Upload
itpreneurs
View
262
Download
10
Embed Size (px)
DESCRIPTION
Â
Citation preview
STUDENT HANDBOOK
ITpreneurs Nederland B.V.© Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.
r 2.0.0
ISO/IEC 20000 Practitioner
ISO/IEC 20000
Sample
Mate
rial -
Not for
Rep
rint
ISM2310CL Version 2.0
© Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.
Nothing from this publication may be duplicated and/or published by means of printing, photocopy, microfi lm, any electronic medium, or in any other way and may not be stored in any way without preceding the written permission of ConnectSphere Limited or ITpreneurs.
Sample
Mate
rial -
Not for
Rep
rint
Contents
i
OVERVIEW 1
COURSE AGENDA 5
COURSE PLAN 7
CLASSROOM PRESENTATION 17
GUIDANCE FROM APMG 111
TEST 1: ANSWER GUIDANCE 117
TEST 2: MULTIPLE CHOICE QUESTIONS 119
TEST 2: ANSWERS GUIDANCE 125
ASSIGNMENT 1: ISO/IEC 20000 POLICIES 131
ASSIGNMENT 2: INCIDENT AND SERVICE REQUEST MANAGEMENT 133
ASSIGNMENT 3: APPLICABILITY AND SCOPE ANSWER GUIDANCE 135
ASSIGNMENT 3: ANSWERS 139
ASSIGNMENT 4: PLANNING AND ANALYSIS OF READINESS FOR CERTIFICATION 143
ISO/IEC 20000 TERMS AND DEFINITIONS – APMG FOUNDATION 147
APMG ISO20000 EXAMINATIONS SUPPLEMENTARY REFERENCE PAPER V1 151
ISO/IEC 20000 WHITE PAPER 165
ISOIEC 20000 FOUNDATION AND PRACTITIONER SYLLABUS 177
RELEASE NOTES 205
STUDENT FEEDBACK FORM 207
Sample
Mate
rial -
Not for
Rep
rint
Sample
Mate
rial -
Not for
Rep
rint
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 1
Overview
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.2
Requirements and Process Groupings inISO/IEC 20000-1:2011 Information technology – Service Management – Part 1: Service management system requirements
6 Service delivery processes
8 Resolution processes 7 Relationship processes
9 Control processes
CapacitymanagementService continuity and availability management
Service level managementService reporting
Information security managementBudgeting and accounting for services
Incident management andservice request management Problem management
Business relationship managementSupplier management
Configuration managementChange management
Release and deployment management
5 Design and transition of new or changed services
4. Service management system general requirementsManagement responsibilityGovernance of processes operated by other parties
Documentation management Resource management Establish and improve the SMS
Clauses with requirements in ISO/IEC 20000-1:2011 Information technology – Service Management – Part 1: Service management system requirements
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Overview
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 3
ForewordIntroduction1 Scope1.1 General1.2 Application
2 Normative references
3 Terms and defi nitions
4 Service management system general requirements
4.1 Management responsibility
4.1.1 Management commitment
4.1.2 Service management policy
4.1.3 Authority, responsibility and communication
4.1.4 Management representative
4.2 Governance of processes operated by other parties
4.3 Documentation management
4.3.1 Establish and maintain documents
4.3.2 Control of documents
4.3.3 Control of records
4.4 Resource management
4.4.1 Provision of resources
4.4.2 Human resources
4.5 Establish and improve the SMS
4.5.1 Defi ne scope
4.5.2 Plan the SMS (Plan)
4.5.3 Implement and operate the SMS (Do)
4.5.4 Monitor and review the SMS (Check)
4.5.4.1 General4.5.4.2 Internal audit
4.5.4.3 Management review
4.5.5 Maintain and improve the SMS (Act)
4.5.5.1 General
4.5.5.2 Management of improvements
5 Design and transition of new or changed services
5.1 General
5.2 Plan new or changed services
5.3 Design and development of new or changed services
5.4 Transition of new or changed services
6 Service delivery processes
6.1 Service level management
6.2 Service reporting
6.3 Service continuity and availability management
6.3.1 Service continuity and availability requirements
6.3.2 Service continuity and availability plans
6.3.3 Service continuity and availability monitoring and testing6.4 Budgeting and accounting for services
6.5 Capacity management
6.6 Information security management
6.6.1 Information security policy
6.6.2 Information security control
6.6.3 Information security changes and incidents
7 Relationship processes
7.1 Business relationship management
7.2 Supplier management
8 Resolution processes
8.1 Incident and service request management
8.2 Problem management
9 Control processes
9.1 Confi guration management
9.2 Change management
9.3 Release and deployment management
Bibliography
Figure 1 — PDCA methodology applied to service management
Figure 2 — Service management system
Figure 3 — Example of supply chain relationshipsSample
Mate
rial -
Not for
Rep
rint
This p
age
has b
een le
ft bla
nk in
tentio
nally
Sample
Mate
rial -
Not for
Rep
rint
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 5
Course Agenda
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.6
DAY 1 Course introduction
Overview of ISO/IEC 20000
Break ISO/IEC 20000 terms and defi nitions
Lunch Service Management System (SMS) general requirements (continued)
Break SMS general requirements
Close
HomeworkHomework – Test questions and review of material
DAY 2 Review of Day 1 and test questions
ISO/IEC 20000-1 specifi c service management (SM) processes
Break ISO/IEC 20000-1 specifi c SM processes (continued)
Lunch ISO/IEC 20000-1 specifi c SM processes
Break Mock examination (part of sample paper)
Homework: Complete and review mock exam. Review for fi nal exam.
DAY 3 Review of Day 2 and sample examination questions
Achieving ISO/IEC 20000 Certifi cation (continued)
Break Achieving ISO/IEC 20000 Certifi cation
Lunch Review to prepare for exam
Break Examination (14.00 – 17.00)
CloseSam
ple M
ateria
l - Not
for R
eprin
t
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 7
Course Plan
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.8
Day 1 Topic Content Syllabus topics to cover
09:00
Module 1
Course introduction
Slides 1 to 12
Introduction to the course
Slide 10 – Introduction
Slide 12 Ask the classWrite these on a fl ipchart and refer to them throughout the course.
1. Select an IT service provider organization to use as an example in the course. List the main business objectives for the IT service provider’s organization.
2. What are the challenges for the IT service provider? Ask students to identify the challenges that are most important for the service provider organization that they have selected.
Not part of the syllabus.
Slides 9 and 12 are key to set the scene, help students to introduce themselves, and get ready for the rest of the course.
09:30
Module 2
O v e r v i e w of ISO/IEC 20000
Slides 13 to 40
Slide 13 Ask the class: To brainstorm what they already know about ISO/IEC 20000. Write up their responses on a fl ipchart so that you can refer to it.
Slide 13 Ask the class:
To brainstorm what they already know about ISO/IEC 20000.
Slide 21 Ask the class: What is included in an SMS?
Slide 22 The SMS process diagram – distribute the full page hand-out of the diagram.
Slide 22 Ask the class: Why is it important to integrate processes?
Slide 24 Ask the class: Are they are using any of these standards (9001, 27001)?
Slide 27 Part 3. Explanation to make sure students understand this part.
Slide 28 Introduce the use of Part 5 Ask the class: How far into a two-year journey do you think your selected service provider is?
Syllabus Area OV and AC
OV - Overview of ISO/IEC 20000 and Related Best Practices, Standards, and Schemes and some topics within
AC - Achieving ISO/IEC 20000 Certifi cation
The purpose and use of ISO/IEC 20000-1
The relationship between ISO/IEC 20000 part 1, 2, 3, 5
The relationships and differences between ISO/IEC 20000 and ITIL
Where the concepts of ITIL, ISO 9001, ISO/IEC 27001 can be used
The types of audit, requirements, and evidence required for ISO/IEC 20000
The roles and responsibilities within the APMG certifi cation schemeSam
ple M
ateria
l - Not
for R
eprin
t
Student | ISO/IEC 20000 Practitioner | Course Plan
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 9
Day 1 Topic Content Syllabus topics to cover
09:30
Module 2
Overview of ISO/IEC 20000
Slides 13 to 40
Slide 34-35 Emphasise the points about certifi cation.
Slide 34-38 Explain the APMG Certifi cation Scheme, a key part of the syllabus.
Slide 37 Benefi ts of certifi cation to ISO/IEC 20000.
Slide 38 and 39 Module 2 Test your understanding.
11:00 Break
11:15
Module 3
Terms and Defi nitions
Slides 41 to 52
Slide 43 Check that students are familiar with the foundation terms and defi nitions, especially if they have not done the APMG Foundation qualifi cation.
Slide 44 Ask the class: What examples can you identify for service components?
Slide 46 Ask the class: Can you identify examples of an interested party? Part 1 provides examples:
Slide 47 Ask the class: What would you include in the service requirements? This is really important to help students to understand the concept of service requirements.
Slide 48 Exercise: Select a service that is delivered by your selected service provider and then:
Write a brief description of the service.
Identify the interested parties using the classifi cation in Part 1.
A few high-level service requirements for each interested party.
Slide 50 Ask the class: What is an effective process? What is a process that is fi t for purpose? Write it on the fl ipchart.
Syllabus Area OV
Level 2 – comprehension. You should be able to understand and explain the purpose, objective, and key activities for:
All the defi nitions, typical uses, and concepts of the defi ned terms in ISO/IEC 20000-1
12:30
Module 4 SMS general requirements
Slides 53 to 64
Slide 56 Ask the class: Who could be responsible for the coordination and management of all services - can the CIO delegate this?
Slide 62 Ask the class: Are you familiar with a RACI model? Is C or I better?
Syllabus Area MS
See next section.
12:30 Lunch
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.10
Day 1 Topic Content Syllabus topics to cover
13:30
Module 4 SMS general requirements
Slides 65 to 88
Assignment 1. See student handbook. Service management policy and continual service improvement policy.
Slide 65 Ask the class: What is the difference between a document and a record? Please provide examples of documents and records.
Slide 68 Ask the class: To identify the mandatory documents and records in part 1 and classify the fi ndings: out of scope, conformity to Part 1, and nonconformity.
Slide 69 Ask the class: For examples for each type of resource within an SMS.
Slide 70 Ask the class: How an auditor would assess whether personnel are aware of how they contribute to the achievement of: Service management objectives and fulfi llment of service requirements.
Slide 71 Test your understanding: Human resources.
Slide 75 Ask the class: What kind of Return on Investment does their selected service provider want?
Slide 76 Ask the class: What are the real points to think about when planning an SMS?
Slide 78 Ask the class: What would a management review of the SMS and services be used for?
Slide 79 Ask the class: Brainstorm the key inputs that you would use to conduct a management review. Which inputs are mandatory inputs conforming to the requirements of Part 1?
Slide 81 Ask the class: Please provide examples of aspects to consider in a policy on continual improvement.
Slide 86 Exercise: C4.5 Establish and improve the SMS
Syllabus Area MS
You should be able to apply Part 1, its content, application, usage, and relevance to achieving certifi cation. This includes:
Comprehension of:
The concepts, responsibilities, requirements, and processes needed to conform to the SMS general requirements.
All of Clause 4 SMS general requirements.
Application of the SMS general requirements 20000-1 for a given scenario to:
Support the achievement of conformity to Part 1, identifying nonconformities, opportunities for improvements, and actions required.
Analyze and distinguish between appropriate and inappropriate application of the SMS general requirements for a given scenario, including:
The SM policy, SM objectives, and the service management plan.
Roles required for operation of the SMS general requirements.
16:00 Sample paper Question 1 with review
17:00 Close
Day 1 Homework Homework: Review and test 2
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Course Plan
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 11
Day 2 Topic Content Syllabus topics to cover
09:00 Review Review of day 1 and homework
09:15
Module 5
ISO/EC 20000
Specifi c service managemen t processes
Slide 89 - 150
Slide 92 Ask the class: What will the interfaces include? (Between the design and transition of new or changed services and the control processes).
Slide 95 Exercise: Part 1 requirements for Clause 5 to 9
For the design and transition of new or changed services (DTNCS) in Clause 5, identify the:
a) Process objectives
b) Process-specifi c policies and plans that are required to conform to the Part 1 requirements
c) Inputs and outputs of the process
d) Actions relating to the implementation of the process required by Part 1
e) Roles required for operation of the processes
Ask the class: To do the same as we go through Clauses 6 to 9.
Slide 97 Ask the class: For examples of typical business changes that impact service requirements and service-level requirements.
Slide 100 Ask the class: What are key considerations when defi ning the structure and content of the SLAs?
Slide 101 Ask the class: What is a good report?
Slide 102 and 103 Ask the class: Are the customer satisfaction reports good or bad? Give reasons.
Slide 103 Ask the class: Is this better? Is it missing anything? What are key considerations for service reporting?
Slide 104 Ask the class: For an example of each type of report.
Slide 105 Ask the class: Does the service report index show all of the mandatory
Syllabus Areas NC and DR
Understand the concepts, responsibilities, requirements, and integration of
NC New and changed services processes
DR Service delivery and relationship processes
NC Control processes
You should be able to:
Understand the concepts, responsibilities, requirements, and integration of the processes and specifi cally identify all requirements of the specifi c service management processes in Clause 5 to 9.
Apply each process to support the achievement of conformity to ISO/IEC 20000-1.
Identify, analyze, and distinguish between appropriate and inappropriate application of each process for a given scenario.
Specifi cally analyze with reasons the suitability and effectiveness of the processes, policies, and plans.
Determine whether actions and opportunities for improvement are appropriate and prioritised correctly.
Identify nonconformities and actions required..
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.12
Day 2 Topic Content Syllabus topics to cover
Slide 106 Ask the class: What aspects of the service continuity and availability plans should be under the control of change management?
Slide 100 Exercise: C6.3 Service continuity and availability management. How to achieve an end-to-end availability target for an email service. What availability monitoring activities are required to conform to the requirements of Part 1?
Slide 111 Ask the class: Budgeting and accounting. What do you think is included in service components? What are the important implementation considerations?
Slide 112 Ask the class: Which month should new capacity have been added to?
Slide 113 Ask the class: Examples of information and data for business capacity management, service capacity management, and component capacity management.
Slide 115 Ask the class: What IT security polices will a service provider need?
Slide 123 Ask the class: What would an assessor or auditor look for in a contract?
Slide 125 Test your understanding: Relationship processes.
Identify and justify the roles required for the operation of the process.
12:30 Lunch
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Course Plan
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 13
Day 2 Topic Content Syllabus topics to cover
13:30
Slide 134 Test your understanding: Resolution processes.
Assignment 3
1. Perform a self-assessment for your selected service provider for the incident and service request management process within a defi ned scope.
2. List the specifi c requirements for managing major incidents.
3. Identify the requirements in Part 1 for the interfaces between the:
a) Incident management and service-level management processes
b) Incident and problem management processes
c) Problem management and confi guration management processes
d) Problem management and change management processes
Slide 137 Ask the class: What would you control for a PC?
Slide 138 Ask the class: What confi guration item types are required in the SMS?
Slide 142 Ask the class: How can types of change be classifi ed?
Slide 130 Ask the class: In addition to the requirements on this slide, what statements are typically in a change management policy?
Slide 144 Ask the class: What would you include in a release policy?
Slide 145 Ask the class: Who are the relevant parties involved in release and deployment planning?Sam
ple M
ateria
l - Not
for R
eprin
t
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.14
Day 2 Topic Content Syllabus topics to cover
Slide 147 Ask the class: How do we measure and analyze the success or failure of a release?
Slide 148 Test your understanding: Release and deployment
Slide 149 Exercise:
1. Discuss and summarize how you can determine the suitability and effectiveness of the processes in Clauses 5, 8, and 9.
2. List examples of process improvements.
Recommend a set of roles required for operation of the processes together with your rationale.
15:30 Sample paper Question 2 and 3 with review
17:00 Close
Day 2 Homework
Read student handbook, sections 3.4 and 3.5. Read ISO/IEC 20000-1 requirements for internal audit.
Do sample paper question 4, part A and B.
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Course Plan
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 15
Day 3 Topic Content Syllabus topics to cover
09:00 Review of day 3
Review of day 2 and sample question 4, parts A and B.
Use slide 158 - types of audit, if required.
09:15
Module 5 Achieving ISO/EC 20000Slide 152 – 183
Slide 158 Ask the class: What is the main evidence required for an external audit?
Slide 159 Exercise: Types of audit
1. List the differences between:
a) Internal audit (within the service provider organization)
b) External – initial certifi cation audit
c) External – surveillance certifi cation audit
d) External – recertifi cation certifi cation audit
2. Summarize the responsibilities and activities for an external auditor of an RCB.
Slide 168 Assignment 4: Applicability and scope (see student handbook)
Slide 170 Ask the class: Do the Phase 1 activities seem sensible, from your experience?
Slide 179 Assignment 5: Planning and analysis of readiness for certifi cation (see student handbook for scenario)
Slide 181 Ask the class: Why is it important to inspect the certifi cate?
Syllabus Area AC
You should be able to identify, analyze, and distinguish between appropriate and inappropriate use of applicability, scope, APMG certifi cation scheme, and associated practices for achieving ISO/IEC 20000 by assessing typical scenarios. Specifi cally to:
Explain the responsibilities of parties with the APMG Certifi cation Scheme
Identify and distinguish conformity against ISO/IEC 20000-1
Identify, analyze with reasons, and make recommendations on scope, applicability, and governance of processes operated by other parties
Analyze an organization’s readiness for certifi cation with the rationale for the decision and recommendations
Produce and use a gap analysis report to achieve certifi cation and justify continual improvement
Plan and prepare an organization for certifi cation
Plan and apply the appropriate activities required for audits and certifi cation
Identify where the concepts of ITIL, ISO 9001, and ISO/IEC 27001 can be used and applied before, during, and after certifi cation
11:45 Sample paper Question 4 Part C, D, E and review of answers
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.16
Day 3 Topic Content Syllabus topics to cover
12:20 Course close and feedback Slide 184
12:30 Lunch
13:30 Review for exam
Cover a summary of the main syllabus points to prepare students for the exam.
14:00 – 17:00 Examination
17:00 Close
Sample
Mate
rial -
Not for
Rep
rint
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 17
Classroom Presentation
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.18
2
Exercises, sample exams, homeworkISO/IEC 20000 Parts 1, 2, 3, and 5
Course Contents
1. Course introduction 32. Overview of ISO/IEC 20000 133. ISO/IEC 20000 terms and definitions 414. Service management system (SMS) general requirements 535. Specific service management (SM) processes 896. Achieving ISO/IEC 20000 certification 1537. Summary and feedback 185
Slides
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Classroom Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 19
Module 1 Course Introduction
4
Notice
The information contained in this document is subject to change without notice. This document contains proprietary information that is protected by licensed copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs.The ISO/IEC 20000 Practitioner course includes Intellectual Property owned by ConnectSphereLimited, which is used by permission of Connect Sphere. All rights reserved.Information on international standards can be obtained from www.iso.orgCOBIT® is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute. ITIL® is a registered trademark of the Cabinet Office.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.20
5
Course Arrangements
ScheduleBreaks and refreshmentsMobile phonesMessagesFire alarmsBathroomsSmoking
Arrangements
6
Course Arrangements (Cont’d.)
Keep an open mind. It’s not just about taking the exam; it’s about understanding the principles and terminology of the approach.
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Classroom Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 21
7
ISO/IEC 20000 for Practitioners: Course Overview
Duration
Target Audience
Prerequisites
Purpose
Holder of the ITIL ® Foundation Certificate in IT Service Managementor an approved ISO/IEC 20000 Foundation Certificate
Three-day course or 18 hours of learning time, of which 16 hours involve direct contact
Practitioners, managers, and consultants involved in a service management system (SMS) or ongoing activities based on ISO/IEC 20000
To ensure that a candidate has sufficient understanding of ISO/IEC 20000 and its application to be able to analyze and apply his or her knowledge to a range of activities that would support organizations in conforming to the requirements of ISO/IEC 20000-1, and to achieve and retain the ISO/IEC 20000 certification.
ITIL® is a registered trade mark of the Cabinet Office
8
The scope, objectives, and high-level requirements of the ISO/IEC 20000 for Practitioners include learning to:
Interpret the purpose, use, and application of Parts 1, 2, 3, and 5 of the standard Assist and advise organizations in achieving conformance to ISO/IEC 20000-1 (Part 1) and certification Explain and advise on issues of applicability and scope definition Explain the relationship between ISO/IEC 20000 and ITSM best practices, ITIL® and related standards, ISO 9001 and ISO/IEC 27001, and how these can be used to support the achievement of certification to ISO/IEC 20000Explain and apply the requirements of ISO/IEC 20000-1 Explain the use of technology and tools to support the implementation and improvement of an SMS, achieve certification, and support ongoing conformance to ISO/IEC 20000-1 Advise and assist in certification readiness assessments to evaluate an SMS against the requirements of ISO/IEC 20000-1Generate a gap analysis supported by an improvement and implementation plan Create and apply a service management plan, including policies and objectivesCreate, apply, and evaluate processes, procedures, process-specific plans, and process-specific policies required by ISO/IEC 20000-1 Assist and advise organizations on the implementation of continual improvement processesPrepare organizations for an ISO/IEC 20000 certification audit using the regulations of the APMG ISO/IEC 20000 certification scheme
ISO/IEC 20000 for Practitioners Learning Objectives
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.22
9
ISO/IEC 20000 for Practitioners: Agenda
IntroductionOverview of ISO/IEC 20000Terms and definitionsSMS general requirementsHomework: Review and test paper
Day 1
Day 2
Review homeworkSpecific service management processesMock examination Homework: Review
Review Achieving ISO/IEC 200000 certification Course evaluationExamination
Day 3
10
Introductions
Please tell us about your:Experience with the organization and IT service management Experience in ISO/IEC 20000 Knowledge of Part 1Role in ISO/IEC 20000 Expectations for the session
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Classroom Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 23
11
ISO/IEC 20000 for Practitioners: Exam Overview
Each question has two to five parts with question items.Each question has 20 question itemsTotal: 80 question items, each worth 1 point
Open book (ISO/IEC 20000-1:2011)Scenario, question, and answer booklets
One exam of three hours’ duration (180 minutes) No additional reading timeOne exam of three hours’ duration (180 minutes) No additional reading time
Passing score is 40+ out of 80 points (50%)Passing score is 40+ out of 80 points (50%)
ExamExam
4 exam questions4 exam questions
Question exampleQuestion 1
Part A• Question item 1• Question item 2• Question item 3• Question item 4• Question item 5
Part B• Question item 1• Question item 2
Part B….
Part C…
12
APMG ISO/IEC 20000 Qualification Scheme
Foundation, Practitioner, and Auditor QualificationsAPMG ISO/IEC 20000 Learning Outcomes Assessment Model
1. Knowledge Know facts, including terms and definitions,
concepts, requirements, processes, key
responsibilities, and use of documents
outlined in the standard
2. Comprehension Understand the
concepts, responsibilities, and tools used and the
requirements, processes, and
documents needed to conform to the
standard
3. Application Be able to apply key
ITSM concepts relating to achieving the requirements of
ISO/IEC 20000 for a given scenario
4. Analysis Be able to identify,
analyze, and advise on appropriate use of ITSM methods and
techniques to achieve the requirements of
ISO/IEC 20000 through assessing typical scenarios
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.24
13
Competitive
Today’s Business Environment
New products and services
Business development
Regulatory and legal requirements Globalization
Mergers/integrations
Economic challenges
Increasing dependence on information technology and related services
Cloud computing
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Classroom Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 25
Module 2 Overview of ISO/IEC 20000
15
Overview of ISO/IEC 20000: Module 2 Objectives
The purpose and use of ISO/IEC 20000-1The relationship between ISO/IEC 20000 part 1, 2, 3, 5The relationships and differences between ISO/IEC 20000 and ITIL Where the concepts of ITIL, ISO 9001, and ISO/IEC 27001 can be usedTypes of audit, requirements, and evidence required for ISO/IEC 20000Roles and responsibilities within the APMG certification scheme
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.26
16
What is service management?
Service management is a set of capabilities and processes that: Directs and controls the service provider’s activities and resources.Designs, transitions, delivers, and improves services to fulfillthe service requirements.
17
Examples: Benefits of adopting service management best practices
IT service management – Represents the lifecycle stage that consumes approximately 70 to 80 percent of the total IT
expenditure.
Gartner– Cost per call down by 30 percent– 85 percent resolution at first point of contact– 50 percent reduction in new product cycle
Datalect Group Ltd.– Delivery of services focused on business and customer needs– 20 percent reduction in operational costs through proactive problem management– Creation of competitive advantage – Demonstration of strengths as a strategic partner
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Classroom Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 27
18
Information Technology: ISO/IEC 20000 SMS
• SMS requirementsPart 1 - 2011
• Guidance on the application of SMSPart 2 - 2012
• Guidance on scope definition and applicability of ISO/IEC 20000 (technical report)Part 3 - 2009
• Service management process reference model (technical report, not in the syllabus) Part 4 - 2010
• Sample implementation plan (technical report)Part 5 - 2010
2000 2002 2005 2009 2010 2011 2012
19
Introduction to ISO/IEC 20000-1:2011 (Part 1)
Information technology service management —Part 1: SMS Requirements
An international standard based on tried and tested industry practices for IT service management.Used by a broad base of organizations worldwide that apply its best practices and principles in a variety of ways.Part 1 includes requirements for the design, transition, delivery, and improvement of services that fulfill service requirements and provide value for both the customer and the service provider.The coordinated integration and implementation of an SMS provides ongoing control and opportunities for continual improvement, greater effectiveness, and efficiency.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.28
20
Using ISO/IEC 20000 Part 1
Seek services from a service provider with the assurance that its service requirements will be fulfilled. Wants all of the service providers in its supply chain to use a consistent approach.
An organization uses Part 1 when it wants to: An organization uses Part 1 when it wants to:
Monitor, measure, and review its processes and services. Design, transition, deliver, and improve services that fulfill service requirements. Improve its design, transition, and delivery of services through the effective implementation and operation of an SMS.
A service provider uses Part 1 to demonstrate its capability to: A service provider uses Part 1 to demonstrate its capability to:
As a set of criteria for a conformity assessment of a service provider’s SMS to the requirements in Part 1.
An assessor or auditor uses Part 1: An assessor or auditor uses Part 1:
21
ISO/IEC 20000 -1: 2011 (Part 1)
The first edition of the SMS requirements was published in 2005. A revised version was published in April 2011.The SMS requirements set a “management system” standard that requires a service provider to establish and improve SMS.Clauses include mandatory requirements or “shalls” that describe:
Something that is a “must do,” is “necessary,” or “has” to occur.Something definite about the requirements, expressed with “is required to.”
“Shall” statements are audited for certification or conformance and no deviation is permitted, if the clause is within scope.The SMS requirements are framework-independent. SMS requirements provide a basis for assessments and act as the auditing standard and model for certification.
Information Technology Service Management — Part 1: SMS RequirementsInformation Technology Service Management — Part 1: SMS Requirements
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Classroom Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 29
22
Part 1 and the Service Management System (SMS)
Based on Figure 1, ISO/IEC 20000-1: 2011
CHECK
Service management
system (including processes)
PLAN
ACTDO
Services
The SMS is a management system to direct and control the service management activities of the service provider.It is how an organization performs service management by applying an integrated process approach and continual improvement. The service provider is responsible for continual improvement of the SMS. This is done by working with the customer and interested parties for improving the services using the Plan-Do-Check-Act (PDCA) methodology.
23
ISO/IEC 20000-1 SMS
6. Service delivery processes
8. Resolution processes 7 Relationship processes
9. Control processes
CapacitymanagementService continuity and availability management
Service level managementService reporting
Information security management
Budgeting and accounting for services
Incident andservice request management Problem management
Business relationship managementSupplier management
Configuration managementChange management
Release and deployment management
5. Design and transition of new and changed services
4. Service management system general requirementsResponsibility managementGovernance of processes operated by other parties
Documentation management Resource management Establishing and improving the SMS
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.30
24
ISO/IEC 20000 -1: 2012 (Part 2)
The first edition was published in 2005 as a Code of Practice. It was revised in early 2012.It is used by implementers, practitioners, assessors, and auditors.It guides the application of SMS. It is different from Part 1. No “shalls.”Part 2 uses “should,” “can,” or “may”.
“Should” is used to make recommendations. Equivalent expressions are “it is recommended that” or “ought to.”“Can” means “be able to,” “there is a possibility of,” or “it is possible to.”“May” is used to signify permission. Equivalent expressions are “is permitted,” “is allowed,” or “is permissible.”
ISO/IEC 20000-2:2012 Guidance on the application of service management systemsISO/IEC 20000-2:2012 Guidance on the application of service management systems
25
ISO/IEC 20000 and other management system standards
Management system standards cover:Management responsibility
Documentation managementResource management
Plan-Do-Check-Act
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Classroom Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 31
26
ISO/IEC 20000 and ITIL
ISO/IEC 20000 ITIL A standard containing requirements that can be used as the basis of a conformity assessment or certification for an organization
A set of best practice guidelines
Specifies the requirements for a service management system
Has very little information about management systems but contains detailed information on all stages of the service lifecycle
Uses the Plan-Do-Check-Act methodology (Deming cycle) for continual improvement
Uses the seven-step improvement process (which is mapped to the Plan-Do-Check-Act methodology) for continual improvement
Includes service management processes but not functions
Includes service management processes and functions
Specifies WHAT needs to be done Provides guidance on HOW to do the activities
27
IT Service Management Standards and Best Practices
Implementation and improvement
Policies, plans, processes, and procedures
Best practices such as ITIL
Part 2 and other parts of 20000 series
Part 1Assessment and
certification against ISO/IEC 20000-1
An auditor uses Part 1 to assess the service provider’s implementation and improvement of the documents that demonstrate management intent (bottom layer)
Service providers use best practices for assessments, designing new or changed services, implementing service management, and improvement. This can trigger updates to the documents.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.32
28
ISO/IEC TR 20000-3:2009 (Part 3)
Technical report may become a standardDescribes:
Different types of scope definition Examples based on complex supply chainsProcess governance and acceptable delegation of service management activity
Information Technology Service Management — Part 3: Technical ReportGuidance on scope definition and applicability of ISO/IEC 20000Information Technology Service Management — Part 3: Technical ReportGuidance on scope definition and applicability of ISO/IEC 20000
29
ISO/IEC TR 20000 -5 (Part 5)
Service management
system
Continual improvement
Chaos
Phase 3
Phase 2
Phase 1
Information Technology Service Management — Part 5: Technical Report Sample implementation planInformation Technology Service Management — Part 5: Technical Report Sample implementation plan
Phased approach to implementing policies and processes How to achieve ISO/IEC 20000-1
Sample
Mate
rial -
Not for
Rep
rint
Student | ISO/IEC 20000 Practitioner | Classroom Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 33
30
ISO/IEC 20000 Series: Who Uses What Part?
Part1
Part2 Part 3 Part 4 PRM
Part 5
Auditors and assessors
CSI managers
Process owners
Project managers
Service operations managers
Service owners
• Parts 7, 10, and 11 are in development.
31
Service ManagementISO/IEC 20000 series Systems
engineeringISO/IEC 15288
Quality management
ISO 9000 series
ITILGovernance
standards (38500 series)
Information security
ISO/IEC 27000 series
S/W Asset Management (SAM)
ISO/IEC 19770
S/W Reference Model
ISO/IEC 12207
Process assessment model (SPICE)ISO/IEC 15504
Software & systems engineering(process reference & process assessment)
9001 for S/WISO/IEC 90003
COBIT
Managementsystemstandards
1702119011
ISO/IEC 20000 and the Wider Standards Landscape
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.34
32
ISO/IEC 20000 Publications and Relationships
Related to ISO/IEC 20000:Introduction to the ISO/IEC 20000 Series. IT Service Management, business improvement publications (BIP) 0125 by DUGMORE, Jenny, and Shirley LACY, London BSI, 2011.A Guide to the New ISO/IEC 20000-1: The Differences Between the 2005 and the 2011 Editions, BIP 0124 by COOPER, Lynda, London BSI, 2011.A Manager’s Guide to Service Management , 6th ed., BIP 0005 by DUGMORE, Jenny, and Shirley LACY, London BSI, 2011.ISO/IEC 2000 Self-Assessment Workbook, ConnectSphere by DUGMORE, Jenny, 2012.
Other complementary publications ITIL COBITSix SigmaCMMI and eSCMProject management: PRINCE 2, PMBOK
33
Types of Audits
Determines whether the SMS and the services:fulfill the requirements of this part of ISO/IEC 20000fulfill the service requirements and the SMS requirements identified by the service providerare effectively implemented and maintained
Internal audit Internal audit
Initial certification auditSurveillance auditRecertification
Third-party audit Third-party audit
Sample
Mate
rial -
Not for
Rep
rint