Embed Size (px)
Citation preview
ISO/IEC 20000
Mark SherryPartner
1
Stroma, Inc.
Introduction
Mark SherryMark Sherry• IT Service Management Consultant
• ITIL Service Manager• ITIL Service Manager
• ITIL Expert (v3)
ISO/IEC 20000 C tifi d C lt t• ISO/IEC 20000 Certified Consultant
• ITIL Trainer
MBA MA C• MBA, MA, Comm.
2© Stroma, 2009
Presentation Goals
Introduce ISO/IEC 20000
Part 1 of the StandardPart 1 of the Standard
The Processes
Part 2 of the StandardPart 2 of the Standard
ISO/IEC 20000 key messages and Top 10 tips
3© Stroma, 2009
“Insanity: yDoing the same thing over and over again and expecting
different results.”
Alb t Ei t i… Albert Einstein
or “
“Doing different things over and over and expecting to get theDoing different things over and over and expecting to get the same result”
…Mark Sherry
4© Stroma, 2009
ISO/IEC 20000: WHEN?
P blished December 2005Published December 2005
Adopted from the original British Standard (BS15000)
BS15000 first published in 2000p
5© Stroma, 2009
ISO/IEC 20000: WHAT?
First international standard for ITSM Integrated collection of management processesAli d i h d l ITILAligned with and complementary to ITIL “A common reference standard for any enterprise offering IT services”offering IT servicesPart 1: Specification – “shall do”Part 2: Code of Practice – “should do”Part 2: Code of Practice should do
6© Stroma, 2009
Scope
This part of ISO/IEC 20000 defines the requirements for a service provider torequirements for a service provider to deliver managed services of an
bl l facceptable quality for its customers.
…con’t
7© Stroma, 2009
Scope, con’t
It may be used:It may be used:• By businesses that are going out to tender for their services;
• By businesses that require a consistent approach by all service providers in a supply chain;
• By service providers to benchmark their IT service management;
• As the basis for an independent assessment;• As the basis for an independent assessment;
• By an organization which needs to demonstrate the ability to provide services that meet customer requirements; and,
• By an organization which aims to improve service through the effective application of processes to monitor and improve service quality
8© Stroma, 2009
service quality.
Methodology for Service Management Processes Dr. Edwards Deming’s Cycle of Continual Service Improvement
Results
g y p
DriversBusiness ResultsManagement Responsibility
Business Requirements
CustomerSatisfaction
More Effective and DO
PLANCSI
Requests for New Services
Service and Efficient Processes
New Changed
DOImplement CSI
ACTModify CSI
Process Measurement
External New ChangedServices
Improved
CHECKMonitor, Measure & review CSI
External Requirements
Security
9© Stroma, 2009
pEmployee Morale
review CSIyRequirements
TEN Sections
Scopep
Terms & Definitions
Planning and Implementing Service Management
Requirements for a Management System
Planning & Implementing New or Changed Services
Service Delivery Processes
Relationship Processes
Control ProcessesControl Processes
Resolution Processes
Release Process
10© Stroma, 2009
Release Process
Scoping Statement
Who is the service provider?Who is the service provider?
What services are provided?
i ?Locations?
Technologies?
Customers?
Suppliers? Sub‐contractors?Suppliers? Sub contractors?
Management control of outsourced processes
11© Stroma, 2009
Planning & Implementing Service Management
Plan Service Management (Plan)Plan Service Management (Plan)
Implement Service Management and Provide the Services (Do)the Services (Do)
Monitoring, measuring and reviewing (Ch k)(Check)
Continual Improvement (Act)
12© Stroma, 2009
Plan Service Management (Plan)
The plans shall, at a minimum, define:The plans shall, at a minimum, define:The scope of the service provider’s service management;
The objectives and requirements that are to be achieved by service management;
The processes that are to be executed;
h f k f l d ibili iThe framework of management roles and responsibilities, including the senior responsible owner, process owner and management of suppliers;g pp
The interfaces between service management processes and the manner in which the activities are to be coordinated;
13© Stroma, 2009
…con’t
Plan Service Management (Plan), con’t
The plans shall, at a minimum, define:The plans shall, at a minimum, define:The approach to be taken in identifying, assessing and managing issues and risks to the achievement of the defined objectives;
The approach for interfacing to projects that are creating or modifying services;modifying services;
The resources, facilities and budget necessary to achieve the defined objectives;
Tools as appropriate to support the processes; and,
How the quality of the service will be managed, audited and improved
14© Stroma, 2009
improved.
Implement Service Management & Provide the Services (Do)( )
The service provider shall implement the service management plan to manage and deliver the services including:plan to manage and deliver the services, including:
Allocation of funds and budgets;
Allocation of roles and responsibilities;
Documenting and maintaining the policies, plans, procedures and definitions for each process or set of processes;
Identification and management of risks to the service;Identification and management of risks to the service;
Managing teams, e.g. recruiting and developing appropriate staff and managing staff continuity;
M i f iliti d b d tManaging facilities and budget;
Managing the teams including service desk and operations;
Reporting progress against the plans; and,
15© Stroma, 2009
Co‐ordination of service management processes.
Monitoring, Measuring & Reviewing (Check)
M h ll d i l dManagement shall conduct reviews at planned intervals to determine whether the service management requirements:management requirements:
Conform with the service management plan and to the requirements of thisplan and to the requirements of this standard; and,
Are effectively implemented andAre effectively implemented and maintained.
16© Stroma, 2009
Continual Improvement (Act)
PolicyPolicy
Management of improvements
ActivitiesActivities
17© Stroma, 2009
Requirements for a Management System
Management Responsibility
Documentation Requirements
Competence, Awareness and Training
18© Stroma, 2009
Management Responsibility
Management shall:Establish the service management policy, objectives and plans;
Communicate the importance of meeting the serviceCommunicate the importance of meeting the service management objectives and the need for continual improvement;
Ensure that customer requirements are determined and are met with the aim of improving customer satisfaction;
Appoint a member of management responsible for theAppoint a member of management responsible for the co‐ordination and management of all services;
…con’t
19© Stroma, 2009
Management Responsibility, con’t
Management shall:Determine and provide resources to plan, implement, monitor, review and improve service delivery and management e.g. recruit appropriate staff, manage staff g g pp p , gturnover;
Manage risks to the service management organization and i dservices; and,
Conduct reviews of service management, at planned intervals, to ensure continuing suitability, adequacy andintervals, to ensure continuing suitability, adequacy and effectiveness.
20© Stroma, 2009
Documentation Requirements
Service providers shall provide documents and recordsService providers shall provide documents and records to ensure effective planning, operation and control of
service management. This shall include:g
Documented service management policies and plans;p p
Documented service level agreements;
Documented processes and procedures p prequired by this standard; and,
Records required by this standard.
21© Stroma, 2009
q y
Competence, Awareness & Training
All service management roles and responsibilities shall se ce a age e t o es a d espo s b t es s abe defined and maintained together with the competencies required to execute them effectively.
Staff competencies and training needs shall be reviewed and managed to enable staff to perform their role effectivelyrole effectively.
Top management shall ensure that its employees are aware of the relevance and importance of their pactivities and how they contribute to the achievement of the service management objectives.
22© Stroma, 2009
Planning & Implementing New or Changed Servicesg
Objective: To ensure that new services and changes to services will be deliverable and manageable at the agreed cost and service quality.
Proposals for new or changed services shall consider the cost, organizational, technical and commercial impact that could result from service delivery and management.from service delivery and management.
The implementation of new or changed services, including closure of a service, shall be planned and approved through formal change managementchange management.
The planning and implementation shall include adequate funding and resources to make the changes needed for service delivery d
23© Stroma, 2009
and management.
ISO / IEC Scope
Management system Planning and implementing service management
Planning and implementing new and changed servicesService Delivery Processes
CapacityManagementService
Service Level ManagementService Reporting
Information Security ManagementBudgeting
Planning and implementing new and changed services
Continuity & Availability Management
ManagementBudgeting and Accounting Release
Process ResolutionRelationship
Control Processes
Configuration ManagementChange
ManagementProcessesRelease Management
Resolution ProcessesIncident ManagementProblem Management
hip Processes
BusinessRelationship ManagemSupplier Manage
24
Management ManagementManagementISO/IEC 20000
Service Delivery Processes
Service Level ManagementService Level Management
Service Reporting
S i i i d il biliService Continuity and Availability Management
Budgeting and Accounting for IT Services
Capacity Managementp y g
Information Security Management
25© Stroma, 2009
Relationship Processes
Business Relationship ManagementBusiness Relationship Management
Supplier Management
26© Stroma, 2009
Resolution Processes
Incident ManagementIncident Management
Problem Management
27© Stroma, 2009
Control Processes
Configuration ManagementConfiguration Management
Change Management
28© Stroma, 2009
Release Processes
Release ManagementRelease Management
29© Stroma, 2009
Part 2 of the Standard
Same layout as part oneSame layout as part one
Only difference is that you do not need to do any of part two until after certificationany of part two until after certification
Once ISO certified, use Part 2 to show i icontinuous improvement
30© Stroma, 2009
Service Level Management, Part 1
Objective: To define, agree, record and manage levels of service.
The full range of services to be provided together with the di i l l d kl dcorresponding service level targets and workload
characteristics shall be agreed by the parties and recorded.
Each service provided shall be defined, agreed andEach service provided shall be defined, agreed and documented in one or more service level agreements (SLAs).
SLAs, together with supporting service agreements, supplier d di d h ll b d bcontracts and corresponding procedures, shall be agreed by
all relevant parties and recorded.
…con’t
31© Stroma, 2009
…con t
Service Level Management, Part 1, con’t
The SLAs shall be under the control of the changeThe SLAs shall be under the control of the change management process.
The SLAs shall be maintained by regular reviews by the parties to ensure that they are up‐to‐date and remain effective over time.
Service levels shall be monitored and reported againstService levels shall be monitored and reported against targets, showing both current and trend information.
The reasons for non‐conformance shall be reported and reviewed. Actions for improvement identified during this process shall be recorded and provide input into a plan for improving the service.
32© Stroma, 2009
p g
Service Level Management, Part 2
The SLM process should manage and coordinateThe SLM process should manage and coordinate contributors of the service levels, to include:
Agreement of the service requirements and expected service workload characteristics;
Agreement of service targets;
M d i f h i l l hi dMeasurement and reporting of the service levels achieved, workloads and an explanation if the agreed targets are not met;
Initiation of corrective action; and,
Input to a plan for improving the service.
33© Stroma, 2009
ISO/IEC 20000: WHO?
Registered Certification Body (RCB):Registered Certification Body (RCB):Registered by the itSMF
Have permission to operate under ISO20k schemeHave permission to operate under ISO20k scheme
Grant certification on behalf of the itSMF
itSMFAdministers formal ISO20k certification worldwide
34© Stroma, 2009
ISO/IEC 20000: WHY? (1)
To qualify for competitions / RFPsTo qualify for competitions / RFPs
To enter global markets
T i d t tiTo improve documentation
To gain competitive advantage
‘Practice what you preach’‐ Source: ISO/IEC20000: An Introduction, Van Haren
35© Stroma, 2009
ISO/IEC 20000: WHY? (2)
Reduce risk, cost and time to market
Services become business‐led (not technology driven)
Your service more likely to be chosen over non‐certified competitor
Certification audits educate and raise awareness for employees
Services become more reliable and consistent‐ Source: www.isoiec20000certification.com
36© Stroma, 2009
ISO/IEC 20000: WHY? (3)
Business and customers are more dependent on IT us ess a d custo e s a e o e depe de t oservices and more demanding
IT service management represents the lifecycle stage that consumes approximately 80% of the total IT spend
Increased momentum for establishment of industry IT i d liservice delivery norms
Need for improved consistency in quality of service
Framework for measuring and improvingFramework for measuring and improving
Easier inter‐changeability of staff and service providers
37© Stroma, 2009
ISO/IEC 20000: HOW MANY?
450
350
400
401200
250
300
Jan 2007
401
100
150
200 Dec 2009
150
0
50
J 2007 D 2009
38© Stroma, 2009
Jan 2007 Dec 2009
ISO/IEC 20000: WHERE?
100
80
90
100
Japan
50
60
70 China
India
UK
South Korea
20
30
40Germany
USA
Taiwan
Czech
Other
0
10
Japan China India UK South Korea
Germany USA Taiwan Czech Other
Other
39© Stroma, 2009
Korea
ISO/IEC 20000: HOW?
The certification process involves seven steps:1. Questionnaire
2. Application for assessment
3. Optional pre-audit
4. Initial audit (stage 1)( g )
5. Certification audit (stage 2)
6 Surveillance audits6. Surveillance audits
7. Re-certification audit
40© Stroma, 2009
The Challenges
Distribution Silo based Teams
Distribution Silo based Teams
Inconsistent &disparate
Inconsistent &disparate
ToolsToolsPeoplePeople Current tools not Current tools not ReactiveReactive
Silo based TeamsSilo based Teams toolsetstoolsets
PP
integrated or process oriented
integrated or process oriented
Reactive Culture
Reactive Culture
ProcessProcess
InconsistentInconsistentDifferingDiffering
41© Stroma, 2009
Inconsistent processes
applied
Inconsistent processes
applied
Differing requirements& priorities
Differing requirements& priorities
ISO/IEC 20000 Key Messages
Follow process because it is how we are supposed to o o p ocess because t s o e a e supposed towork ‐ not simply for ISO certification
Internal audits performed by staff are valuable ‐ higher awareness and education are gained
Work on the premise:
“If you can’t prove it, don’t do it”
42© Stroma, 2009
Top 10 Tips for Achieving ISO/IEC 20000
1 Use an integrated ITSM tool1. Use an integrated ITSM tool.
2. Record everything.
3 ll d li i /3. All agreed policies/processes shall be followed.
4. Communicate, communicate, communicate.
5. Sell benefits of great job your team does.g j y
43© Stroma, 2009
Top 10 Tips for Achieving ISO/IEC 20000
6 Honesty is the best policy6. Honesty is the best policy.
7. If you can’t prove it, you don’t do it.
8 l i lli l8. Apply intelligently.
9. Invest in your people.
10. Make it a strategic decision.
44© Stroma, 2009
Web Sites
http://www isoiec20000certification com/http://www.isoiec20000certification.com/
itSMF International: http://www.itsmfi.org
i S S h // i f /itSMF US: http://www.itsmfusa.org/
itSMF Canada: http://www.itsmf.ca/
45© Stroma, 2009
Assessing Organizational Readiness for ISO/IEC 20000
46© Stroma, 2009
