cmmi svc versus iso/iec 20000

26
CMMI-SVC & ISO20000 Kieran Doyle T: 01748 821824 E: [email protected]

Upload: jaaptitulaer5944

Post on 29-Dec-2014

392 views

Category:

Documents


4 download

DESCRIPTION

CMMI SVC versus ISO/IEC 20000

TRANSCRIPT

Page 1: CMMI SVC versus ISO/IEC 20000

CMMI-SVC & ISO20000 Kieran Doyle T: 01748 821824 E: [email protected]

Page 2: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

Agenda

•  How CMMI-SVC Relates to ISO 20000 •  What does CMMI-SVC give me? •  Implementation Scenarios

Page 3: CMMI SVC versus ISO/IEC 20000

How CMMI-SVC Relates to ISO 20000

Page 4: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

The CMMI-SVC Model

Requirements Management

Project Planning

Project Monitoring & Control

Supplier Agreement Management

Measurement & Analysis

Process & Product QA

Configuration Management

Capacity & Availability Management

Strategic Service Management

Incident Resolution & Prevention

Service Continuity

Service System Development *

Integrated Project Management

Organisational Process Focus

Organisation Process Definition

Organisational Training

Decision Analysis & Resolution

Organisational Process Performance

Organisational Innovation & Deployment

Quantitative Project Management

Causal Analysis & Resolution

2- MANAGED

3- DEFINED

4- QUANTITATIVELY MANAGED

5- OPTIMISING

MATURITY LEVEL

PROCESS AREAS

Service System Transition

Service Delivery

* Optional addition

Core Process Areas CMMI-SVC Process Areas Shared Process Areas (i.e. only with CMMI-DEV)

Page 5: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

Mapping ISO 20000 Clauses to CMMI-SVC

CMMI-SVC provides almost complete coverage of ISO 20000 clauses

Page 6: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

How Much CMMI-SVC Do I Need for ISO 20000?

Requirements Management

Project Planning

Project Monitoring & Control

Supplier Agreement Management

Measurement & Analysis

Process & Product QA

Configuration Management

Capacity & Availability Management

Strategic Service Management

Incident Resolution & Prevention

Service Continuity

Service System Development *

Integrated Project Management

Organisational Process Focus

Organisation Process Definition

Organisational Training

Decision Analysis & Resolution

Organisational Process Performance

Organisational Innovation & Deployment

Quantitative Project Management

Causal Analysis & Resolution

2- MANAGED

3- DEFINED

4- QUANTITATIVELY MANAGED

5- OPTIMISING

MATURITY LEVEL

PROCESS AREAS

Service System Transition

Service Delivery

* Optional addition

Not necessary for initial coverage CMMI-SVC Process Areas required to cover ISO 20000 clauses

N.B. – Lamri recommends always implementing complete process areas.

Page 7: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

If I Do ISO 20000, How Much CMMI-SVC Do I Get?

Strategic Service Management

Service System Development *

Integrated Project Management

Organisational Process Focus

Organisation Process Definition

Organisational Training

Decision Analysis & Resolution

Organisational Process Performance

Organisational Innovation & Deployment

Quantitative Project Management

Causal Analysis & Resolution

2- MANAGED

3- DEFINED

4- QUANTITATIVELY MANAGED

5- OPTIMISING

MATURITY LEVEL

PROCESS AREAS

* Optional addition

Capacity & Availability Management

Configuration Management

Process & Product QA

Supplier Agreement Management

Requirements Management

Project Planning

Project Monitoring & Control

Measurement & Analysis

Service Delivery

Incident Resolution & Prevention

Service System Transition

Service Continuity

Not necessary for ISO 20000 Required to cover ISO 20000 Implementing ISO20000 gives this CMMI-SVC Coverage

ISO20000 partially implements CMMI processes. The differences are significant – in the next slides we discuss these differences.

Page 8: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

Difference = Value

•  Lamri recommends implementing each Process Area in

FULL

•  Partial implementation of a Process Area is a risky approach

•  Practices are closely connected and difficult to pull apart •  ISO 20000 coverage is dispersed

•  However, these differences represent advantage from implementing the CMMI practices

Page 9: CMMI SVC versus ISO/IEC 20000

The CMMI Added Value: Where CMMI Maps Directly to ISO 20000

Page 10: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

CMMI Added Value - Generic Practice (GPs) Gaps

•  At Capability Level 2, all Process Areas have these 10 GPs in place

•  All GPs are core to all CMMI Models

•  They ensure the embedding of good practice

•  They provide pragmatic steps that lead automatically to well embedded practice

Generic Practices Establish an Organisational Policy Plan the Process Provide Resources Assign Responsibility Train People Manage Configurations Identify and Involve Relevant Stakeholders Monitor and Control the Process Objectively Evaluate Adherence Review Status with Higher Level Management

Page 11: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

CMMI Added Value - Generic Practices (GPs)

•  Certain practices are not stressed to the same extent in ISO20000. E.g. •  Stakeholder Management

•  Stakeholder management occurs a couple of places in the standard

•  In CMMI it is an inherent part of every process area, focussing attention on what stakeholders are relevant to each task, and how they are involved

•  Management Information Flows (Monitor and Control the Process) •  Every process area requires pragmatic measures to be

identified and used •  Provides a structure for capturing and reporting management

information that zeros in on what is important to managers

Page 12: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

CMMI Added Value – Process Areas

Requirements Management (REQM)

•  Traceability of requirements right through from the customer’s request through to finished product.

•  Ties Service Design, Development and Delivery together

•  In a services environment this is crucial for rapid turn around of changes to services

Project Management Process Areas (PP, PMC)

•  Rigorous mechanisms which have been proven to lead to substantial improvements in organisational predictability.

Supplier Agreement Management (SAM)

Instils a way of managing supplier interfaces that requires insight into the relevant supplier processes (“Looking into the box”). This facilitates:

•  Effective tailoring of processes to relevant interfaces

•  Focussed management information for supplier interfaces

•  Better risk management of supplier interfaces

Fully implementing the process areas that map directly to ISO 20000 can deliver significant benefits.

Page 13: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

CMMI Added Value – Process Areas

Measurement and Analysis (MA)

CMMI brings robust management information rather than just data collection. This focuses attention on:

•  Collecting the right information that addresses organisational goals

•  Addressing how we are going to analyse the data and turn it into valuable information

•  Taking the right action using the data

•  Building up a history of data that progressively delivers better predictability and a richer picture of organisational behaviour

Fully implementing the process areas that map directly to ISO 20000 can deliver significant benefits.

Page 14: CMMI SVC versus ISO/IEC 20000

The CMMI Added Value: From Fully Implementing Maturity Level 3

Page 15: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

What Value Do The Untouched ML3 PA’s Give Us?

Requirements Management

Project Planning

Project Monitoring & Control

Supplier Agreement Management

Measurement & Analysis

Process & Product QA

Configuration Management

Capacity & Availability Management

Strategic Service Management

Incident Resolution & Prevention

Service Continuity

Service System Development *

Integrated Project Management

Organisational Process Focus

Organisation Process Definition

Organisational Training

Decision Analysis & Resolution

Organisational Process Performance

Organisational Innovation & Deployment

Quantitative Project Management

Causal Analysis & Resolution

2- MANAGED

3- DEFINED

4- QUANTITATIVELY MANAGED

5- OPTIMISING

MATURITY LEVEL

PROCESS AREAS

Service System Transition

Service Delivery

* Optional addition

Not necessary for initial coverage CMMI-SVC Process Areas required to cover ISO 20000 clauses

Page 16: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

CMMI Added Value – Maturity Level 3 Gaps Implementing the remaining Maturity Level 3 Process Areas

delivers further substantial benefits. OPF, OPD, OT and IPM are the bedrock of ML3 and together achieve a step change in an

organisation.

Impact Benefit

Organisational Way of Thinking

The big picture of how the organisation fits together and works drives efficient ways of working

Focus on Business Goals

Process is designed to achieve objectives; not to tick boxes.

Process Asset Management

What works can be used again and again with confidence and reduced risk.

Right Balance of People, Tools and Processes

The tools and environments support effective processes and people know what they are doing.

Learning Organisation

The organisation stops re-inventing the wheel. Good practice is easily communicated and used.

Integrated Teams Break down organisational silos between different departments and groups.

Page 17: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

Standardising the Service Offering (Strategic Service Management - SSM)

•  This Process Area focuses on maintaining a set of standard services

•  Standardising the process offering enables rapid, repeatable delivery of service to customers

•  If your organisation already offers a standard catalogue of services, you are well on the way to satisfying this process area.

•  BUT remember the importance of the Generic Practices •  These practices enforce a particular discipline in

maintaining the organisation’s asset base

Page 18: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

The Improvement Scale

•  Achieving CMMI-SVC ML2 gives a solid basis for establishing & maintaining ISO20000

•  An existing ISO20000 accreditation is a firm basis for a mature organisation

•  Achieving CMMI-SVC ML3 creates an organisation with a very strong customer focus, that is significantly more effective and efficient in the delivery of its services.

CMMI ML2

CMMI ML3

CMMI High Maturity

ISO 20000

Page 19: CMMI SVC versus ISO/IEC 20000

CMMI, ISO 20000, ITIL: The Good, The Bad, & The Ugly?

Page 20: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

CMMI-SVC, ISO 20000, ITIL

•  These 3 complement each other substantially.

•  ITIL is the Library full of great ideas

•  CMMI-SVC is the “Reading List” for success

•  ISO 20000 is the Exam

•  CMMI-SVC Supports ISO 20000. ITIL is not essential

•  But Lamri recommends using ITIL for implementation guidance to address gaps

CMMI-SVC Road Map of Change & Value

ISO 20000 Certifies Position

ITIL Provides Implementation Options

Page 21: CMMI SVC versus ISO/IEC 20000

Implementation Choices

Page 22: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

Implementation Choices

•  Given the mapping discussed earlier we have a number of choices of how to implement CMMI-SVC

•  Option 1: Implement all Process Areas that map directly to ISO 20000

•  Option 2: Implement all Process Areas up to Maturity Level 3 •  Option 3: Implement the Maturity Level 2 process areas only

•  Lamri believes these choices fit best with certain scenarios.

Page 23: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

Scenario 1: Maintaining an Existing ISO 20000 Certification.

•  CMMI-SVC provides almost complete coverage of the ISO 20000 clauses.

•  Only 1 clause (6.6 Information Security Management) is not covered by CMMI-ACQ

•  However, if the organisation already has the ISO 20000 standard, this clause will already be satisfied.

•  Implementing Option 1 (i.e. the 12 Process Areas that cover the ISO 20000 clauses):

•  Maintains the ISO 20000 certification •  Embeds the expected behaviours more strongly •  Delivers additional benefits that extend the value of the ISO

20000 certification

Page 24: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

Scenario 2: Attaining an ISO 20000 Certification.

•  The CMMI-ACQ can be used in two ways to help attain ISO 20000 accreditation.

•  Implement Option 1 - (i.e. the Process Areas that cover the ISO 20000 clauses) •  Similarly to the previous scenario implementing these 12 Process

Areas will give a significantly more robust implementation of ISO 20000.

•  The chances of attaining accreditation are significantly improved. •  Additional work would however need to be done in the area of

Information Security Management. However, this would be case anyway.

•  Implement Option 3 – I.e. CMMI-ACQ Maturity Level 2. •  This wont get the organisation all the way to attaining certification. •  But it will give a solid foundation for achieving accreditation. •  This option could be used as a partial step towards option 1.

Page 25: CMMI SVC versus ISO/IEC 20000

© Lamri Ltd 2008

Scenario 3: Already Have ISO 20000 Certification But Want to Further Improve

•  Again two options are worthwhile considering •  Implement Option 1

•  Implementing these 12 process areas delivers the additional benefits discussed earlier

•  It strengthens and maintains the existing accreditation •  It constitutes a step towards option 2

•  Implement Option 2 – I.e. go straight to CMMI ML3 •  This significantly strengthens the existing ISO certification •  But additionally increases the organisation’s efficiency,

effectiveness, cohesion, risk profile, etc. •  In short CMMI-SVC ML3 delivers Competitive Advantage

Page 26: CMMI SVC versus ISO/IEC 20000

Q & A