ISO/IEC20000 Overview and Cer2fica2on Approach
Agenda 1. ISO20000 Overview 2. Associated Standards and Frameworks 3. ISO20000 and ITIL 4. Cer2fica2on Approach (Phase1) Service Management Maturity 5. Cer2fica2on Approach (Phase2) Scoping Statement 6. Conclusion IG Service Consul2ng Nov 2012 Slide 2
ISO20000 Overview Standard for IT Service Management IT Service Management as an integrated business func2on Overall goals for IT Service Management Ø Customer focussed Ø Ø Ø Integra7on of Processes End- to- end Service Management Con7nual Service Improvement Requires IT Service Management to be a value add element of the business IG Service Consul2ng Nov 2012 Slide 3
ISO20000 Overview Around 700 Cer2ficated organisa2ons worldwide (Nov 2012) Range of organisa2on types Only 50 UK based Cer2fica2on is gained by mee2ng criteria set out within the standard to a defined and agreed scoping statement The scoping statement refers to the whole, or to a part of IT Service Management defined by: Ø Customers Ø Services Ø Geography Ø Organisa7onal Units IG Service Consul2ng Nov 2012 Slide 4
Associated Standards and Frameworks IG Service Consul2ng Nov 2012 Slide 5
Associated Standards and Frameworks etom BS25999 ISO20000 ITIL COBIT ISO27001 ISO9001 IG Service Consul2ng Nov 2012 Slide 6
Associated Standards and Frameworks ISO20000 draws on elements required by other cer2fica2ons Ø Management Systems Ø Process defini7ons Ø Roles and Responsibili7es Ø Documents and Records Uses the ITIL Framework as a basis for process requirements Other cer2fica2ons do not map exactly, but do accelerate cer2fica2ons Ø Business Con7nuity - BS25999 Ø Informa7on Security - ISO27001 Ø Quality Management - ISO9001 IG Service Consul2ng Nov 2012 Slide 7
ISO20000 Standard and ITIL Service Management Framework IG Service Consul2ng Nov 2012 Slide 8
ISO20000 History Date Standard or Framework 1996 ITIL V1 2000-2001 ITIL V2 Nov 2000 BS15000 Dec 2005 ISO20000 May 2007 ITIL V3 Apr 2011 ISO20000 July 2011 ITIL V3 (2011) IG Service Consul2ng Nov 2012 Slide 9
ISO20000 History ISO20000:2005 was somewhat aligned to ITIL V2 ISO20000:2011 provides a closer alignment to ITIL V3 Ø Service Management System is covered within Service Strategy Ø Business Rela7onship Management is now also explicit in Service Strategy Ø Planning and Implemen7ng is directly linked to Con7nual Service Improvement and Service Transi7on Ø Planning New Services links to Service Strategy IG Service Consul2ng Nov 2012 Slide 10
ISO20000-1:2005 IG Service Consul2ng Nov 2012 Slide 11
ISO20000-1:2011 Management Responsibility Service Management System Governance of Processes Operated by other par7es Establish SMS Documenta7on Management Capacity Management Service Continuity & Availability Management Resource Management Design and Transition of New and Changed Services Service Delivery Processes Service Level Management Service Reporting Control Processes Configuration Management Change Management Release and Deployment Management Information Security Management Budgeting and Accounting for IT Services Resolution Processes Incident Management and Service Request Management Problem Management Relationship Processes Business Relationship Management Supplier Management IG Service Consul2ng Nov 2012 Slide 12
ISO20000 and ITIL IG Service Consul2ng Nov 2012 Slide 13
ISO20000 and ITIL Despite some differences, the ITIL framework is the pladorm from which to target ISO20000 cer2fica2on ITIL advocates: Ø Management System Ø Defini7on of policies, processes and procedures Ø Process and service ownership, roles and responsibili7es Ø The integra7on of Service Management processes Ø A common Service Management language Ø Measurement and Con7nual Service Improvement Provides recognised industry standard training and educa2on IG Service Consul2ng Nov 2012 Slide 14
ISO2000 to ITIL Mapping ISO20000 ITIL V2 ITIL V3 Requirements for a Management System Planning and Implemen7ng Service Management Planning and Implemen7ng New or Changed Services Rela7onship Processes Business Rela2onship Management Supplier Management Service Delivery Processes Service Level Management Service Repor2ng Budge2ng and Accoun2ng for IT Services Service Con2nuity and Availability Management Capacity Management Informa2on Security Management Planning to Implement Service Management The Business Perspec8ve Service Delivery Service Level Management Financial Management for IT Services IT Service Con2nuity Management Availability Management Capacity Management Security Management (Demand is implied in Capacity Management) Service Strategy ITIL Update 2011 includes a Service Management System Con7nual Service Improvement Con2nual Service Improvement Service Strategy Service Pordolio Management Service Opera7on, Service Design Supplier Management Service Desk Service Strategy, Service Design, CSI Service Level Management Service Repor2ng Financial Management IT Service Con2nuity Management Availability Management Capacity Management Informa2on Security Management Demand Management IG Service Consul2ng Nov 2012 Slide 15
ISO2000 to ITIL Mapping ISO20000 ITIL V2 ITIL V3 Resolu7on Processes Incident Management Problem Management Service Support Incident Management Service Desk Problem Management Service Opera7on Incident Management Request Fulfilment Service Desk Problem Management Control Processes Configura2on Management Change Management Release Processes Release Management Service Support Configura2on Management Change Management Service Desk Service Support Release Management Out of ISO20000 Scope ICT Infrastructure Management Applica8ons Management Service Transi7on, Service Opera7on Service Asset and Configura2on Management Change Management Service Desk Transi2on Planning and Support Service Valida2on and Tes2ng Evalua2on Service Transi7on Release and Deployment Management Transi2on Planning and Support Out of ISO20000 Scope Service Transi7on, Service Opera7on Access Management Event Management IT Opera2ons Knowledge Management Monitoring and Control IG Service Consul2ng Nov 2012 Slide 16
ISO20000 Cer2fica2on Phase 1 IG Service Consul2ng Nov 2012 Slide 17
Planning and Prepara2on Stage 6 Sign- off Stage 5 Repor2ng/Business Case Stage 4 Assessment IT Service Management Capability Stage 1 ISO20000 Drivers Stage 2 Evidence Gathering Stage 3 Evidence Review IG Service Consul2ng Nov 2012 Slide 18
ISO20000 Cer2fica2on Drivers Sales Revenues Market Opportuni2es Speed to Market Speed to introduce new services Service Improvements Service Cost Reduc2ons Service Quality Regulatory Requirements IG Service Consul2ng Nov 2012 Slide 19
Understand the Specifica2on Gain a solid understanding of the specifica2on Ø Now consists of 8 parts!! Ø Get assistance where appropriate Ø ISO20000 training courses All processes MUST be evidenced to gain cer2fica2on Ø 13 defined processes Ø Plus Management System, CSI and New Service Planning There are +170 shalls to consider Ø By contrast ISO9001 has 130 shalls IG Service Consul2ng Nov 2012 Slide 20
Understand the Code of Prac2ce Significant number of should statements Ø Most are shalls by implica7on Example Incident Management Ø The Specifica7on make a single reference to resolving incidents. The CoP specifically makes specific reference - concerned with the restora7on of service not determining the cause of the Incident Ø There is a single statement rela7ng to Major Incident in the Specifica7on and a significantly more in the CoP CoP focuses on the integra2on of processes and the roles and responsibili2es Ø ITIL is much more explicit regarding process integra7on IG Service Consul2ng Nov 2012 Slide 21
Evidence Gathering Determine what evidence to gather Ø Use ITIL manuals in conjunc7on with the standard Determine the level of evidence to gather Ø May be easier to take everything at this stage Ensure there is an understanding of a document and a record Ø Document evidence of inten7ons Ø Record evidence of ac7vi7es/outcomes Determine who you need to involve Ø It may be necessary to approach suppliers/customers IG Service Consul2ng Nov 2012 Slide 22
Evidence Gathering Collate all documenta2on and records rela2ng to IT Service Management Ø Strategy Ø Policies Ø Processes Ø Procedures Ø Service Catalogue Ø Organisa7onal Structures Ø Improvement Plan Ø Service Review Minutes Ø Service Plans Ø Client Reports Ø Audit Results Ø Roles and Responsibili7es Ø Training Records Ø Agreements and Contracts Ø Common Terms and Language Ø Outage Reports IG Service Consul2ng Nov 2012 Slide 23
Evidence Review Review in accordance with the Standard and the Specifica2on Immediate high level view of non- conformi2es Ø Processes not in evidence Ø No process owner Ø No contract/agreement in place Ø Etc. Review provides a sound basis for ques2oning and improving the Assessment outcomes Determine a level of acceptable quality IG Service Consul2ng Nov 2012 Slide 24
Assessment Process Owner Interviews Draw conclusions on gaps between documented evidence and actual opera2ons Ajend opera2onal mee2ngs (CABs, Morning Prayers ) Review quality and consistency of documents and records From a documentary point of view Ø Is the evidence Documented? Ø Is the evidence Communicated appropriately? Ø Is the evidence being Used? Ø Is the evidence being Reviewed for being fit for purpose? Ø Is the evidence being Improved where necessary? IG Service Consul2ng Nov 2012 Slide 25
Assessment The Assessment should also consider Ø Toolsets Ø Services and process are entrusted to appropriately qualified staff Ø Ac7vi7es are linked Ø Considera7ons of Business and Customer requirements Ø Management direc7on Ø Con7nual Service Improvement IG Service Consul2ng Nov 2012 Slide 26
IT Service Management Maturity Assessment of Service Management Capability Ø Service Management Maturity Assessments (various) Ø BIP0015 IT Service Management Self Assessment Workbook:2011 Ø COBIT Adhoc/ Chao7c Repeatable Defined & Documented Measured & Managed Op7mised Level 1 Level 2 Level 3 Level 4 Level 5 Undocumented Unpredictable Adhoc Very reac2ve SLAs not followed Few measures Repeated service process Some records and documents Some measures Some SLAs met Defined services Documents and records Mostly measured Most SLAs met Service Catalogue Documents and records Proac2ve SLAs guaranteed Service costs known Integrated processes IT as a strategic partner IT and business collabora2on IT within business planning Con2nual Service Improvement IG Service Consul2ng Nov 2012 Slide 27
IT Service Management Maturity What Service Management processes are in opera2on? How is it structured? Does it meet customer needs? What documenta2on exists? What records exist? What is the gap between the documented approach and actual delivery? Qualified staff (technical, ITIL, ISO20000) Is there an Improvement Plan What level of maturity is evident? IG Service Consul2ng Nov 2012 Slide 28
Business Case Opera7onal Benefits Process Integra2on Efficiency and Effec2veness Maturity Improvement Improved Rela2onships Business Benefits Customer Alignment Customer Sa2sfac2on Business Alignment Strategic Alignment Business Case Management Benefits Defining Areas for Improvement Accuracy of Measurement Clarity of Target Senng Realised Cost Savings Sales Benefits Increased Opportuni2es Reduced Compe22on Speed and Accuracy of Responses Marke2ng IG Service Consul2ng Nov 2012 Slide 29
Cer2fica2on Timescales Cer2fica2on 2mescales are rela2ve to: Ø Scope Number of Services, Loca7ons, Teams Ø Size Number of Staff/Partners/Suppliers Ø Complexity and Cri7cality Detail and Interdependencies Ø Skills and Experience Internal and External Par7es Ø Current Capability Maturity Level Ø Exis7ng Cer7fica7ons Experience of Management Systems Possible 2melines Ø 2 to 3 months to get to Assessment/Business Case Ø? months to Cer7fica7on readiness Ø 3 months of evidence is required to show processes and records capture are embedded IG Service Consul2ng Nov 2012 Slide 30
Cer2fica2on Costs Budge2ng for cer2fica2on should consider the following: Ø Consultancy Ø Training Ø Process Improvement Ø Tools Ø Project Management Ø Cer7fica7on Ø Timescales IG Service Consul2ng Nov 2012 Slide 31
ISO20000 Cer2fica2on Phase 2 IG Service Consul2ng Nov 2012 Slide 32
Route to Cer2fica2on Cer2fica2on Audit Success Pre- Assessment Audit Define Project Analysis and Alignment Engage Registered Cer2fica2on Body Define Scoping Statement IG Service Consul2ng Nov 2012 Slide 33
Cer2fica2on Project Planning People Who to involve Processes Defined by the Standard Products Toolset requirements The Services Service Level Agreements Partners Suppliers Contracts Customers IG Service Consul2ng Nov 2012 Slide 34
Engage RCB There are no conflicts in using previously used RCBs There may be benefits in using previously instructed RCBs in rela2on to: Ø ISO9001 Ø ISO27001 Ø BS25999 5 UK based RCBs Ø BSI Ø DNV Ø Lloyds Ø ISOQAR Ø SGS IG Service Consul2ng Nov 2012 Slide 35
Scope Statements Define the scope with your RCB Scoping Statement includes: Ø The Customers Ø The Services Ø The Loca7ons Ø The Organisa7onal Units Scoping Statement will have suppor2ng detail Where feasible build in possible/probable service adjustments Ø Specify services set out in the Service Catalogue instead of specific lis7ng of services Ø Customers encapsulated by a specific contract type IG Service Consul2ng Nov 2012 Slide 36
Scoping Statements Example Scoping Statements Thales Informa7on Systems Ltd The Scope of the cer7fica7on is: The IT Service Management System that supports the provision of managed IT services for internal and external customers as specified in contract schedules. The Loca7on covered by the cer7fica7on is: MontBajen House, Basing View, Basingstoke, RG21 4HJ, United Kingdom. BT Ireland The Scope of the cer7fica7on is: The IT Service Management System that covers the provision, support and management of the Wide Area Network, Contact Centre and Voice Services to the Bank of Ireland within the technical and organisa2onal boundaries of BT Ireland and in accordance with the contract schedules. The Loca7on covered by the cer7fica7on is: Grand Canal Plaza, Upper Grand Canal Street, Dublin 4, Eire. IG Service Consul2ng Nov 2012 Slide 37
Analysis and Alignment Standard requires robust processes and systems with a level of maturity Ø Processes and systems should be in place for a reasonable period (3 months) prior to cer7fica7on audit Capture gaps and set out a plan Document management is required Communica2on and awareness IG Service Consul2ng Nov 2012 Slide 38
Cer2fica2on Process Time to complete the cer2fica2on audit is dependent on scope Ø Scale Ø Services Ø Loca7ons 5 months would be the minimum Once cer2fied Ø Surveillance Audits at least every 12 months Ø Recer7fica7on every 3 years IG Service Consul2ng Nov 2012 Slide 39
Conclusion IG Service Consul2ng Nov 2012 Slide 40
ISO20000 MUST comply with all aspects of the standard and specifica2on Ø 13 Processes Ø 3 Management and Planning systems Should show at least 3 months of opera2on using the standard Audit will want to see at least 1 improvement plan Ø A quick win series of improvements is beneficial IG Service Consul2ng Nov 2012 Slide 41
Approach Review 2 Phase approach Phase 1 Ø Build case for ISO20000 cer7fica7on and communicate inten7on Ø Define current state of IT Service Management Ø Consider likely Scoping Statement Phase 2 Ø Define Scoping Statement Ø Assess, design, build, test, embed processes and systems Ø Cer7fy and maintain IG Service Consul2ng Nov 2012 Slide 42
Approach Review Cer2fica2on Audit Success Pre- Assessment Audit Define Project Analysis and Alignment Engage Registered Cer2fica2on Body Define Scoping Statement IG Service Consul2ng Nov 2012 Slide 43
Use the Frameworks Use the Frameworks Ø ITIL forms the basis of ISO20000 Ø etom is equally aligned Ø ITIL defines a common Service Management language Ø ITIL training will provide correct ability staff Ø Service Management Maturity Assessments are mature processes and can assist Ø BIP0015 is directly linked to ISO20000 Ø COBIT is also appropriate and links to maturity IG Service Consul2ng Nov 2012 Slide 44
Ques2ons and Answers IG Service Consul2ng Nov 2012 Slide 45