 8.2 Problem Mgmt)
g) 9. Control Processes (Include 9.1 Configuration Mgmt, 9.2 Change Mgmt)
h) 10. Release Process
document.doc (Jun 2007) Page 1 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
document.doc (Jun 2007) Page 2 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.
3 Requirements For Mgmt SystemIs there a mgmt system, including policies and a framework to enable effective mgmt and implementation of all IT services? (List all key IT services provided & answer this
question for each of the key IT services provided)
3.1 Mgmt Responsibility
a) Is there leadership and actions by top/executive mgmt to provide evidence on the commitment to the development, implementation and improvement of its service mgmt capability, within the context of the organisation ‘s business and customer requirements?
Remarks (if any):
b) Do mgmt staff (especially your mgr): Establish the service mgmt policy, objectives and
plan? Communicate the importance of meeting service
mgmt objectives and the need for continual improvements?
Ensure customer requirements are determined and are met with the aim of improving customer satisfaction?
Appoint a member of mgmt responsible for the co-ordination and management of all services?
Determine and provide resources to plan, implement, monitor, review and improve service delivery and mgmt? (e.g. recruit appropriate staff, manage staff turnover)
Manage risks to service mgmt organisation and services?
Conduct review of service mgmt, at planned intervals, to ensure continual suitability, adequacy and effectiveness
Remarks (if any):
3.2 Documentation Requirementsa) Are there documentation and records to ensure
effective planning, operation and control of service
document.doc (Jun 2007) Page 3 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.mgmt? Do these include: Documented service mgmt policies and plans? Documented service level agreements? Established procedures and responsibilities for the
creation, review, approval, maintenance, disposal and control of various types of documents and records?
Remarks (if any):
Documented processes and procedures required by this standard: 2.6 Document : Examples of documents include
policy statements, plans, procedures, service level agreements and contracts
2.13 Service Level Agreement (SLA) - written agreement between a service provider and a customer that documents services and agreed service levels
3.2 Documentation Requirements : Service providers shall provide documentation to ensure effective planning, operation and control of service management such as documented service management policies and plans, and documented service level agreements
4.1 Plan Service Mgmt : Documented responsibilities for reviewing, authorising, communicating, implementing and maintaining the service mgmt plans
4.2 Implement Service Management and Provide the Services: Documenting and maintaining the policies, plans, procedures and definitions for each process or set of processes
4.4 Continual Improvement : Process in place to identify, measure, report and manage improvement activities on an on-going basis
6.1 Service Level Mgmt : Each service provided shall be defined, agreed and documented in one or more service level agreements (SLAs)
6.6 Info Security Mgmt : Security controls shall be documented. The documentation shall describe the risks to which the controls relate, and the manner of operation and maintenance of the controls
7.1 Business Relationship Mgmt : The service provider shall identify and document the stakeholders and customers of the services
document.doc (Jun 2007) Page 4 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A. 7.2 Supplier Mgmt : The service provider shall
have documented supplier management processes and shall name a contract manager responsible for each supplier
The requirements, scope, level of service and communication processes to be provided by the supplier(s) shall be documented in SLAs or other documents and agreed by all parties
The interfaces between processes used by each party shall be documented and agreed
8.1 Incident Mgmt : Procedures shall define the recording, prioritization, business impact, classification, updating, escalation, resolution and formal closure of all incidents
8.2 Problem Mgmt : Procedures shall be adopted to identify, minimize or avoid the impact of incidents and problems. They shall define the recording, classification, updating, escalation, resolution and closure of all problems
9.1 Configuration Mgmt : There shall be a policy on what is defined as a configuration item and its constituent components
Configuration audit procedures shall include recording deficiencies and instigating corrective actions and reporting on the outcome
9.2 Change Mgmt : Service and infrastructure changes shall have a clearly defined and documented scope
10.1 Release Mgmt : The release policy stating the frequency and type of releases shall be documented and agreed
Remarks (if any):
Records required by this standard : 2.3 Change record : record containing details of
which configuration items (see 2.4) are affected and how they are affected by an authorized change
2.9 Record : Records are distinguished from documents by the fact that they function as evidence of activities, rather than evidence of intentions
Examples of records include audit reports, requests for change, incident reports, individual training records and invoices sent to customers
document.doc (Jun 2007) Page 5 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A. 3.2 Documentation Requirements : Service
providers shall provide records to ensure effective planning, operation and control of service management
7.1 Business Relationship Mgmt: Meetings btw service provider and customer of the services shall be documented
4.3 Monitoring, Measuring and Reviewing : The objective of service management reviews, assessments and audits shall be recorded together with the findings of such audits and reviews and any remedial actions identified
4.4 Continual Improvements : All suggested service improvements shall be assessed, recorded, prioritized and authorized
6.1 Service Level Mgmt : Objective - To define, agree, record and manage levels of service
The full range of services to be provided together with the corresponding service level targets and workload characteristics shall be agreed by the parties and recorded
SLAs, together with supporting service agreements, third party contracts and corresponding procedures, shall be agreed by all relevant parties and recorded
6.3 Availability and Service Continuity Management: Availability shall be measured and recorded. All continuity tests shall be recorded and test failures shall be formulated into action plans
6.6 Info Security Mgmt : Security incidents shall be reported and recorded in line with incident management procedure as soon as possible
7.1 Business Relationship Mgmt : All formal service complaints shall be recorded by the service provider, investigated, acted upon, reported and formally closed
A process shall exist for obtaining and acting upon feedback from regular customer satisfaction measurements. Actions for improvement identified during this process shall be recorded and input into the service improvement plan
7.2 Supplier Mgmt : Performance against service level targets shall be monitored and reviewed. Actions for improvement identified during this process shall be recorded and input
document.doc (Jun 2007) Page 6 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.into the service improvement plan
8.1 Incident Mgmt : All incidents shall be recorded
8.2 Problem Mgmt : All identified problems shall be recorded.
Problem management shall be responsible for ensuring up-to-date information on known errors and corrected problems is available to incident management. Actions for improvement identified during this process shall be recorded and input into the service improvement plan
9.1 Config Mgmt : There shall be a policy on what is defined as a configuration item and its constituent components. The information to be recorded for each item shall be defined and shall include the relationships and documentation necessary for effective service management
All configuration items shall be uniquely identifiable and recorded in a CMDB to which update access shall be strictly controlled
9.2 Change Mgmt : All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor
All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor. Actions for improvement identified from change management shall be recorded and input into the service improvement plan
10.1 Release Mgmt : Plans shall record the release dates and deliverables and refer to related change requests, known errors and problems. They shall be communicated to incident management
Remarks (if any):
3.3 Competency, Training & Awarenessa) Are service management roles and responsibilities
defined and maintained with the competencies to execute them effectively?
b) Are staff competency and training needs reviewed and managed to enable staff to perform their role effectively
c) Are employees aware of the relevance and importance of their activities and how they contribute to the achievement of the service mgmt objectives
Remarks (if any):
document.doc (Jun 2007) Page 7 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.
4 Planning & Implementing Service Mgmt4.1 Plan Service Mgmt (Plan)
a) Is there a service mgmt plan? Does it define: The scope of the service mgmt within the
organisation The objectives and requirements that are to be
achieved The processes that are to be executed The framework of mgmt roles and
responsibilities, including process owner and mgmt of 3rd party suppliers
The interfaces btw svc mgmt processes and manner in which activities are to be co-ordinated
The approach to be taken in identifying, assessing and managing issues and risks to the achievement of defined objectives
The approach for interfacing to projects that are creating or modifying services
The tools as appropriate to support the processes How the quality of service will be managed,
audited and improved
Remarks (if any):
4.2 Implement Service Mgmt & Provide the Svc (Do) a) Does the organisation implement the Service Mgmt
Plan to manage and deliver the service, including: Allocation of funds and budgets Allocation of roles & responsibilities Documenting and maintaining the policies, plan,
procedures and definitions for each process or set of processes
Identification and management of risks to the service
Managing teams, e.g. recruiting and developing appropriate staff and managing staff continuity
Managing of facilities and budget Managing the teams including service desk and
operations Reporting progress against the plans Co-ordination of service mgmt processes
Remarks (if any):
4.3 Monitoring, Measuring and Reviewing (Check)
document.doc (Jun 2007) Page 8 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.
a) Does the organisation apply suitable methods for monitoring and measurement of the service mgmt processes?
b) Do these methods demonstrate the ability of the processes to achieved planned results?
c) Are mgmt reviews conducted at planned intervals to determine whether the service mgmt requirements Conform with the Service Mgmt Plan and to the
requirements of the ISO20000-1 standard Are effectively implemented and maintained
d) Is an audit planned, taking into the consideration the status and importance of the processes and areas to be audited, as well as results of previous audits?
e) Is the audit criteria, scope, frequency and methods defined in a procedure?
f) Are the selection of auditors and conducts of audits done to ensure objectivity and impartiality of the audit process?
g) Are auditors auditing their own area of work? – not allowed
h) Are the objectives of the service mgmt reviews, assessment and audits recorded with the findings of such audits and reviews, and are remedial actions identified
i) Are significant areas of non-compliance or concern communicated to relevant parties?
Remarks (if any):
4.4 Continual Improvement (Act)
a) 4.4.1 Policy : Is there are published policy on service improvement?
b) Are non-compliances to ISO 20000-1 or service mgmt plans remedied?
c) Are roles and responsibilities for service improvement activities clearly defined?
d) 4.4.2 Mgmt of Improvements : Are all suggested service improvements assessed, recorded, prioritised and authorised?
e) Is there a plan used to control this activity?
f) Does the organisation has a process in place to
document.doc (Jun 2007) Page 9 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.
identify, measure, report and manage improvement activities on an on-going basis? Does this include Improvements of individual processes that can be
implemented by the process owner with the usual staff resources
Improvements across the organisation or across more than one process?
g) 4.4.3 Improvement Activities : Are the following activities performed? Collect and analyse data to baseline and
benchmark the organisation’s capability to manage and deliver service mgmt?
Identify, plan and implement improvements Consult with all parties involved? Set targets for improvements in quality, costs and
resource utilisation Consider relevant inputs about improvements from
all the service level mgmt processes Measure, report and communicate the service
improvements Revise the service mgmt policies, plans and
procedures where necessary Ensure that all approved actions are delivered and
that they achieve their intended objectives
h) Does the service improvement plan include inputs from: 6.1 Service Level Mgmt 6.6 Information Security Mgmt 7.1 Business Relationship Mgmt 7.2 Supplier Mgmt 8.2 Problem Mgmt 9.2 Change Mgmt 10.1 Release Mgmt
Remarks (if any):
5 Planning & Implementing New or Changed Svcsa) Are new services and changes to services managed
to ensure that these are delivered at the right cost and service quality?
b) Is cost, organisational, technical and commercial impact considered in the proposal for new or change services?
c) Are implementations of new and change services, including closure of a service planned and approved
document.doc (Jun 2007) Page 10 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.through formal change mgmt?
d) Are adequate funding and resources provided for the planning, implementation, service delivery and mgmt of the new or changed services?
e) Does the plan for new or change services include: The roles and responsibilities for implementing,
operating and maintaining the new or changed services, including activities performed by the customers and 3rd party suppliers
Changes to the existing mgmt framework and services
Communication to relevant parties New or changed contracts and agreements to align
to changes in business need Manpower and recruitment requirements Skill and training requirements (e.g. for users,
technical support, etc.) Processes, measures, methods and tools to be used
in conjunction with new or changed service (e.g. capacity and financial mgmt)
Budget and time-scales Service acceptance criteria The expected outcome from operating the new
service expressed in measurable termsf) Are new or changed services accepted by the service
provider before being implemented in the live environment
g) Are outcomes achieved by the new or changed services reported against those planned following its implementation?
h) Is a post implementation review comparing the actual outcomes against those planned performed through the change mgmt process and the results reported to relevant parties?
Remarks (if any):
6 Service Delivery Process6.1 Service Level Mgmt
a) Are levels of service defined, agreed, recorded and managed?
b) Is the full range of services to be provided together with the corresponding service level targets and workload characteristics agreed with relevant parties and recorded?
c) Is each service to be provided defined, agreed and documented in one or more service level agreements?
d) Are SLAs, together with service agreements, 3rd party
document.doc (Jun 2007) Page 11 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.contracts and corresponding procedures agreed with relevant parties and recorded
e) Are the SLAs under control of the change mgmt system?
f) Are the SLAs maintained through regular reviews by relevant parties to ensure that they are up-to-date and remain effective over time
g) Are service levels monitored and reported against targets, showing both current and trend information
h) Are reason(s) for non-conformance reported, reviewed?
i) Are actions for improvements identified during this process recorded and used as inputs for improving the service?
Remarks (if any):
6.2 Service Reportinga) Are agreed, timely, reliable and accurate reports
produced for informed decision-making and effective communication
b) Are there a clear description of each service report, including its identity, purpose, audience and details of the data source?
c) Are service reports produced to meet identified needs and customer requirements
d) Does the service reporting include: Performance against service level targets Non-compliance and issues (e.g. against SLA,
security breach, etc.) Workload characteristics (e.g. volume, resource
utilisation) Performance reporting following major events
(e.g. major incidents and changes) Trend information Satisfaction analysis
e) Are findings in the service reports taken into consideration for mgmt decisions and corrective actions and are these communicated to relevant parties?
Remarks (if any):
6.3 Service Continuity & Availability Mgmta) Can all agreed obligations to customers be met in all
circumstances?b) Are availability and service continuity
document.doc (Jun 2007) Page 12 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.requirements identified on the basis of business plans, SLA and risk assessments?
c) Does the availability and service continuity requirements include: Access rights Response times End-to-end availability of system components?
d) Are availability and service continuity plans developed and reviewed at least annually to ensure that requirements are met as agreed in all circumstances from normal through a major loss of service?
e) Are these plans maintained to ensure that they reflect agreed changes required by the business?
f) Is the impact of any change on the availability and service continuity plan assessed by the change mgmt process?
g) Are system availability measured and recorded?h) Are unplanned non-availability investigated and
appropriate actions taken?i) Are potential issues predicted and preventive actions
taken? (where possible)j) Are service continuity plans, contact lists and
configuration mgmt database available when normal office access is prevented?
k) Does the service continuity plan include the return to normal working?
l) Is the service continuity plans tested in accordance with business needs?
m) Are all continuity tests recorded and test failures formulated into actions plans?
Remarks (if any):
6.4 Budgeting and Accounting For IT Servicesa) Is the cost of service provision budgeted and
accounted for?b) Where charging is in use, is the mechanism for doing
so fully defined and understood by all parties?c) Is the accounting practices aligned to the wider
accountancy practices for the organisation?d) Are there clear policies and procedures for
Budgeting and accounting for all components, including IT assets, shared resources, overheads, third-party supplied service, people, insurance and licenses?
Apportioning and allocating all indirect costs to relevant services
document.doc (Jun 2007) Page 13 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A. Effective financial control and authorisation
e) Are costs budgeted in sufficient details to enable effective financial control and decision-making?
f) Are the costs against budget monitored and reported and financial forecast reviewed and costs managed accordingly?
Remarks (if any):
6.5 Capacity Mgmta) Does the organisation has sufficient capacity to meet
the current and future agreed demands of the business at all times?
b) Is a capacity management plan produced and maintained?
c) Does it include: The current and predicted capacity and
performance requirements Identified time-scale, thresholds and costs for the
service upgrade Evaluation of effects of anticipated service
upgrades, requests for change, new technologies and techniques on capacity
Predicted impact of external changes (e.g. legislative)
Data and processes to enable predictive analysisd) Are methods, procedures and techniques identified to
monitor service capacity, time service performance and provide adequate capacity?
Remarks (if any):
6.6 Information Security Mgmta) Are information security effectively managed for all
service activities?b) Is there an information security policy approved by
mgmt with appropriate authority and communicated to all relevant personnel and customers where appropriate?
c) Are there appropriate security controls to: Implement the requirements of the information
security policy Manage risks associated to access to the services
and systemsd) Are security controls documented?e) Does the documentation describe the:
Risks to which the control relate to
document.doc (Jun 2007) Page 14 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A. Manner of operations and maintenance of the
control?f) Are arrangements that involves 3rd party access to
information systems and services based on a formal agreement that defines all necessary security requirements
g) Are security incidents shall be reported and recorded in accordance with the incident management procedures as soon as possible?
h) Are procedures in place to ensure that all security incidents are investigated and management action taken?
i) Are mechanisms in place to enable the types, volumes and impacts of security incidents and malfunctions are quantified and monitored and also to provide input to the service improvement plan?
Remarks (if any):
7 Relationship Processes7.1 Business Relationship Mgmt (Btw Provider & Customer)
a) Is a good relationship between the service provider and customer established and maintained based on understanding the customer and their business drivers?
b) Are the stakeholders and customers of the services identified and documented by the service provider?
c) Is a service review attended at least annually by the service provider and customer to discuss: Any changes to the service scope The SLA, contract or business needs?
d) Are interim meetings held to discuss performance, achievements and actions plans?
e) Are these meeting documented?f) Are other stakeholders to the services invited to these
meetings?g) Does the service provider remain aware of business
needs and major changes in order to prepare to respond to these needs & changes?
h) Is there a complaint procedure?i) Is the definition of a formal service complaint
agreed with the customer?j) Are all formal service complaints recorded by the
service provider, investigated, acted upon, reported and formally closed?
k) Is an escalation available to the customer when a
document.doc (Jun 2007) Page 15 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.complaint is not resolved through the normal channels?
l) Does the service provide has a named individual or individuals who are responsible for managing customer satisfaction and the whole business relationship process?
m) Is there a process for obtaining and acting upon feedback from regular customer satisfaction measurements?
n) Are actions for improvements during this process recorded and input into the service improvement plan?
Remarks (if any):
7.2 Supplier Mgmt (Btw Provider & Sub-contractor)a) Are 3rd party suppliers managed to ensure the
provision of seamless quality services?b) Does the service provider have a documented
supplier mgmt processes?c) Is there a named contract manager for each supplier?d) Are the requirements, scope, level of service and
communication processes to be provided by the service provider documented in the SLA or other documents and agreed by all parties?
e) Are SLAs for the suppliers aligned with the SLAs with the business?
f) Are the interfaces btw processes used by each party documented and agreed?
g) All roles and relationships between lead and sub-contracted suppliers clearly documented?
h) Are lead suppliers able to demonstrate processes to ensure subcontracted suppliers meet contractual requirements?
i) Is there a major review of the control or formal agreement at least annually to ensure the business needs and contractual obligations are still being met?
j) Are changes to the contracts and SLAs initiated as appropriate after this review?
k) Are changes subject to change mgmt process?l) Is there is formal process that exist to deal with
contractual disputes?m) Is there a process in place to deal with the expected
end of service, early end of service or transfer of service to another party?
n) Is performance against target service levels monitored and reviewed?
document.doc (Jun 2007) Page 16 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.o) Are actions for improvements identified, recorded
and input into a plan for improving the service?
Remarks (if any):
8 Resolution Processes8.1 Incident Mgmt
a) Are agreed services to the business restored as soon as possible to respond to service requests?
b) Are all incidents recorded?c) Are there procedures adopted to manage the impact of
the service incidents?d) Are there procedures to define the recording,
prioritisation, business impact, classification, updating, escalation, resolution and formal closure of all incidents?
e) Are customers kept informed of the progress of their reported incidents or service request and alerted if their service levels cannot be met and an action agreed?
f) Are all staff involved in incident mgmt able to access relevant information such as known errors, problem resolutions and configuration mgmt database (CMDB)
g) Are major incidents classified and managed according to a defined process?
Remarks (if any):
8.2 Problem Mgmta) Is there a proactive identification and analysis of the
cause of service incidents and managing problems to closure to minimize disruptions to the business?
b) Are all identified problems recorded?c) Are there adopted procedures to define, minimize or
avoid the impact of incidents and problems?d) Do these procedures define the recording,
classification, updating, escalation, resolution and closure of all problems?
e) Are preventive actions taken to reduce potential problems? (e.g. following analysis of incident volume and types)
f) Are changes required in order to correct underlying cause of problems passed to the change mgmt process?
g) Are problem resolution monitored, reviewed and
document.doc (Jun 2007) Page 17 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.reported on for effectiveness?
h) Is problem mgmt responsible for ensuring up-to-date information on known errors and corrected problems is available to incident mgmt?
i) Are actions for improvements identified during this process recorded and input into a plan for improving the service?
Remarks (if any):
9 Control Processes9.1 Configuration Mgmt
a) Note: Financial asset accounting falls outside the scope of this section
b) Are components of the service and infrastructure defined and controlled and accurate configuration information maintained?
c) Is there an integrated approach to change and configuration mgmt planning?
d) Is the interface to financial asset accounting processing defined by the service provider?
e) Is there a policy on what is defined as a configuration item and its constituent components?
f) Configuration Information: Is the information to be recorded for each item defined? Does the information to be recorded include relationship and documentation necessary for effective service mgmt?
g) Are mechanisms provided by configuration mgmt for identifying, controlling and tracking versions of identifiable components of the service and infrastructure?
h) Is the degree of control sufficient to meet business needs, risks of failures and service criticality
i) Is information provided by configuration mgmt to change mgmt on the impact of a requested change on the service and infrastructure configurations?
j) Are changes to configuration items traceable and auditable where appropriate (e.g. changes and movements of h/w and s/w)?
k) Do the configuration control procedures ensure that the integrity of systems, services and service components are maintained?
l) Are baseline of appropriate configuration items taken before a release to the live environment?
document.doc (Jun 2007) Page 18 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.m) Are master copies of digital configuration items
controlled in secure physical or electronic libraries?n) Do master copies of digital configuration items
reference the relevant configuration records (e.g. s/w, testing products, and support documents)?
o) Are all configuration items uniquely identifiable and recorded in a CMDB to which update access is strictly controlled?
p) Is the CMDB actively managed and verified to ensure its reliability and accuracy?
q) Are status to configuration items, their versions, location, related changes & problems, and associated documentation visible to those who require it?
r) Are there configuration audit procedures which include recording deficiencies, instigating corrective actions and reporting on the outcome?
s) Does the configuration items include: Services, systems, hardware, software, testing
products, support documents?
Remarks (if any):
9.2 Change Mgmta) Are all changes assessed, approved, implemented
and reviewed in a controlled manner?b) Do service and infrastructure changes have a
clearly defined and documented scope?c) Are all requests for change recorded and classified?
(e.g. urgent, emergency, major, minor)d) Are requests for change assessed for their risk,
impact and business benefitse) Is the manner in which the change is reversed or
remedied if un-successful included in the change mgmt process?
f) Are changes approved, then checked and implemented in a controlled manner?
g) Are all changes reviewed for success and any actions taken after implementation?
h) Are there policies and procedures to control the authorisation and implementation of emergency changes?
i) Are the schedule implementation dates of changes used as a basis for change and release scheduling?
j) Is a forward schedule of change maintained and communicated to relevant parties?
k) Are change records analysed regularly to detect
document.doc (Jun 2007) Page 19 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.increasing level of changes, frequently recurring types, emerging trends and other relevant information?
l) Are the results and conclusions from the change analysis recorded?
m) Are actions for improvements identified from change mgmt recorded and input into a plan for improving the service?
Remarks (if any):
10 Release Process10.1Release Mgmt
a) Are one or more changes in a release into the live environment delivered, distributed and tracked?
b) Is the release policy stating the frequency and types of releases documented and agreed?
c) Is the release of the services, systems, s/w and hardware planned by the service provider with the business?
d) Are plans on how to roll out the release agreed and authorised by all relevant parties? (e.g. customers, users, operations, & support staff)
e) Does the release roll-out process include the manner in which the release shall be back-tracked or remedied if unsuccessful?
f) Do plans record the release dates and deliverables and also refer to related change requests, known errors and problems?
g) Are these information communicated to incident mgmt?
h) Are requests for change assessed for their impact on release plans?
i) Do the release mgmt procedures include the updating and changing of configuration information and change records?
j) Are emergency releases managed according to a defined process that interfaces to the emergency change mgmt process?
k) Is there a controlled acceptance test environment established to build and test all releases prior to distribution?
l) Are releases and distribution designed and implemented in a manner that the integrity of the h/w and s/w is maintained during installation, handling, packing and delivery?
document.doc (Jun 2007) Page 20 of 20
ISO 20000-1 2005 ITSM Implementation Checklist
ISO 20000-1 Clauses Yes No Partial N.A.m) Are success and failures of releases measured?n) Are incidents related to a release monitored during
the period following a release?o) Does the analysis include assessment on the impact
on the business, IT operations and support staff resources?
p) Is the result of the analysis used as the input to a plan to improve service?
Remarks (if any):
document.doc (Jun 2007) Page 21 of 20