Download - Successful with ISO/IEC 20000
We make ICT strategies work
Detecon
Successful with ISO/IEC 20000
Content
1. Management Summary
2. Why your Organization needs ISO/IEC 20000
3. ISO/IEC 20000 an Overview
4. ISO/IEC 20000 Approach and Methodology
5. Contact
6. References
7. Backup
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 2 – © D
etec
on
ISO/IEC 20000 is the norm of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) for IT Service Management.
The ISO/IEC 20000 certificate is the proof that your IT organization is customer focused, able to deliver services which meet defined quality levels by using resources economically.
The aim of an ISO/IEC 20000 certification is a long-term increase in efficiency and flexibility of the entire IT organization based on best-practices.
Management attention as well as a high level of maturities for the services and high process quality are the key for a successful ISO/IEC 20000 certification.
ITIL is strongly aligned with ISO/IEC 20000 and it offers a rather detailed collection of best practices, which are a good basis for designing ISO/IEC 20000 compliant processes, so that introducing ITIL is the best way to prepare an organization for the ISO/IEC 20000 certification.
Detecon’s project approach consists of seven consistent and coordinated phases, which lead to qualitative statements concerning the maturity levels of the IT organization.
This approach will put your organization in the position to know exactly the gaps and the necessary activities in order to achieve ISO/IEC 20000 certification.
In cooperation with your organization Detecon will lead you through the certification process, as described in this presentation.
Management Summary
Detecon will support your IT organization during the whole ISO/IEC 20000 certification process.
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 3 – © D
etec
on
Content
Arguments for ISO/IEC 20000Benefits of ISO/IEC 20000
2. Why your Organization needs ISO/IEC 20000
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 4 – © D
etec
on
ISO/IEC 20000 is increasingly seen as the quality standard for IT Service Management and it is internationally recognized.
ISO/IEC 20000 certified organizations demonstrate superiority over competitors.
The establishment of a service quality management system allows an excellent support of the IT processes in a continual service improvement environment.
Because of the optimization of necessary interfaces between management, IT delivery organization, suppliers and customers, the performance of the organization will increase significantly while cost will decrease.
After ISO/IEC 20000 certification the IT organization will be able to use all necessary mechanisms for the delivery of high quality IT services.
The maturity level of IT organizations has a significant effect to the IT expenses:
The higher the maturity level the lower the IT expenses.
Higher maturity level lead to improved quality of service and increase business and customer confidence & satisfaction.
ISO/IEC 20000 enables your IT organization for higher maturity levels.
IT organizations such as service providers have an instrument for monitoring and improving their services.
Business departments will be sufficient to get the best value for their money and they will know why they spend money for IT and exactly for what they spend the money.
Why your Organization needs ISO/IEC 20000
The ISO/IEC 20000 certificate confirms that your IT organization is customer focused, able to deliver services which meet defined qualities by using resources economically.
Arguments for ISO/IEC 20000
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 5 – © D
etec
on
Why your Organization needs ISO/IEC 20000
The aim of an ISO/IEC 20000 certification is a long-term increase in efficiency and flexibility of the entire IT organization based on best-practices.
Benefits of ISO/IEC 20000
ISO/IEC 20000Certification
Alignment of IT services and
business strategy
Establish a management
system framework
Increase in IT process quality (pro-active vs. re-active)
Reducing IT process times and costs Service-orientated
planning, control and monitoring
Increase in customer
satisfaction
Enhanced company reputation and superiority over
competitors
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 6 – © D
etec
on
Content
Market PerspectiveParts of ISO/IEC 20000The IT Service Management System
3. ISO/IEC 20000 an Overview
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 7 – © D
etec
on
According to the IT Service Management Forum (itSMF) currently more than 400 companies world wide are certified against ISO/IEC 20000.
ISO/IEC 20000 is a set of controls and criteria against which an IT organization can be assessed for effective IT Service Management processes.
To become formally certified IT organizations will be assessed by an itSMF Registered Certification Body (RCB).
Once the requirements of ISO/IEC 20000 have been satisfied, the RCB will issue a certificate of conformance.
The organization will be then eligible to use the itSMF ISO/IEC 20000 logo as a sign of their achievement.
Information Technology Infrastructure Library (ITIL, especially the new version 3 is strongly aligned with ISO/IEC 20000 and it offers a rather detailed collection of best practices – which are a good basis for designing ISO/IEC 20000 compliant processes.
Introducing ITIL is therefore the best way to prepare an organization for ISO/IEC 20000 certification.
The increasing demand is also reflected in a Detecon study, which points out that ISO/IEC 20000 is the most important standard beside ITIL and COBIT in business IT alignment.
ISO/IEC 20000 an Overview
ISO/IEC 20000 is internationally recognized and is increasingly seen an upcoming CIO topic for the next years.
Market Perspective
248
19623
134
Europe Asia Pacific
AfricaMiddle East
Middle and South America
North Amercia
1%
27%
5%
0%18%
49%
Source: itSMF (IT Service Management Forum); 08.01.2010http://www.isoiec20000certification.com/lookuplist.asp?Type=9
Source: Detecon Studie: Die geschäftsfokussierte Informationstechnologie; 08/2009; http://www.detecon.com/de/publikationen/studien/studien.html?unique_id=37468
Certified Organizations Remarks and Comments
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 8 – © D
etec
on
ISO/IEC 20000 an Overview
ISO/IEC 20000 consists of three parts which are described as “Information Technology –Service Management”.
Parts of ISO/IEC 20000
ITIL: IT Infrastructure Library ISO 9001: Quality Management ISO/IEC 27001: Information Security Management Systems
Related and Complementary Standards
ISO/IEC 38500: Corporate Governance of Information Technology
COBIT: Control Objectives for Information and Related Technology
Part 2 (ISO/IEC 20000-2:2005) represents an industry consensus on quality standards for IT service management. The approach focus on the delivery of best possible services to meet business needs within agreed resource level, cost and manageability.
Service provider should adopt common terminology, a consistent approach for service management and a common basis for improvements in services.
It provides guidance to auditors and offers assistants to service providers for planning service improvements.
2: Code of Practice
Part 1 (ISO/IEC 20000-1:2005) defines the requirements for the adoption of an integrated process approach for the delivery of managed services to meet business and customer needs in an acceptable quality.
This part offers a number of closely related service management processes.
Objective and controls contained in part 1 are not exhaustive. Additional objectives and controls must be considered by each organization in accordance to their particular business objectives.
1: Specification
Part 3 (ISO/IEC 20000-3: 2009) provides guidance and commentary on scope definition, applicability and demonstration of conformity for the IT organization aiming to fulfill the requirements specified in ISO/IEC 20000-1.
This part of ISO/IEC 20000 provides practical examples of scope statements for establishing a service management system (SMS) in service organizations.
3: Guidance on Scope Definition
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 9 – © D
etec
on
Requirements for a Management SystemManagement responsibility; documentation requirements; competence, awareness and training
ISO/IEC 20000 an Overview
Management attention as well as a high level of maturities for the services and high process quality are the key for a successful ISO/IEC 20000 certification.
The IT Service Management System
Planning & Implementing Service ManagementPlan, Implement, Monitor, Improve (Plan, Do, Check, Act)
Planning & Implementing New or Changed ServicesPlanning and implementing new or changed services
Service Delivery Processes
Relationship ProcessesRelease Process
Solution Processes Incident Management Problem Management
Release and Deployment Management
Business Relationship Management
Supplier Management
Capacity Management IT Service Continuity
Management Availability Management
Information Security Management
Budgeting and Accounting for IT Services
Service Level Management Service Reporting
Control Processes Service Asset and
Configuration Management Change Management
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 10 – © D
etec
on
Content
Success Factors for Planning and Achieving CertificationProject ApproachProject Prerequisites and ResultsProject Timeline – ExemplaryPhase 1: Preparation & AwarenessPhase 2: Analysis & AssessmentPhase 3: Service DesignPhase 4: ImplementationPhase 5: AuditPhase 6: Continual ImprovementPhase 7: Project Management/ Controlling, Quality Assurance
4. ISO/IEC 20000 Approach and Methodology
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 11 – © D
etec
on
Management commitment
Proper assessment and the awareness of the organization
Project organization: involvement of certified consultants and motivated personnel
Timely involvement of certified auditor
Involvement and commitment of the suppliers
Clear definition of scope and objectives
Communication, communication, communication
ISO/IEC 20000 Approach and Methodology
The success of Detecon’s ISO/IEC 20000 certification approach, its implementation and operation depend on various success factors.
Success Factors for Planning and Achieving Certification
Preparation &Awareness Analysis &
Assessment
DesignAudit
Implementation
ISO/IEC 20000
Certification
Preparation &Awareness
ContinualImprovement1
2
3
4
5
6
Project Management/ Controlling, Quality Assurance
Detecon’s ISO/IEC 20000 Certification Approach Success Factors
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 12 – © D
etec
on
ISO/IEC 20000 Approach and Methodology
Detecon’s project approach consists of seven consistent and coordinated phases, which will lead to qualitative statements concerning the maturity levels of the IT organization.
Project Approach
ContinualImprovement
Preparation &Awareness AuditImple-
mentationAnalysis &
Assessment
Key Activities Organization and
execution of assessments
Identification of maturity levels
Presentation and discussion of results
Identification of gaps Description of follow-
up activities Business case and
decision Development of
framework
Planning and design of processes, organization, IT according to ITIL V3
Planning of measures and specification of potential
Review of suitable pilot projects
Creation of implementation plan
Planning to avoid complexity
Implementation of target concepts
Definition and establishment of a management system
Definition and implementation of processes
Improvement of management system and processes
Implementation of a PDCA cycle
Training of staff
Conduct pre-assessment
Final changes and improvements
Supervision during the external audit
Celebrate the certification
Definition and implementation of compliance measurements
Adjustment of PDCA cycle
Definition and implementation of a monitoring system
Regular audits, self-assessments
Evaluation and recommendation for improvement
Results Maturity levels Gap identification Framework Detailed project plan
Target concepts for processes, organization, IT
Agreed improvement potential/measures
Implementation plan
Implementation strategy, including PDAC cycle
Management system/ framework
Implemented processes
ISO/IEC certification Compliance measures
Monitoring system PDCA cycle
Design
Management Commitment
Identification of stakeholders
Project organization Organization and
execution of workshops
Presentation of ISO/IEC 20000 to stakeholders
Identification and alignment with external auditor
Project Kick-off Generic project plan Management and
staff commitment Selection of auditor
Project Management/ Controlling, Quality Assurance
1 2 3 4 5 6
The audit itself cannot be performed by Detecon,
therefore an independent certified and accredited
external auditor is needed!
*
PDCA = Plan Do Check Act (Deming Cycle)
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 13 – © D
etec
on
Planning the assessment, agree plans with IT manager and identify key personnel
Conduct the assessment by using a specific ISO/IEC 20000 methodology and structured interview guidelines
Identify and evaluate all relevant process descriptions, documentations and records
Definition of the maturity level of the IT organization Presentation and discussion of the results Gap identification and activities description Definition of a generic roadmap for the certification Definition of a generic framework for the certification
Availability and access to all relevant information(e.g.: org. structure incl. head count, process map, documentations, records etc.)
Availability of management for awareness workshops and interviews
Availability and access to key staff for interviews Customer availability and commitment
Definition of organizational maturity levels to be certified
Knowledge of organization gaps in connection to the ISO/IEC certification
Define the next steps to be done for the certification Analysis, design, implementation, audit and
certification
Assessment of the maturities of the organization’s IT services for ISO/IEC 20000 certification
Identification of the gaps and relevant activities in order to certify the IT service organization
Define a generic roadmap for the ISO/IEC 20000 certification
Implementation and audit Certification and process improvement
ISO/IEC 20000 Approach and Methodology
Detecon’s approach will put your organization in the position to know exactly the gaps and the necessary activities in order to achieve ISO/IEC 20000 certification.
Project Prerequisites and Results
Activities
Prerequisites Client Benefit
Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 14 – © D
etec
on
ISO/IEC 20000 Approach and Methodology
The project duration is subject to the maturities of the IT organization, its processes and the number of processes to be certified. Therefore the Gantt chart is for illustration only.
Project Timeline – Exemplary
43 109876521
WP 3: Service Design Define the framework Define the detail plan Gap identification and activities description Presentation and discussion of results Identification of maturity levels Conduct the assessmentWP 2: Analysis and AssessmentWP 1: Preparation & Awareness
Supervision during external audit
ISO/IEC 20000 CertificationImplementation
PlanMaturity Levels,
Gap IdentificationProjectKick-off
WP 7: Project/Quality Management
Work Package (WP)
WP 6: Continual Improvement External audit and certification *
Month
Preparation of the auditWP 5: Audit Reporting and monitoring (min. 3 months) Implementation of IT processesWP 4: Implementation
ProjectClosure
Illustrative Project Plan for an ISO/IEC 20000 Certification
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 15 – © D
etec
on
ITIL reference process model according to ITIL version 3
Workshops, kick-off meetings Scenario technique, portfolio technique (e.g. SWOT) Questionnaires, checklists for interviews Detecon project management tools Sector comparisons, benchmarks, best practices Research (products, markets, competitors) Analysis of key data (rough) Assessment of the service portfolio
Availability and access to all relevant information(e.g.: org. structure incl. head count, process map, documentations, records etc.)
Availability of management for awareness workshops and interviews
Availability and access to key staff for interviews Customer availability and commitment
Stakeholder commitment Common understanding of the project objective, terms,
processes and ISO/IEC 20000 certification procedure Specified analysis framework Description of requirements
Approval of a project plan and organization Strategic general plan for the project Explanation of the ISO/IEC 20000 certification
procedure Incorporation and, where necessary, review of the
vision and strategy of IT Creation of common understanding of terms and
processes Presentation of ISO/IEC 20000 standard to
stakeholders Identification and alignment with authorized certification
body Involvement of external auditor
ISO/IEC 20000 Approach and Methodology
This work package focuses on generating a common understanding of the project objective and executing the kick-off workshop with all relevant stakeholders.
Phase 1: Preparation & Awareness
Methodology
Prerequisites Client Benefits/Results
Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 16 – © D
etec
on
Customer/ user requirements are determined from the success factor analysis which are specified as control parameters for the optimization of IT processes
Identification of primary and secondary IT processes and prioritizing where necessary, creating process model on level 1
Check of the IT strategy and architecture
Identification of an initial rough optimization potential
Definition of service/ project objectives and variables according to the order
Where necessary selecting a business process management tool
Creating an information and communication plan
ISO/IEC 20000 Approach and Methodology
The requirements of the service portfolio are raised and form the basis for quality improvements or right sizing of IT services.
Phase 1: Preparation & Awareness
IT processes according to ITIL
Trigger(e.g. byuser/
customer)
Result(e.g. for
customer/specialist
dept)
ServiceStrategy
ServiceDesign
ServiceTransition
Service Operation
Continual ServiceImprovement
Continual Service
Improvem
ent
Cont
inua
l Ser
vice
Impr
ovem
ent
ServiceStrategy
ServiceDesign
ServiceTransition
Service Operation
Continual ServiceImprovement
Continual Service
Improvem
ent
Cont
inua
l Ser
vice
Impr
ovem
ent
Orientationtowards
Requirements*
Standardi-zation
Automat-tion
ITcontrolling
Service portfolio Architecture ToolsInformation
SLA IT systems StaffManagementorganization
Right sizingRedesign ofapplicationlandscape
Motivationvs.
motivating
Redesign ofstructural andworkflow org.
Control parameters = service features Cost/price Throughput time Quality / SLA Response time
Customer satisfaction Accessibility Etc. = Activators
= Examples for optimization approaches
RemarksProject Snapshot
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 17 – © D
etec
on
ITIL reference process model according to ITIL version 3
Structured interviews, questionnaires Self-recording, external recording Workshops, group work ABC analysis, portfolio analysis Sector comparisons Comparison with best practices Pragmatic benchmarking with most important KPIs of
IT services
Availability and access to all relevant information(e.g.: org. structure incl. head count, process map, documentations, records etc.)
Availability of management for awareness workshops and interviews
Availability and access to key staff for interviews Customer availability and commitment
Maturity levels and gap identification Framework and detailed project plan Overview of interfaces and interdependencies Quantified and prioritized optimization potential Quick wins
Mapping of the service portfolio, business processes and sub-processes where necessary
Identification of weaknesses Quantification and prioritization and prioritized
optimization potential Definition of (rough) solutions for utilizing potential Cost/benefit assessment Identification of quick wins Recommendation on next steps
ISO/IEC 20000 Approach and Methodology
Based on the strategic framework, the potential is analyzed, quantified and then defined in the form of measurable process objectives.
Phase 2: Analysis & Assessment
Methodology
Prerequisites Client Benefits/Results
Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 18 – © D
etec
on
Weaknesses in current IT services and processes and the resulting potentials are systematically surveyed using comparisons with best-practice models
Redesign of IT services and underlying IT processes based on a KPI driven approach
Alignment of the IT services and IT processes based on market best practices
Optimization of the IT service portfolio
Deviations from benchmarks, market KPIs with causes
ISO/IEC 20000 Approach and Methodology
Six consistent and proofed steps will lead to qualitative statements concerning the maturity level of the IT organization.
Phase 2: Analysis & Assessment
Conduct the assessment
Identification of maturity level
Presentation and discussion of results
Gap identification and activities description
Define the detail plan Define the framework
1 2 3
654
High process integration
Controlling and steering
Effectiveness measurements
Policies and objectives
Only rudimental processes descriptions
5
4
3
2
1
Maturity Level
Analysis ofas-is processes
Analysis ofFTE
* FTE = Full Time Equivalent
Analysisper OU**- area- group- location
OE
Summe Summe OE-b OE-c[PT] [PJ] A HH A M
MAK [PT] pro Jahr [REAL-Wert] 7220,0 1330,0 1520,0 1710,0 2660,0MAK [PT] pro Jahr [SCHÄTZ-Wert] 1330,0 1520,0 1710,0 2660,0
50 0 0 Infrastruktur-Bereitstellung 678,00 3,57 x 193,0 193,0 152,0 140,050 100 0 Bereitstellung Host, C/S 96,00 0,51 x 32,0 32,0 0,0 32,050 100 10010 Planung Hardwarebedarf (Neuanschaffung, Erweiterung) x x x50 100 10020 Planung von Leistungsanforderungen (Kapazitäten,
Volumenentwicklung Performance Verfügbarkeitszeiten) x x x50 100 10030 Planung von Kostenvorgaben x x x50 100 10040 Management von Geräten x x x50 100 10050 Management Betriebssysteme (Parameter, Customizing, etc.) x x x50 100 10060 Management TP-Monitore x x x50 100 10070 Management Standard-SW50 100 10080 Management Datenbank-Systeme oder Datenbanken x x x50 100 10090 Management Storage-Systeme50 100 10100 Durchführung 3rd Level Support (Host, C/S)50 100 10110 Unterstützung von Bürokommunikationssystemen 50 100 10120 Installation, Implementierung und Wartung x x x50 100 10130 Abgabe von Daten zur Kosten- und Leistungsrechnung x x x50 200 0 Bereitstellung Gebäude-Infrastruktur 60,00 0,32 x 16,0 16,0 12,0 16,050 300 0 Bereitstellung Netze, TK-Anlagen 32,00 0,17 x 0,0 0,0 0,0 32,050 400 0 Bereitstellung Tools & Supportprogramme 360,00 1,89 x 100,0 100,0 140,0 20,050 500 0 Bereitstellung Architekturen 50,00 0,26 x 20,0 20,0 0,0 10,050 610 0 Ressourcen Management Personal (Fremdleistungen) 60,00 0,32 x 20,0 20,0 0,0 20,050 620 0 Ressourcen Management Hardware, Software (Fremdleistungen) 0,00 0,00 0,0 0,0 0,0 0,050 700 0 Controlling des Prozesses 20,00 0,11 x 5,0 5,0 0,0 10,0
60 0 0 TtP (Transition to Produktion) 0,00 0,00 0,0 0,0 0,0 0,060 100 0 Test 0,00 0,00 0,0 0,0 0,0 0,060 200 0 Abnahme, Freigabe 0,00 0,00 0,0 0,0 0,0 0,060 300 0 Controlling des Prozesses 0,00 0,00 0,0 0,0 0,0 0,0
HP
AMGIS Prozessmodell Version 1.0
TP Beschreibung OEP
Organisationseinheiten
OEOE-a
* OU = Organizational Unit
305
285
274
330
200
220
240
260
280
300
320
340
IST-Szenario Min-Case Mittel-Case Max-Case
45 Mio. € potential savings in 2008*
Result
The net present value calculation allows for each case to identify the saving potential. For the „Min-Case“there is an calculated saving potential of 25 Mio. € (cumulated for 5 years) in contrast to the as is scenario.
Mio. Euro
Net present value results of:
Total HR cost 2003-2008, Relevant investments
(Consulting, Training, IT-Tools, „Ratio-cost“, Maintenance Fee),
Discount till 2003.
56 Mio.
25 Mio.
project exampleproject example
*) Cumulative
Gap Analysis
Aufstellung orientiert an Businessprozessen
BS (152)VV (30)CRM (8)SAP (18)IT (68)CR (4)EAI (14)SEC (1)
Legende:
2 6 – 25 %3 26 – 50 % 4 51 – 75 %PJ5 <76 – 100 %
1 > 0 – 5 %2 6 – 25 %3 26 – 50 % 4 51 – 75 %PJ5 <76 – 100 %
1 > 0 – 5 %
% Prozessanteil FTE /Gesamt FTEFTE
Custom
er(User)
Custom
er
Project Portfolio Mgmt
Operations
Coordination & Adminstration
Monitoring
Takeover
Operating
CustomerDemand Mgmt
Service SupportConfiguration
MgmtIncidentMgmt
ProblemMgmt
ChangeMgmt
ReleaseMgmt
SolutionPlanning
ApplicationSupport
ITConcept
InnovationManagement
IT Infrastructure &Application Strategy
Strategy &Governance
Finance &Controlling
ProcurementSecurity- & Risk-
ManagementProcess &
OrganizationHR-
Management
SolutionDevelopment
SolutionSupport
Service Level Mgmt.
CapacityMgmt.
AvailabilityMgmt.
Forecast-to-Deploy
Finance &Controlling
Procure-to-pay
Market-to-Cash
Human Resource
MasterData
Management Reporting
DevelopmentCustomizing
Test
Acceptance, Release
Roll-out
Zugriffs-Mgmt.
Solution-Strategy
SolutionPlanning
Business Consulting
DemandMgmt.
Marketing & Comunication
Plan RessourceMgmt.
ControllingProjectMgmt.
2
2
2
2
2
3
2
2
2
3 2
2
2
22
2
2
2
2
3
2
2
3
2
HR-Management
2 2
2
3
32 2 2
2
11,02
8,48 28,45
17,56
23,72
0,73
0,96 0,95 1,03 1,34
2
2
2
2
1,04
0,80
1,15
2,06
2,95
0,45
0,64
8,98
12,8515,67
12,13 40,68 33,91
25,10
1,38 1,36 1,48 1,91
2
Potential Analysis
S O PRedundantstructure
Synergies throughorganizational changesLegend:
IT Processes
Total:
IT Management
Demand Management
Application Development
Application and System Management
Service Support
Project Portfolio Management
Infrastructure Provisioning
Transition to Production
IT Security Management
Central Functions
566,3
33,70
40,55
105,95
138,15
127,75
12,20
45,55
41,70
4,35
16,60
6%
7%
19%
24 %
23%
2%
8%
7%
1%
3%
97
11 12
-39 ---
4 14
42 28
9 24
-9 3
6 9
-15 5
-7 ---
-1 2
S O P
As-isFTEPY*
As-isFTE%
ExpectedPotential
in PY*
Potential Benchmark
in PY*
Assessment Bench-marks
4%
14%
18%
17 %
21%
4%
7%
10%
2%
3%
Synergies throughprocess changes
*PY = Person Years
2008Febr.MärzApr.MaiJuniJuliAug.Sept.Okt.Nov.
SSM-Aufgaben bearbeiten
Tätigkeit
12.2007
TCO-Aufgaben bearbeiten
ProjektplanAnforderungsmanagementEntwicklung RACI-MatrixIntegration LadesteuerungIntegration ZugriffskonzeptesReferenzüberarbeitungData Mart RedesignMigration BO-XIIntegration globeler ProdukteMPM-Aufgaben bearbeiten
Project Snapshot Remarks
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 19 – © D
etec
on
ITIL reference process model according to ITIL version 3
Process design tools (ARIS, Visio, etc.) IT Benchmarking Structured interviews, questionnaires Self-recording, external recording Workshops, group work ABC analysis, portfolio analysis Sector comparisons Brainstorming Comparative analyses, cost/benefit analyses
Availability and access to all relevant information(e.g.: org. structure incl. head count, process map, documentations, records etc.)
Availability of management for awareness workshops and interviews
Availability and access to key staff for interviews Customer availability and commitment
Target concepts for processes, organization, IT Agreed improvement potential/measures Agreed implementation plan Persons responsible for the process, including tasks,
skills, responsibility
Design of processes in accordance with ITIL best practices
Define process interfaces Design of detailed process model (level 2, where
necessary on level 3) Define process performance measurement indicators
(KPIs) Define roles and responsibilities for and within
processes Guidelines and recommendation for implementation
ISO/IEC 20000 Approach and Methodology
In this work package the target processes and associated solutions are designed.Phase 3: Service Design
Methodology
Prerequisites Client Benefits/Results
Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 20 – © D
etec
on
Initial results from quick win measures and pilot projects
Integration of the employees concerned in the target process in good time (creation of acceptance)
Determination of process owners, including tasks, skills and responsibilities
Analysis of optimization potential using the specified criteria
Determination of IT requirements Working out measures and
specifying potential Identification of suitable pilot
projects; implementation plan and start
Creation of an implementation plan
ISO/IEC 20000 Approach and Methodology
Planning and design of target processes (functional organization), structural organization and IT according to ITIL best-practices.
Phase 3: Service Design
IT service objectives (examples) IT processes IT structural
organization
1 2 3
Management and control systems
Operative IT processing
IT/tool support
Target values Actual Target
Unit costs Availability Response
time HR costs
(TCO) Productivity
(turnover per employee in €1000s)
30€80%2 days10 %
200
19€99%I hour6 %
250
Processes redesign
4
1
EndEnd
Project Snapshot Remarks
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 21 – © D
etec
on
ITIL reference process model according to ITIL version 3
Methods and tools of project management and project controlling or IT controlling
Coaching and moderation Workshops Where necessary, training measures
Availability and access to all relevant information(e.g.: org. structure incl. head count, process map, documentations, records etc.)
Availability of management for awareness workshops and interviews
Availability and access to key staff for interviews Customer availability and commitment
Implementation strategy, including PDAC cycle Management system and implemented processes Daily business is tracked via a target structural
organization, target processes and target IT Implemented target concepts
Implementation of target structural organization, target processes and target IT
Stabilization of target structural organization, target processes and target IT in daily business
Redistribution of responsibilities; where necessary reassignment of managerial positions
Achievement of measurable results and improvements
ISO/IEC 20000 Approach and Methodology
The concepts are implemented in the implementation phase. Effective project management ensures successful implementation.
Phase 4: Implementation
Methodology
Prerequisites Client Benefits/Results
Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 22 – © D
etec
on
Definition and acceptance of an implementation strategy (pilot projects, roll out, etc.) and of an implementation plan (measures, responsibilities, deadlines, budget, etc.)
Presentation of implementation risks
Selection of suitable specialist and managerial staff for the implementation (HR measures if necessary)
Establishment of project organization for the implementation phase
Implementation teams: Kick-off and reporting project progress
In the event of risks and delays: assessment of impact and, where necessary, introduction of countermeasures
ISO/IEC 20000 Approach and Methodology
The implementation is characterized in particular by the fact that the roles shift between the customer and the consultant.
Phase 4: Implementation
Equalpartners Active
contributionIncreasing
self-control
Initiator
Changeagent
Projectand process
manager Coach/trainer
Method specialist
Moderator
Project start Project end
CO
NSU
LTA
NT
CU
STOM
ERAdaptive
organization
Project Snapshot Remarks
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 23 – © D
etec
on
Conduct and pre-assessment audits Evaluation of pre-audits Realization/ lead through corrective measures Supervision, coaching and moderation during the audit Documentation of the audit
Availability and access to all relevant information(e.g.: org. structure incl. head count, process map, documentations, records etc.)
Availability of management for awareness workshops and interviews
Availability and access to key staff for interviews Customer availability and commitment
Supervision, coaching and moderation during the external audit
Conduct pre-assessment Final changes and improvements Coordinate the audit schedule Supervision during the external audit
Celebrate the certification
ISO/IEC 20000 Approach and Methodology
Detecon will support the audit by preparation and coaching, but the audit itself cannot be performed by Detecon, therefore a certified external auditor is needed.
Phase 5: Audit
Methodology
Prerequisites Client Benefits/Results
Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 24 – © D
etec
on
Final definition and agreement of the scope between auditor and IT/ service organization
Conduct and document pre-audits and if necessary arrange corrective measures
The preparation of the necessary documents is an important part of the audit
The roles of different stakeholder during the audit will be clear defined an communicated
The briefing of the stakeholders and employees concerning the expected audit steps and the arrangement of necessary logistic (rooms reservation, schedule etc.) will increase the efficiency of the audit
ISO/IEC 20000 Approach and Methodology
Detecon will support during the audit and will early cooperate with the auditor, as a good cooperation between the IT organization and the auditor is essential.
Phase 5: Audit
Coordinate audit schedule
Arrange logistics
Documents evaluation
Asses readiness
Plan for next phase
Ensure people availability
Asses Mgmt. System
Draft audit findings
Discuss findings
Audit report
Supervision during the external audit
Project Snapshot Remarks
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 25 – © D
etec
on
ITIL reference process model according to ITIL version 3
Process analyses Performance indicators Process monitoring PDCA = Plan Do Check Act (Deming Cycle)
Availability and access to all relevant information(e.g.: org. structure incl. head count, process map, documentations, records etc.)
Availability of management for awareness workshops and interviews
Availability and access to key staff for interviews Customer availability and commitment
Prioritized processes to be integrated into process management
Defined process objectives, evaluation parameters and target values
Results of regular process performance evaluation
Institutionalized, continual process optimization implemented
Orientation towards best practices and well-established standards such as ITIL
Integrated process management, including indicators
ISO/IEC 20000 Approach and Methodology
Continual improvement of processes and process performance to ensure sustainability.Phase 6: Continual Improvement
Methodology
Prerequisites Client Benefits/Results
Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 26 – © D
etec
on
Identification of critical processes which are to be integrated into process management
Definition of process objectives, the evaluation parameters and target values
Execution of performance evaluation and process analysis
Development and implementation of measures to optimize processes and performance (PDCA cycle)
Continual process improvement requires a closed proposalcircle (process management cycle)
In total quality management, all areas, services and products focus on satisfying the requirements of customers
ISO/IEC 20000 Approach and Methodology
Sustainable IT process optimization is the basis for a high performance level and requires a process management to be established.
Phase 6: Continual Improvement
IT process optimization
1
Performancelevel
Development in concentration on a one-off reengineering project
Development without measures
Time (schematic)
Continual improvementAuditImple-mentationDesignAnalysis &
AssessmentPreparation &
Awareness
Development in continual process management
TQM
Process management cycle PDCA cycle (Deming Cycle)
IT process analysis
IT process design
IT processimplementation
IT processevaluation
IT monitoring& surveillance
IT processintroduction
Evaluation of improvement measures
Investigation into new improve-ment potential
Problem identification
Objective, improvement strategy
Improvementmeasures
Target processes
Implementation
Internal audits Acceptance of
improvement measures
2 3
Project Snapshot Remarks
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 27 – © D
etec
on
Project management and controlling is particularly important in large projects with a number of individual activities and people involved
The structured project management process leads to a professional handling of the three factors: Time Budget Quality/ result
Concise project management ensures high quality outputs
Detecon offers standardized project management procedures according to PMI1) and PRINCE22) with certified project managers
ISO/IEC 20000 Approach and Methodology
Project management covers the whole process of a project from initiation to closing and ensures high quality results according to the defined project’s targets.
Phase 7: Project Management/ Controlling, Quality Assurance
Project initiation
Project start
Project monitoring & controlling
Project execution
Project planning
Project closing
Project Charter Project Scope Limitations
Project structure & organization
Deliverables & work packages
Resources Project plan &
Milestones
Decision on implementation options
Determine resources Determine rules
Monitor workperformance
Progress reporting Monitoring &
forecasting Quality & risk
management
Approval of results Project review Final report Lessons learned Handover
Perform quality assurance
Communication & documentation
Team building & development
Project steering1) PMI: Project Management Institute2) PRINCE2: Projects in Controlled Environments
Project Management Process Remarks
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 28 – © D
etec
on
Content
Detecon a Perfect PartnerContact DetailsConsultant Profiles
5. Contact
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 29 – © D
etec
on
Extensive knowledge of best practices in IT and standards such as ITIL.
Innovative solutions from problem transformation to dual process design.
Efficient and pragmatic procedure in the project based on sector know-how and methodology tested in practice, paired with expertise in assessing and designing processes ensure success.
Many years of experience with IT optimization projects in various sectors and companies with various structures and sizes.
Acceptance of consultancy service through practicable project results and integrating customer employees.
Strategy, planning and implementation of organization and information technology on the one hand through the incorporation of Detecon in T-Systems (synergies, e.g. common IT benchmark database).
Professional project management and strict project management by Detecon ensures consistent compliance with schedules and quality in project work.
Independent assessment of efficiency and display of possible improvement potential with specific recommendations on actions to take.
Contact
Many years experience and competence in IT management and the accompanying restructuring of the IT landscape according to ITIL makes Detecon a perfect partner.
Detecon a Perfect Partner
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 30 – © D
etec
on
Content
6. References
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 31 – © D
etec
on
References
ITIL, IT reengineering, IT reorganization (excerpt).
Development of a concept for operating the SMC based on ITIL Development of a concept for a downtime strategy for the SMC based on ITIL Process design of operations, fault clearance and escalation Draft of organizational units, including roles, tasks and responsibilities Description of the technical architecture of service mgmt. centers
Definition of an ITIL-compliant OLA management process Mirroring OLA components in SAP and eTOM processes Preparing components in an OLA guide
Introduction of problem management for IPLS, taking into account the existing incident management based on ITIL
Analysis of existing processes Interface definitions for other processes and specifications Development of workflows and their agreement with those involved in the process
Incident/problem management process Analysis/agreement on requirements of the IM/PM workflow Optimization of the IM/PM interface optimization to service partners Increase in efficiency due to clearer and defined interfaces and an optimized workflow Informative IM/PM KPIs based on the IM/PM workflow concept
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 32 – © D
etec
on
References
ITIL, IT reengineering, IT reorganization (excerpt).
As-is analysis Framework and target design of an IT Service Catalogue Target design of IT Portfolio Management process Target design of IT Financial Management process
Process-orientated reorientation of the IT organization Analysis and optimization of processes Definition of a target process model based on ITIL, for example Definition of a target organization derived from the processes and implementation of
the target organization
Design of IT Service Management Processes based on ITIL Design of IT Organization Technical design of Data Center Business Case and analysis of different sourcing models
Reorganization and consolidation of IT Consolidation of IT organizations, processes & governance Consolidation of IT infrastructure & application landscape, service consolidation
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 33 – © D
etec
on
References
ITIL, IT reengineering, IT reorganization (excerpt).
Operation of the worldwide data network of the SIEMENS Group (SCN Future) Analysis, optimization and documentation of business processes Introduction of a business process management Standardization of processes, taking into account ITIL standards
IT strategy and organization study Strategic orientation of IT Integration of commercial IT with logistics IT and preparation for hiving off a system
house
IT reorganization Program to increase efficiency in the IT organization and service offering definitions
IT strategy and IT reorganization Reorientation of IT to the new corporate strategy and coordination with the Group's
headquarters
scnfuture
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 34 – © D
etec
on
Content
ITIL – IT Infrastructure Library ISO/IEC 9001 – Quality Management Systems RequirementsISO/IEC 27001 – Information Security Management SystemsISO/IEC 38500 – Corporate Governance of Information TechnologyCOBIT – Control Objectives for Information and Related Technology
7. Backup
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 35 – © D
etec
on
Service StrategyFinancial Management, Service Portfolio Management, Demand Management, Return on Investment
Service DesignService Catalogue Management, Service Level Management, Capacity Management, Availability Management, IT Service Continuity Management, Supplier Management, Information Security Management
Service TransitionChange Management, Service Asset and Configuration Management, Transition Planning and Support, Release and Deployment Management, Service Validation and Testing, Evaluation, Knowledge Management
Service OperationEvent Management, Incident Management, Request Fulfillment, Problem Management, Access Management, Service Desk
Continual Service ImprovementService Measurement, Service Reporting, Service Improvement
Backup
The Information Technology Infrastructure Library (ITIL®) version 3 has five books that are oriented on the ITIL lifecycle.
ITIL – IT Infrastructure Library
® ITIL is a registered trademark of UK Government's Office of Government Commerce, OGC
ServiceStrategy
ServiceDesign
ServiceTransition
Service Operation
Continual ServiceImprovement
ITIL BooksITIL V3 Overview
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 36 – © D
etec
on
ISO/IEC 9001 provides a set of procedures that covers the key processes of an organization and corresponding monitoring processes to ensure effectiveness
ISO/IEC 9001 is intended to be used in any organization regardless of size, type or product
ISO/IEC 9001 supports to demonstrate the companies ability to consistently provide products which meet customer expectations
ISO/IEC 9001 aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system
ISO/IEC 9001 shows the conformity regulatory requirements
ISO/IEC 9001 creates quality awareness throughout all relevant functions and levels
ISO/IEC 9001 focuses on a continuous improvement
An organization has to establish, handle and maintain processes which are required to ensure that an offered product fulfills customer requirements
The quality management system is the fundamental framework for the execution and presentation of the defined processes which fulfill the requirements of the standard
Composition and extension of quality documentation have to be company specific
Detecon is ISO/IEC 9001 certified
Backup
ISO/IEC 9001 describes requirements for quality management systems focusing on customer satisfaction through consistent products/ services which meet expectations.
ISO/IEC 9001 – Quality Management Systems Requirements
Scope Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 37 – © D
etec
on
The ISO/IEC 27001 is the international recognized standard that provides evidence of a best-practice security management implementation
The ISO/IEC 2700x series focuses on security related standards for Information Security Management Systems (ISMS) and consolidates existing and future standards for information security: ISO/IEC 27000 will provide an overview of related standards,
terms and definitions (in preparation) ISO/IEC 27001 (identical to BS 7799-2:2005) describes a
model to establish and manage an ISMS and presents control objectives and controls against which organizations` ISMS may be certified
ISO/IEC 27002 (renamed ISO/IEC 17799:2005, identical to BS 7799-1:2005) establishes a code of practice for information security management as a guideline to fulfill the ISO/IEC 27001 controls
ISO/IEC 27003 will be an information security management system implementation guide (in prep)
ISO/IEC 27004 is a new standard for information security management measurements (in prep)
ISO/IEC 27005 will provide a standard for risk management (corresponding to BS 7799-3:2006)
ISO/IEC 27006 is a guide to the certification and registration process against ISO/IEC 27001
There is a growing demand from the customers, that their information processing and information transporting service providers should align their IT security setup with the most commonly accepted security standard
In today's economy security of information processing is of growing importance.
Several factors increase this importance: dependency of all companies and organizations on their IT trend to outsourcing of information processing and
information transporting capabilities to service providers strong legal and economical regulations IT as a service is fundamentally based on trust
Customers expectations and image of the IT organization Forms the system by which multiple legal, regulatory, and
business requirements can be identified, analyzed, addressed, managed, and monitored (e.g. SOX)
Backup
The ISO/IEC 27001 certificate is the proof that your IT organization is compliant with security guidelines.
ISO/IEC 27001 – Information Security Management Systems
Scope Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 38 – © D
etec
on
ISO/IEC 38500 is a high level, principle based advisory standard in order to:
provide a broad guidance on the role of governing body
encourage organizations to use appropriate standards to underpin their governance of IT
Further related publication planed in the future:
Governance of projects involving IT investment
Governance of IT used in ongoing business operations
Related documents to this standard:
The Financial Aspects of Corporate Covernance, 1992
OECD Principles of Corporate Governance, 2004
ISO Guide 73 2002 – Risk Management
The Objective of ISO/IEC 38500 is to provide a framework of principles to the management for evaluation, direction and monitoring of IT use in their organization.
All stakeholder (management, shareholder, customer, employees) gain confidence in the organization's corporate governance of IT
Informing and guiding directors in governing the use of IT in their organization
Providing a basis for objective evaluation of the corporate governance of IT
Establish a standard model and vocabulary for the governance of IT
Underpinning directors in fulfillment their obligations concerning legal and compliance aspects of IT
Ensure that the IT contributes a significant benefit to the organizations performance
Backup
ISO/IEC 38500 is a standard for providing high level definitions, principles and models for the establishment and operation of a framework for the effective governance of IT.
ISO/IEC 38500 – Corporate Governance of Information Technology
Source: International Standard, ISO/IEC 38500, First Edition 2008:-06-01
Scope Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 39 – © D
etec
on
COBIT is designed by the IT Governance Institute (ITGI, www.itgi.org/cobit) and Information Systems Audit and Control Association (ICASA, http://www.isaca.org)
COBIT is a common language for executives and IT staff to get a a better understanding of how business and IT can work together for the successful delivery of IT services
COBIT is a sign of a well-run enterprise, as it is a proven and internationally accepted set of tools and techniques to manage IT
COBIT ensures ownership and responsibilities based on a clear process orientation
IT Governance ensures a decision-making approach, which is aligned with processes, business requirements and with the business strategy
The official standard for corporate governance of IT is ISO/IEC 38500
COBIT is an international framework focusing on IT Governance to ensure: Better quality for IT services IT enables the business Alignment of IT and business IT maximizes benefits Responsible use of IT resources IT is managed throughout an IT life-cycle Appropriate management of IT risks Increase in efficiency and quality
Detecon’s IT Governance Framework:
Backup
COBIT improves IT efficiency and effectiveness by trying to understand business requirements and to align business and IT.
COBIT – Control Objectives for Information and Related Technology
Focusing on overall development, improvement, operation, monitoring, compliance, communication and information
Focusing on approved standards and guidelines as well as principles, tools & templates, roles & responsibilities, organizational structures and KPIs
IT-Organization Processes
Processes to Manage
BusinessAlignment
Content to Direct
Objectives
Information
Scope Objectives
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 40 – © D
etec
on
Contact
Contact Details
Dr. Evangelos HadjicharalambousDetecon International GmbHIT Service & Operations Management
Sternengasse 14-1650676 Cologne (Germany)Phone: +49 221 9161 1131Fax: +49 221 9161 4663Mobile: +49 160 [email protected]
ISO
-IEC
2000
0_M
ETH
OD
OLO
GY_
AND
_AP
PRO
ACH
_V.1
.2_E
N.P
PT
– 41 – © D
etec
on