If you can't read please download the document
Upload
itpreneurs
View
249
Download
7
Tags:
Embed Size (px)
DESCRIPTION
Â
Citation preview
STUDENT HANDBOOK
Copyright 2012, ITpreneurs Nederland B. V. All rights reserved.This product includes Kepner-Tregoe Methodologies and Intellectual Property owned by Kepner-Tregoe, which is used by permission of Kepner-Tregoe. All rights reserved.
r 2.0.0
ISO/IEC 20000 for Auditor
ISO/IEC 20000
Samp
le Ma
terial
- Not
for R
eprin
t
Samp
le Ma
terial
- Not
for R
eprin
t
Samp
le Ma
terial
- Not
for R
eprin
t
ISM2320CL Version 2.0.0
Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.
Nothing from this publication may be duplicated and/or published by means of printing, photocopy, microfilm, or electronic medium or in any other way and may not be stored in any way without preceding written permission of ConnectSphere Limited or ITpreneurs.
Samp
le Ma
terial
- Not
for R
eprin
t
Contents
i
Course AgendA 1
ClAssroom PresentAtion 3
test 1 multiPle ChoiCe Questions 75
Assignment 1 review of A serviCe rePort 79
Assignment 2 85
self-Assessment for inCident And serviCe reQuest mAnAgement 87
definitions on the iso/ieC 20000 Auditor syllAbus 95
guidAnCe from APmg 99
APmg suPPlementAry referenCe PAPer 105
sAmPle PAPer 119
releAse notes 135
feedbACk 137
Samp
le Ma
terial
- Not
for R
eprin
t
This
pag
e ha
s be
en le
ft bl
ank
inte
ntio
nally
Samp
le Ma
terial
- Not
for R
eprin
t
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 1
Course Agenda
Samp
le Ma
terial
- Not
for R
eprin
t
ISO/IEC 20000 for Practitioners
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved.2
Course AgeNdA
dAy 1 y Course introduction y Overview of ISO/IEC 20000
Break y Service management system (SMS) general requirements y Test 1
Lunch y Delivery and relationship processes
Break y Delivery and relationship processes (continued) y Sample exam paper - 30 minutes y Close
homework y Complete sample exam paper and Test 2 y Review course material
dAy 2 y Review of day 1 and sample questions y Design and transition, control and resolution processes y Assignment 2 y Achieving ISO/IEC 20000 certification
Lunch y Achieving ISO/IEC 20000 certification (continued) y Review to prepare for exam
Break y Examination (15.30 16.30) y Close
Samp
le Ma
terial
- Not
for R
eprin
t
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 3
Classroom Presentation
Samp
le Ma
terial
- Not
for R
eprin
t
ISO/IEC 20000 for Auditor
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved.4
2
Student handbook, exercises, sample exam, homework Access to ISO/IEC 20000 part 1, part 2, and part 3
Course Contents
1. Course introduction 32. Overview of ISO/IEC 20000 173. Service management system general requirements 374. Delivery and relationship processes 615. Design and transition, control and resolution processes 896. Achieving ISO/IEC 20000 certification 1217. Summary and feedback 140
Slides
Samp
le Ma
terial
- Not
for R
eprin
t
Instructor | ISO/IEC 20000 for Auditor | Classroom presentation
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 5
Module 1 Course Introduction
4
Notice
The information contained in this document is subject to change without notice. This document contains proprietary information that is protected by copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs.The ISO/IEC 20000 Auditor course includes Intellectual Property owned by Connect Sphere Limited, which is used by permission of Connect Sphere. All rights reserved.Information on international standards can be obtained from www.iso.org.COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute. ITIL is a registered trademark of the Cabinet Office.
Samp
le Ma
terial
- Not
for R
eprin
t
ISO/IEC 20000 for Auditor
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved.6
5
Course arrangements
Timings Breaks and refreshments Mobile phones Messages Fire alarms Toilets Smoking
Arrangements
6
Course Arrangements (Contd.)
Keep an open mind. Its not just about taking the
exam; its about understanding the principles and terminology of the approach.
Samp
le Ma
terial
- Not
for R
eprin
t
Instructor | ISO/IEC 20000 for Auditor | Classroom presentation
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 7
7
ISO/IEC 20000 Auditor Course: Overview
Duration
Target Audience
2-day (18-hour) learning time, of which 16 hours is direct contact.
Third-party auditors who will conduct audits to certify service providers against ISO/IEC 20000-1.Internal auditors who wish to understand the specific requirements of auditing IT service management systems for conformity with the ISO/IEC 20000-1 standard.
Purpose To enable a candidate to demonstrate an understanding of ITSM generally. Through knowledge of the contents and requirements of the ISO/IEC 20000-1 standard covered, the candidate will be able to perform audits against the standard.
Prerequisites A minimum of three years experience conducting audits in an IT environment. The qualification assumes knowledge of auditing and auditing techniques and does not cover the generic principles of management system auditing.
8
By the end of this module, you should be able to explain the: Principles of ITSM and requirements of the ISO/IEC 20000-1 standard. Use of a typical IT service provider organization and main elements of the certification
process. Scope and purpose of Parts 1, 2, and 3 of ISO/IEC 20000 and how these can be used
during auditing and certification. Key terms and definitions. ITSM general principles. Structure, processes, objectives, and high level requirements of ISO/IEC 20000-1. Issues regarding applicability and scope definition. Purpose of internal and external audits, their operation, and the associated
terminology. Operation of the APMG Certification Scheme. Relationship with best practices, ITIL, and related standards, ISO 9001, and ISO/IEC
27001. Assessments for ISO/IEC 20000 certification readiness. Audit requirements by identifying the conformity and improvements against ISO/IEC
20000-1.
ISO/IEC 20000 Auditor Course: Learning objectives
Samp
le Ma
terial
- Not
for R
eprin
t
ISO/IEC 20000 for Auditor
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved.8
9
ISO/IEC 20000 Auditor Course: Agenda
Introduction Overview of ISO/IEC 20000 SMS general requirements Service delivery and relationship
processes Homework: Mock exam
Day 1
Day 2
Review homework Design and transition, control and
resolution processes Achieving ISO/IEC 20000 certification Course evaluation Examination (15.30 16.30)
10
Introductions
Please tell us about your: Experience with IT service management Experience in ISO/IEC 20000 Role in using ISO/IEC 20000 Expectation from the session
Samp
le Ma
terial
- Not
for R
eprin
t
Instructor | ISO/IEC 20000 for Auditor | Classroom presentation
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 9
11
APMG ISO/IEC 20000 Qualification Scheme
It helps learners demonstrate a Foundation-level knowledge concerning ISO/IEC 20000 and its use in a typical IT service provider organization. It meets the entry prerequisites for the Practitioner course.
FoundationFoundation
It helps in practising IT third-party auditors of any level who require an orientation in ITSM in general and in ISO/IEC 20000 SMS in particular. It supports the internal auditors working in an organization, which is
implementing or already has ISO/IEC 20000 certification.
AuditorAuditor
It supports practitioners, managers, and consultants involved in an SMS implementation or on-going activities based on ISO/IEC 20000.
PractitionerPractitioner
12
APMG ISO/IEC 20000 Qualification Scheme Assessment
Foundation, Practitioner, and Auditor qualificationsThe APMG ISO/IEC 20000 learning outcomes assessment modelFoundation, Practitioner, and Auditor qualificationsThe APMG ISO/IEC 20000 learning outcomes assessment model
1.Knowledge Know facts, including terms and definitions,
concepts, requirements,
processes, key responsibilities, and use of documents
outlined in the standard.
2. Comprehension Understand the
concepts, responsibilities, tools
used, and the requirements,
processes, and documents needed to
conform to the standard.
3. Application Be able to apply key
ITSM concepts relating to achievement of the
requirements of ISO/IEC 20000 for a
given scenario.
4. Analysis Be able to identify,
analyze, and advise on the appropriate use of
ITSM methods and techniques to achieve the requirements of
ISO/IEC 20000 through assessment of situations outlined in
typical scenarios.
The Auditor qualification examines learning outcomes at levels 1, 2, and 3.Sa
mple
Mater
ial - N
ot for
Rep
rint
ISO/IEC 20000 for Auditor
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved.10
13
Includes 40 questions, worth one mark each Multiple choice questions with four options Includes only one question per syllabus topic Includes a maximum of four negative style questions
Example: Which statement does NOT define a requirement for a service report? Includes a maximum of four missing word style questions
Example: Identify the missing words in the following sentence.
The purpose of ISO/IEC 20000-1 is [?].
ISO/IEC 20000 Auditor Certificate Qualification Examination
It is a one-hour exam.It is a one-hour exam.
The passing percentage is 65% (26 out of 40 marks).The passing percentage is 65% (26 out of 40 marks).
The exam is in a closed book in the multiple-choice format.The exam is in a closed book in the multiple-choice format.
14
Module 1: ISO/IEC 20000 Auditor Course Sample Question
Please select ONE answer option.
1. What is the definition of a service in ISO/IEC 20000-1?a) A group of people and facilities with an arrangement of responsibilities,
authorities, and relationships.b) The action of helping or doing work for someone.c) A means of delivering value for the customer by facilitating results the
customer wants to achieve. d) A means of delivering value to customers by facilitating outcomes customers
want to achieve without the ownership of specific costs and risks.
Samp
le Ma
terial
- Not
for R
eprin
t
Instructor | ISO/IEC 20000 for Auditor | Classroom presentation
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 11
15
What is Service Management?
Service management is a set of capabilities and processes that help:
direct and control the service providers activities and resources.design, transition, deliver, and improve the services to
fulfill the service requirements. A process is a set of interrelated or interacting activities, which transforms inputs into outputs.
16
Key Parties Involved in Service Management
Supplier Service provider - dependent on other parties
Lead supplier
SupplierSupplier
Subcontracted supplier
Internal group
Customer acting as supplier
Customer
Samp
le Ma
terial
- Not
for R
eprin
t
ISO/IEC 20000 for Auditor
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved.12
17
Module 1 Exercise: Assessing Service Management
1. Select an organization that delivers IT services. a) Identify some symptoms of poor service management.b) Identify some characteristics of good service management.
2. Identify examples of evidence that you would look for in an assessment against ISO/IEC 20000 for a service provider.
Samp
le Ma
terial
- Not
for R
eprin
t
Instructor | ISO/IEC 20000 for Auditor | Classroom presentation
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 13
Module 2Overview of ISO/IEC 20000 Information Technology - Service Management Series
2
Overview of ISO/IEC 20000: Module 2 Objectives
You should know facts, terms, and concepts about the overview, scope, and schemes for achieving the ISO/IEC 20000 certification. You should specifically be able to recall:
Key documents with the title and purpose in the ISO/IEC 20000 series.ISO/IEC 20000 schemes for certification and qualification.Sources of IT service management best practice and ITIL. Compatibility with related standards:
ISO 9001 for quality managementISO/IEC 27001 for information security managementUse of best practices, standards, and schemes. Key terms and definitions. Roles involved in ISO/IEC 20000.Sa
mple
Mater
ial - N
ot for
Rep
rint
ISO/IEC 20000 for Auditor
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved.14
3
Introduction to ISO/IEC 20000-1:2011 (Part 1)
ITSMPart 1: SMS requirements
An international standard based on tried and tested industry practices for service management.
Used by a broad base of organizations worldwide that apply the best practice principles in a variety of ways.
Includes requirements for the design, transition, delivery, and improvement of services that fulfill service requirements and provide value for both the customer and the service provider.
Co-ordinates integration and implementation of a service management system (SMS) and provides on-going control and opportunities for continual improvement, greater effectiveness, and efficiency.
4
Part 1 Introduction: Service Management System (SMS)
Based on Figure 1 ISO/IEC 20000-1: 2011
CHECK
Service management
system (including processes)
PLAN
ACTDO
Services
The SMS is a management system to direct and control the service management activities of the service provider.
It helps an organization in managing service management by applying an integrated process approach and continual improvement.
The service provider is responsible for continual improvement of the SMS. This is done by working with the customer and interested parties for improving the services using the Plan-Do-Check-Act (PDCA) methodology (also known as the Deming cycle).Sa
mple
Mater
ial - N
ot for
Rep
rint
Instructor | ISO/IEC 20000 for Auditor | Classroom presentation
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 15
5
ISO/IEC 20000-1: 2011 (Part 1)
First edition of the SMS requirements was published in 2005 and was revised in April 2011.A management system standard that requires a service provider to
establish and improve SMS.Clauses include mandatory requirements, the shalls that can be read as:
must do to describe something that is necessary or has to occur.is required to to express something definite about the requirements.Shall statements are audited for certification or conformance and no
deviation is permitted, if the clause is within scope.The SMS requirements are framework-independent. These provide basis for assessments and act as the auditing standard and
model for certification.
Information Technology - Service Management Part 1: SMS RequirementsInformation Technology - Service Management Part 1: SMS Requirements
Part 1Shall
6
ISO/IEC 20000-1:2011 Structure and Clause Contents
ForewordIntroduction1 Scope2 Normative references3 Terms and definitions4 Service management system general
requirements4.1 Management responsibility4.2 Governance of processes operated by other
parties4.3 Documentation management4.5 Establish and improve the SMS5 Design and transition of new or changed
services
6. Service delivery processes6.1 Service level management6.2 Service reporting6.3 Service continuity and availability
management6.4 Budgeting and accounting for services6.5 Capacity management6.6 Information security management7. Relationship processes7.1 Business relationship management7.2 Supplier management8 Resolution processes8.1 Incident and service request management8.2 Problem management9 Control processes9.1 Configuration management9.2 Change management9.3 Release and deployment managementBibliographySa
mple
Mater
ial - N
ot for
Rep
rint
ISO/IEC 20000 for Auditor
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved.16
7
Part 1 Clause 1.1 (C1.1) Scope: General
Seek services from service providers with the assurance that their service requirements will be fulfilled. Have a consistent approach by all its service providers in its supply chain.
An organization uses Part 1 when it wants to: An organization uses Part 1 when it wants to:
p p
Monitor, measure, and review its processes and services. Design, transition, deliver, and improve services that fulfill service
requirements. Improve the design, transition, and delivery of services through the effective
implementation and operation of an SMS.
Service providers use Part 1 to demonstrate their capability to: Service providers use Part 1 to demonstrate their capability to:
Criteria for a conformity assessment of a service providers SMS to the requirements in Part 1.
An assessor or auditor use Part 1 as the: An assessor or auditor use Part 1 as the:
8
Part 1 Clause 1.2 (C1.2) Scope: Application
All requirements are generic and applicable to all service providers. Cannot exclude any requirements in Clauses 4 to 9.
Clause 4, a service provider needs to show evidence of fulfilling all of the requirements in this clause. It cannot rely on evidence from governance of processes operated by
other parties for this clause.
Clauses 5 to 9, a service provider can demonstrate by showing evidence of fulfilling all the requirements or the majority of the requirements and evidence of the governance
of processes operated by other parties or parts of processes.
Samp
le Ma
terial
- Not
for R
eprin
t
Instructor | ISO/IEC 20000 for Auditor | Classroom presentation
Copyright 2012, ITpreneurs Nederland B.V. All rights reserved. 17
9
ISO/IEC 20000-2: 2012 (Part 2)
First edition was published in 2005 as a Code of Practice and revised in early 2012. It is used by implementers, practitioners, assessors, and auditors.It helps guide on the application of an SMS. It is different from part 1 - No shalls.It uses should, can, or may
should is used to make recommendations, equivalent expressions are it is recommended that or ought to.can means be able to, there is a possibility of, or it is possible
to. may is used to signify permission. Equivalent expressions are is
permitted, is allowed, is permissible.
Guidance on the application of SMSGuidance on the application of SMS
10
Information technology: ISO/IEC 20000 Key Documents
Part Title PurposePart 1 ISO/IEC 20000-1Service
management system requirementsIt is mandatory to implement all of the requirements to achieve certification.
Part 2 ISO/IEC 20000-2 Guidance on the application of service management systems
Guidance and recommendations on how to meet the requirements of Part 1. Its use is optional.
Part 3 ISO/IEC 20000-3 Guidance on scope definition and applicability of ISO/IEC 20000 (Technical report)
Guidance and commentary on scope definition and applicability of Part 1. Its use is optional for service providers. It is referred to in the APMG certification.
Part 4 ISO/IEC 20000-4 Service management process reference model (Technical report)
Not on the syllabus
Part 5 ISO/IEC 20000-5 Exemplar implementation plan (Technical report)
Guidance on how to implement anSMS to fulfil the requirements of Part 1. Its use is optionalSa
mple
Mater
ial - N
ot for
Rep
rint