iso/iec20000!! overview!and!! cer2ficaon!approach!
TRANSCRIPT
ISO/IEC20000 Overview and
Cer2fica2on Approach
Agenda 1. ISO20000 Overview 2. Associated Standards and Frameworks 3. ISO20000 and ITIL 4. Cer2fica2on Approach (Phase1)
• Service Management Maturity
5. Cer2fica2on Approach (Phase2) • Scoping Statement
6. Conclusion
© IG Service Consul2ng Nov 2012 Slide 2
ISO20000 Overview • Standard for IT Service Management • IT Service Management as an integrated business func2on • Overall goals for IT Service Management
Ø Customer focussed Ø Integra7on of Processes Ø End-‐to-‐end Service Management Ø Con7nual Service Improvement
• Requires IT Service Management to be a value add element of the business
© IG Service Consul2ng Nov 2012 Slide 3
ISO20000 Overview • Around 700 Cer2ficated organisa2ons worldwide (Nov 2012) • Range of organisa2on types • Only 50 UK based • Cer2fica2on is gained by mee2ng criteria set out within the
standard to a defined and agreed scoping statement • The scoping statement refers to the whole, or to a part of IT
Service Management defined by: Ø Customers Ø Services Ø Geography Ø Organisa7onal Units
© IG Service Consul2ng Nov 2012 Slide 4
Associated Standards and Frameworks
© IG Service Consul2ng Nov 2012 Slide 5
eTOM
Associated Standards and Frameworks
© IG Service Consul2ng Nov 2012 Slide 6
ISO9001
ISO27001
BS25999 COBIT
ITIL ISO20000
Associated Standards and Frameworks
• ISO20000 draws on elements required by other cer2fica2ons Ø Management Systems Ø Process defini7ons Ø Roles and Responsibili7es Ø Documents and Records
• Uses the ITIL Framework as a basis for process requirements • Other cer2fica2ons do not map exactly, but do accelerate
cer2fica2ons Ø Business Con7nuity -‐ BS25999 Ø Informa7on Security -‐ ISO27001 Ø Quality Management -‐ ISO9001
© IG Service Consul2ng Nov 2012 Slide 7
ISO20000 Standard
and ITIL Service Management Framework
© IG Service Consul2ng Nov 2012 Slide 8
ISO20000 History Date Standard or Framework
1996 ITIL V1
2000-‐2001 ITIL V2
Nov 2000 BS15000
Dec 2005 ISO20000
May 2007 ITIL V3
Apr 2011 ISO20000
July 2011 ITIL V3 (2011)
© IG Service Consul2ng Nov 2012 Slide 9
ISO20000 History • ISO20000:2005 was somewhat aligned to ITIL V2 • ISO20000:2011 provides a closer alignment to ITIL V3
Ø Service Management System is covered within Service Strategy Ø Business Rela7onship Management is now also explicit in Service
Strategy Ø Planning and Implemen7ng is directly linked to Con7nual Service
Improvement and Service Transi7on Ø Planning New Services links to Service Strategy
© IG Service Consul2ng Nov 2012 Slide 10
ISO20000-‐1:2005
© IG Service Consul2ng Nov 2012 Slide 11
ISO20000-‐1:2011
© IG Service Consul2ng Nov 2012 Slide 12
Service Management System
Design and Transition of New and Changed Services
Service Delivery Processes
Relationship Processes Business Relationship Management
Supplier Management
Resolution Processes Incident Management and Service Request
Management
Problem Management
Control Processes Configuration Management
Change Management Release and Deployment
Management
Capacity Management
Service Continuity & Availability Management
Information Security Management
Budgeting and Accounting
for IT Services
Service Level Management
Service Reporting
Management Responsibility Governance of Processes Operated by other par7es Establish SMS Documenta7on Management
Resource Management
ISO20000 and ITIL
© IG Service Consul2ng Nov 2012 Slide 13
ISO20000 and ITIL • Despite some differences, the ITIL framework is the pladorm
from which to target ISO20000 cer2fica2on • ITIL advocates:
Ø Management System Ø Defini7on of policies, processes and procedures Ø Process and service ownership, roles and responsibili7es Ø The integra7on of Service Management processes Ø A common Service Management language Ø Measurement and Con7nual Service Improvement
• Provides recognised industry standard training and educa2on
© IG Service Consul2ng Nov 2012 Slide 14
ISO2000 to ITIL Mapping ISO20000 ITIL V2 ITIL V3 Requirements for a Management System Service Strategy
ITIL Update 2011 includes a Service Management System
Planning and Implemen7ng Service Management
Planning to Implement Service Management
Con7nual Service Improvement Con2nual Service Improvement
Planning and Implemen7ng New or Changed Services
Service Strategy Service Pordolio Management
Rela7onship Processes Business Rela2onship Management Supplier Management
The Business Perspec8ve Service Opera7on, Service Design Supplier Management Service Desk
Service Delivery Processes Service Level Management Service Repor2ng Budge2ng and Accoun2ng for IT Services Service Con2nuity and Availability Management Capacity Management Informa2on Security Management
Service Delivery Service Level Management Financial Management for IT Services IT Service Con2nuity Management Availability Management Capacity Management Security Management (Demand is implied in Capacity Management)
Service Strategy, Service Design, CSI Service Level Management Service Repor2ng Financial Management IT Service Con2nuity Management Availability Management Capacity Management Informa2on Security Management Demand Management
© IG Service Consul2ng Nov 2012 Slide 15
ISO2000 to ITIL Mapping ISO20000 ITIL V2 ITIL V3 Resolu7on Processes Incident Management Problem Management
Service Support Incident Management Service Desk Problem Management
Service Opera7on Incident Management Request Fulfilment Service Desk Problem Management
Control Processes Configura2on Management Change Management
Service Support Configura2on Management Change Management Service Desk
Service Transi7on, Service Opera7on Service Asset and Configura2on Management Change Management Service Desk Transi2on Planning and Support Service Valida2on and Tes2ng Evalua2on
Release Processes Release Management
Service Support Release Management
Service Transi7on Release and Deployment Management Transi2on Planning and Support
Out of ISO20000 Scope ICT Infrastructure Management Applica8ons Management
Out of ISO20000 Scope Service Transi7on, Service Opera7on Access Management Event Management IT Opera2ons Knowledge Management Monitoring and Control
© IG Service Consul2ng Nov 2012 Slide 16
ISO20000 Cer2fica2on
Phase 1
© IG Service Consul2ng Nov 2012 Slide 17
Planning and Prepara2on
© IG Service Consul2ng Nov 2012 Slide 18
Stage 6 Sign-‐off
Stage 1 ISO20000 Drivers
Stage 3 Evidence Review
Stage 2 Evidence Gathering
Stage 4 Assessment
Stage 5 Repor2ng/Business
Case IT Service Management Capability
ISO20000 Cer2fica2on Drivers • Sales Revenues • Market Opportuni2es • Speed to Market • Speed to introduce new services • Service Improvements • Service Cost Reduc2ons • Service Quality • Regulatory Requirements
© IG Service Consul2ng Nov 2012 Slide 19
Understand the Specifica2on • Gain a solid understanding of the specifica2on
Ø Now consists of 8 parts!! Ø Get assistance where appropriate Ø ISO20000 training courses
• All processes MUST be evidenced to gain cer2fica2on Ø 13 defined processes Ø Plus Management System, CSI and New Service Planning
• There are +170 ‘shalls’ to consider Ø By contrast ISO9001 has 130 ‘shalls’
© IG Service Consul2ng Nov 2012 Slide 20
Understand the Code of Prac2ce • Significant number of ‘should’ statements
Ø Most are ‘shalls’ by implica7on
• Example – Incident Management Ø The Specifica7on make a single reference to ‘resolving’ incidents.
The CoP specifically makes specific reference -‐ “concerned with the restora7on of service not determining the cause of the Incident”
Ø There is a single statement rela7ng to Major Incident in the Specifica7on and a significantly more in the CoP
• CoP focuses on the integra2on of processes and the roles and responsibili2es Ø ITIL is much more explicit regarding process integra7on
© IG Service Consul2ng Nov 2012 Slide 21
Evidence Gathering • Determine what evidence to gather
Ø Use ITIL manuals in conjunc7on with the standard
• Determine the level of evidence to gather Ø May be easier to take everything at this stage
• Ensure there is an understanding of a document and a record Ø Document – evidence of inten7ons Ø Record – evidence of ac7vi7es/outcomes
• Determine who you need to involve Ø It may be necessary to approach suppliers/customers
© IG Service Consul2ng Nov 2012 Slide 22
Evidence Gathering
• Collate all documenta2on and records rela2ng to IT Service Management
© IG Service Consul2ng Nov 2012 Slide 23
Ø ‘Strategy’ Ø Service Plans Ø Policies Ø Client Reports Ø Processes Ø Audit Results Ø Procedures Ø Roles and Responsibili7es Ø Service Catalogue Ø Training Records Ø Organisa7onal Structures Ø Agreements and Contracts Ø Improvement Plan Ø Common Terms and Language Ø Service Review Minutes Ø Outage Reports
Evidence Review • Review in accordance with the Standard and the Specifica2on • Immediate high level view of non-‐conformi2es
Ø Processes not in evidence Ø No process owner Ø No contract/agreement in place Ø Etc.
• Review provides a sound basis for ques2oning and improving the Assessment outcomes
• Determine a level of acceptable quality
© IG Service Consul2ng Nov 2012 Slide 24
Assessment • Process Owner Interviews • Draw conclusions on gaps between documented evidence
and actual opera2ons • Ajend opera2onal mee2ngs (CABs, ‘Morning Prayers’) • Review quality and consistency of documents and records • From a documentary point of view
Ø Is the evidence Documented? Ø Is the evidence Communicated appropriately? Ø Is the evidence being Used ? Ø Is the evidence being Reviewed for being ‘fit for purpose’? Ø Is the evidence being Improved where necessary?
© IG Service Consul2ng Nov 2012 Slide 25
Assessment • The Assessment should also consider
Ø Toolsets Ø Services and process are entrusted to appropriately qualified staff Ø Ac7vi7es are linked Ø Considera7ons of Business and Customer requirements Ø Management direc7on Ø Con7nual Service Improvement
© IG Service Consul2ng Nov 2012 Slide 26
IT Service Management Maturity • Assessment of Service Management Capability
Ø Service Management Maturity Assessments (various) Ø BIP0015 – IT Service Management Self Assessment Workbook:2011 Ø COBIT
© IG Service Consul2ng Nov 2012 Slide 27
Adhoc/ Chao7c
Repeatable
Defined & Documented
Measured & Managed
Op7mised
Level 1 Level 2 Level 3 Level 4 Level 5
• Undocumented • Unpredictable • Adhoc • Very reac2ve • SLAs not followed • Few measures
• Repeated service process • Some records and documents • Some measures • Some SLAs met
• Defined services • Documents and records • Mostly measured • Most SLAs met
• Service Catalogue • Documents and records • Proac2ve • SLAs guaranteed • Service costs known • Integrated processes
• IT as a strategic partner • IT and business collabora2on • IT within business planning • Con2nual Service Improvement
IT Service Management Maturity • What Service Management processes are in opera2on? • How is it structured? • Does it meet customer needs? • What documenta2on exists? • What records exist? • What is the gap between the documented approach and
actual delivery? • Qualified staff (technical, ITIL, ISO20000) • Is there an Improvement Plan • What level of maturity is evident? © IG Service Consul2ng Nov 2012 Slide 28
Business Case
© IG Service Consul2ng Nov 2012 Slide 29
Opera7onal Benefits Process Integra2on Efficiency and Effec2veness Maturity Improvement Improved Rela2onships
Management Benefits Defining Areas for Improvement
Accuracy of Measurement Clarity of Target Senng Realised Cost Savings
Business Benefits Customer Alignment Customer Sa2sfac2on Business Alignment Strategic Alignment
Sales Benefits Increased Opportuni2es Reduced Compe22on
Speed and Accuracy of Responses Marke2ng
Business Case
Cer2fica2on Timescales • Cer2fica2on 2mescales are rela2ve to:
Ø Scope – Number of Services, Loca7ons, Teams Ø Size – Number of Staff/Partners/Suppliers Ø Complexity and Cri7cality – Detail and Interdependencies Ø Skills and Experience – Internal and External Par7es Ø Current Capability – Maturity Level Ø Exis7ng Cer7fica7ons – Experience of Management Systems
• Possible 2melines Ø 2 to 3 months to get to Assessment/Business Case Ø ? months to Cer7fica7on readiness Ø 3 months of evidence is required to show processes and records
capture are embedded
© IG Service Consul2ng Nov 2012 Slide 30
Cer2fica2on Costs • Budge2ng for cer2fica2on should consider the following:
Ø Consultancy Ø Training Ø Process Improvement Ø Tools Ø Project Management Ø Cer7fica7on Ø Timescales
© IG Service Consul2ng Nov 2012 Slide 31
ISO20000 Cer2fica2on
Phase 2
© IG Service Consul2ng Nov 2012 Slide 32
Define Scoping Statement
Analysis and Alignment
Engage Registered Cer2fica2on Body
Pre-‐Assessment Audit
Cer2fica2on Audit Success
Define Project
Route to Cer2fica2on
© IG Service Consul2ng Nov 2012 Slide 33
Cer2fica2on Project Planning
© IG Service Consul2ng Nov 2012 Slide 34
People Who to involve
Processes Defined by the Standard
Products Toolset requirements The Services Service Level Agreements
Partners Suppliers Contracts Customers
Engage RCB • There are no conflicts in using previously used RCBs • There may be benefits in using previously instructed RCBs in
rela2on to: Ø ISO9001 Ø ISO27001 Ø BS25999
• 5 UK based RCBs Ø BSI Ø DNV Ø Lloyds Ø ISOQAR Ø SGS
© IG Service Consul2ng Nov 2012 Slide 35
Scope Statements • Define the scope with your RCB • Scoping Statement includes:
Ø The Customers Ø The Services Ø The Loca7ons Ø The Organisa7onal Units
• Scoping Statement will have suppor2ng detail • Where feasible build in possible/probable service
adjustments Ø Specify services set out in the Service Catalogue instead of specific
lis7ng of services Ø Customers encapsulated by a specific contract type
© IG Service Consul2ng Nov 2012 Slide 36
Scoping Statements Example Scoping Statements Thales Informa7on Systems Ltd The Scope of the cer7fica7on is: The IT Service Management System that supports the provision of managed IT services for internal and external customers as specified in contract schedules. The Loca7on covered by the cer7fica7on is: MontBajen House, Basing View, Basingstoke, RG21 4HJ, United Kingdom. BT Ireland The Scope of the cer7fica7on is: The IT Service Management System that covers the provision, support and management of the Wide Area Network, Contact Centre and Voice Services to the Bank of Ireland within the technical and organisa2onal boundaries of BT Ireland and in accordance with the contract schedules. The Loca7on covered by the cer7fica7on is: Grand Canal Plaza, Upper Grand Canal Street, Dublin 4, Eire.
© IG Service Consul2ng Nov 2012 Slide 37
Analysis and Alignment • Standard requires robust processes and systems with a level
of maturity Ø Processes and systems should be in place for a reasonable period (3
months) prior to cer7fica7on audit
• Capture ‘gaps’ and set out a plan • Document management is required • Communica2on and awareness
© IG Service Consul2ng Nov 2012 Slide 38
Cer2fica2on Process • Time to complete the cer2fica2on audit is dependent on
scope Ø Scale Ø Services Ø Loca7ons
• 5 months would be the minimum • Once cer2fied
Ø Surveillance Audits at least every 12 months Ø Recer7fica7on every 3 years
© IG Service Consul2ng Nov 2012 Slide 39
Conclusion
© IG Service Consul2ng Nov 2012 Slide 40
ISO20000 • MUST comply with all aspects of the standard and
specifica2on Ø 13 Processes Ø 3 Management and Planning systems
• Should show at least 3 months of opera2on using the standard
• Audit will want to see at least 1 improvement plan Ø A ‘quick win’ series of improvements is beneficial
© IG Service Consul2ng Nov 2012 Slide 41
Approach Review • 2 Phase approach • Phase 1
Ø Build case for ISO20000 cer7fica7on and communicate inten7on Ø Define current state of IT Service Management Ø Consider likely Scoping Statement
• Phase 2 Ø Define Scoping Statement Ø Assess, design, build, test, embed processes and systems Ø Cer7fy and maintain
© IG Service Consul2ng Nov 2012 Slide 42
Approach Review
© IG Service Consul2ng Nov 2012 Slide 43
Define Scoping Statement
Analysis and Alignment
Engage Registered Cer2fica2on Body
Pre-‐Assessment Audit
Cer2fica2on Audit Success
Define Project
Use the Frameworks • Use the Frameworks
Ø ITIL forms the basis of ISO20000 Ø eTOM is equally aligned Ø ITIL defines a common Service Management language Ø ITIL training will provide ‘correct ability staff’ Ø Service Management Maturity Assessments are mature processes
and can assist Ø BIP0015 is directly linked to ISO20000 Ø COBIT is also appropriate and links to maturity
© IG Service Consul2ng Nov 2012 Slide 44
Ques2ons and Answers
© IG Service Consul2ng Nov 2012 Slide 45