INSTRUCTOR GUIDE
ITpreneurs Nederland B.V.© Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.
r 2.0.0
ISO/IEC 20000 Practitioner
ISO/IEC 20000
Sample
Mate
rial -
Not for
Rep
rint
ISM2310CL Version 2.0
© Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.
Nothing from this publication may be duplicated and/or published by means of printing, photocopy, microfi lm, any electronic medium, or in any other way and may not be stored in any way without preceding the written permission of ConnectSphere Limited or ITpreneurs.
Sample
Mate
rial -
Not for
Rep
rint
Contents
i
OVERVIEW 1
STUDENT COURSE AGENDA 5
TUTOR COURSE PLAN 7
TUTOR PRESENTATION 15
GUIDANCE FROM APMG 181
TEST 1: ANSWER GUIDANCE 187
TEST 2: MULTIPLE CHOICE QUESTIONS 189
TEST 2: ANSWERS GUIDANCE 195
ASSIGNMENT 1: ISO/IEC 20000 POLICIES 201
ASSIGNMENT 2: INCIDENT AND SERVICE REQUEST MANAGEMENT 203
ASSIGNMENT 3: APPLICABILITY AND SCOPE 205
ASSIGNMENT 3: APPLICABILITY AND SCOPE ANSWER GUIDANCE 209
ASSIGNMENT 4: PLANNING AND ANALYSIS OF READINESS FOR CERTIFICATION 213
ISO/IEC 20000 TERMS AND DEFINITIONS – APMG FOUNDATION 217
APMG ISO20000 EXAMINATIONS SUPPLEMENTARY REFERENCE PAPER V1 221
ISO/IEC 20000 WHITE PAPER 235
ISOIEC 20000 FOUNDATION AND PRACTITIONER SYLLABUS 247
RELEASE NOTES 275
INSTRUCTOR FEEDBACK FORM 277
Sample
Mate
rial -
Not for
Rep
rint
Sample
Mate
rial -
Not for
Rep
rint
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 1
Overview
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.2
Requirements and Process Groupings inISO/IEC 20000-1:2011 Information technology – Service Management – Part 1: Service management system requirements
6 Service delivery processes
8 Resolution processes 7 Relationship processes
9 Control processes
CapacitymanagementService continuity and availability management
Service level managementService reporting
Information security managementBudgeting and accounting for services
Incident management andservice request management Problem management
Business relationship managementSupplier management
Configuration managementChange management
Release and deployment management
5 Design and transition of new or changed services
4. Service management system general requirementsManagement responsibilityGovernance of processes operated by other parties
Documentation management Resource management Establish and improve the SMS
Clauses with requirements in ISO/IEC 20000-1:2011 Information technology – Service Management – Part 1: Service management system requirements
Sample
Mate
rial -
Not for
Rep
rint
Instructor | IISO/IEC 20000 Practitioner | Overview
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 3
ForewordIntroduction1 Scope1.1 General1.2 Application
2 Normative references
3 Terms and defi nitions
4 Service management system general requirements
4.1 Management responsibility
4.1.1 Management commitment
4.1.2 Service management policy
4.1.3 Authority, responsibility and communication
4.1.4 Management representative
4.2 Governance of processes operated by other parties
4.3 Documentation management
4.3.1 Establish and maintain documents
4.3.2 Control of documents
4.3.3 Control of records
4.4 Resource management
4.4.1 Provision of resources
4.4.2 Human resources
4.5 Establish and improve the SMS
4.5.1 Defi ne scope
4.5.2 Plan the SMS (Plan)
4.5.3 Implement and operate the SMS (Do)
4.5.4 Monitor and review the SMS (Check)
4.5.4.1 General4.5.4.2 Internal audit
4.5.4.3 Management review
4.5.5 Maintain and improve the SMS (Act)
4.5.5.1 General
4.5.5.2 Management of improvements
5 Design and transition of new or changed services
5.1 General
5.2 Plan new or changed services
5.3 Design and development of new or changed services
5.4 Transition of new or changed services
6 Service delivery processes
6.1 Service level management
6.2 Service reporting
6.3 Service continuity and availability management
6.3.1 Service continuity and availability requirements
6.3.2 Service continuity and availability plans
6.3.3 Service continuity and availability monitoring and testing6.4 Budgeting and accounting for services
6.5 Capacity management
6.6 Information security management
6.6.1 Information security policy
6.6.2 Information security control
6.6.3 Information security changes and incidents
7 Relationship processes
7.1 Business relationship management
7.2 Supplier management
8 Resolution processes
8.1 Incident and service request management
8.2 Problem management
9 Control processes
9.1 Confi guration management
9.2 Change management
9.3 Release and deployment management
Bibliography
Figure 1 — PDCA methodology applied to service management
Figure 2 — Service management system
Figure 3 — Example of supply chain relationshipsSample
Mate
rial -
Not for
Rep
rint
This p
age
has b
een le
ft bla
nk in
tentio
nally
Sample
Mate
rial -
Not for
Rep
rint
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 5
Student Course Agenda
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.6
DAY 1 Course introduction
Overview of ISO/IEC 20000
Break ISO/IEC 20000 terms and defi nitions
Lunch Service Management System (SMS) general requirements (continued)
Break SMS general requirements
Close
HomeworkHomework – Test questions and review of material
DAY 2 Review of Day 1 and test questions
ISO/IEC 20000-1 specifi c service management (SM) processes
Break ISO/IEC 20000-1 specifi c SM processes (continued)
Lunch ISO/IEC 20000-1 specifi c SM processes
Break Mock examination (part of sample paper)
Homework: Complete and review mock exam. Review for fi nal exam.
DAY 3 Review of Day 2 and sample examination questions
Achieving ISO/IEC 20000 Certifi cation (continued)
Break Achieving ISO/IEC 20000 Certifi cation
Lunch Review to prepare for exam
Break Examination (14.00 – 17.00)
CloseSam
ple M
ateria
l - Not
for R
eprin
t
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 7
Tutor Course Plan
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.8
INSTRUCTOR COURSE PLAN
The following MUST be available to the tutor and class.
ISO/IEC 20000-1: 2011, Part 1: Requirements for a specifi cation for service management
ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management systems requirements
ISO/IEC 20000-2: 2012, Information technology — Service management — Part 2: Guidance on the application of service management systems (when available)
ISO/IEC TR 20000-3, Information technology — Service management — Part 3: Guidance on scope defi nition and applicability for ISO/IEC 20000-1
ISO/IEC TR 20000-5, Information technology — Service management — Part 5: Exemplar implementation plan
The exam is an open book and we recommend each student to carry a copy of Part 1. All students must have access to reference copy of Part 1, 2, and 3 of the standard, at least for the duration of the course. However, it is not mandatory for every student to have personal access to Part 2 and Part 3 throughout the course.
Day 1 Topic Content
09:00
Module 1
Course introduction
Slides 1 to 12
Introduction to the course
Slide 10 – Introduction
Slide 12 – Ask the class
Write these on a fl ipchart and refer to them throughout the course:
1. Select an IT service provider organization to use as an example in the course. List the main business objectives of the IT service provider organization.
2. What are the challenges for the IT service provider? Ask students to list the challenges for the service provider organization. Further, ask the students to select the important challenges for the organization.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Course Plan
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 9
Day 1 Topic Content
09:30
Module 2
Overview of ISO/IEC 20000
Slides 13 to 40
Slide 13 Ask the class: To brainstorm what they already know about ISO/IEC 20000. Write up their responses on a fl ipchart so that you can refer to them.
Slide 13 Ask the class: To brainstorm what they already know about ISO/IEC 20000.
Slide 21 Ask the class: What is included in an SMS?
Slide 22 The SMS process diagram – Distribute the full page handout of the diagram.
Slide 22 Ask the class: Why is it important to integrate processes?
Slide 24 Ask the class: Are they using any of these standards (9001, 27001)?
Slide 27 Part 3. Explanation to make sure the students understand this part.
Slide 28 Introduce the use of Part 5 Ask the class: How far into a two year journey do you think your selected service provider is?
Slide 34-35 Emphasize the points about certifi cation.
Slide 34-38 Explain the APMG Certifi cation Scheme, a key part of the syllabus.
Slide 37 Benefi ts of certifi cation to ISO/IEC 20000.
Slide 38 and 39 Module 2: Test your understanding
11:00 Break
11:15
Module 3
Terms and Defi nitions
Slides 41 to 52
Slide 43 Check that students are familiar with the foundation terms and defi nitions, especially if they do not have the APMG Foundation qualifi cation.
Slide 44 Ask the class: What examples can you identify for service components?
Slide 46 Ask the class: Can you identify examples of an interested party? Part 1 provides examples.
Slide 47 Ask the class: What would you include in the service requirements? It is really important to help students understand the concept of service requirements.
Slide 48 Exercise: Select a service that is delivered by your selected service provider and then:
1. Write a brief description of the service.
2. Identify the interested parties using the classifi cation in Part 1.
3. Ascertain a few high-level service requirements for each interested party.
Slide 50 Ask the class: What is a process that is effective? What is a process that is fi t for purpose? Write it on the fl ip chart.Sam
ple M
ateria
l - Not
for R
eprin
t
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.10
Day 1 Topic Content
12:30
Module 4
SMS general requirements
Slides 53 to 64
Slide 56 Ask the class: Who could be responsible for the coordination and management of all services - Can the CIO delegate this?
Slide 62 Ask the class: Are you familiar with a RACI model? Is C or I better?
12:30 Lunch
13:30
Module 4 SMS general requirements
Slides 65 to 88
Assignment 1. See the student handbook. Service management policy and continual service improvement policy.
Slide 65 Ask the class: What is the difference between a document and a record? Please provide examples of documents and records.
Slide 68 Ask the class: To identify the mandatory documents and records in Part 1 and classify the fi ndings as: Being out of scope, Showing conformity to Part 1, Exhibiting nonconformity.
Slide 69 Ask the class: For examples for each type of resource within an SMS.
Slide 70 Ask the class: How an auditor would assess whether personnel are aware of how they contribute to the achievement of: Service management objectives, Fulfi llment of service requirements.
Slide 71 Test your understanding: Human resource.
Slide 75 Ask the class: What kind of Return on Investment does their selected service provider want?
Slide 76 Ask the class: What are the real points to think about when planning an SMS?
Slide 78 Ask the class: For what would a management review of the SMS and services be used?
Slide 79 Ask the class: Brainstorm the key inputs that you would use to conduct a management review. Which inputs are mandatory inputs conforming to the requirements of Part 1?
Slide 81 Ask the class: Provide examples of aspects to consider in a policy on continual improvement?
Slide 86 Exercise: C4.5 Establish and improve the SMS
16:00 Sample paper Question 1 with review
17:00 Close
Day 1 Homework Homework: Review and test 2
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Course Plan
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 11
Day 2 Topic Content
09:00 Review Review of Day 1 and Homework
09:15
Module 5
ISO/EC 20000
Specifi c service management processes
Slides 89 to 150
Slide 92 Ask the class: What will the interfaces include? (Between the design and transition of new or changed services and the control processes).
Slide 95 Exercise: Part 1 requirements for Clause 5 to 9
For the design and transition of new or changed services (DTNCS) in Clause 5, identify the:
a) Process objectivesb) Process specifi c policies and plans that are required to conform to the
Part 1 requirementsc) Inputs, outputs of the processd) Actions relating to the implementation of the process required by Part 1e) Roles required for operation of the processes
Ask the class: To do the same as we go through Clauses 6 to 9.
Slide 97 Ask the class: For examples of typical business changes that impact service requirements and service-level requirements.
Slide 100 Ask the class: What are the key considerations when defi ning the structure and content of SLAs?
Slide 101 Ask the class: What is a good report?
Slide 102 and 103 Ask the class: Are the customer satisfaction reports good or bad? Why? Give reasons.
Slide 103 Ask the class: Is this better? Is it missing anything? What are the key considerations for service reporting?
Slide 104 Ask the class: For an example of each type of report.
Slide 105 Ask the class: Does the service report index show all of the mandatory requirements of Part 1?
Slide 106 Ask the class: What aspects of the service continuity and availability plans should be under the control of change management?
Slide 100 Exercise: C6.3 Service continuity and availability management. How to achieve an end-to-end availability target for an e-mail service. What availability monitoring activities are required to conform to the requirements of Part 1?
Slide 111 Ask the class: Budgeting and accounting. What do you think is included in service components? What are the important implementation considerations?
Slide 112 Ask the class: Which month should new capacity have been added?
Slide 113 Ask the class: Examples of information and data for business capacity management, service capacity management, and component capacity management.
Slide 115 Ask the class: What IT security polices will a service provider need?
Slide 123 Ask the class: What would an assessor or auditor look for in a contract?
Slide 125 Test your understanding: Relationship processes.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.12
Day 2 Topic Content
12:30 Lunch
13:30
Slide 134 Test your understanding: Resolution processes.
Assignment 3
1. Perform a self-assessment for your selected service provider for the incident and service request management process within a defi ned scope.
2. List the specifi c requirements for managing major incidents.
3. Identify the requirements presented in Part 1 for the interfaces between the:
a) Incident management and service level management processes.
b) Incident and problem management processes.
c) Problem management and confi guration management processes.
d) Problem management and change management processes.
Slide 137 Ask the class: What would they control for a PC?
Slide 138 Ask the class: What confi guration item types are required in the SMS?
Slide 142 Ask the class: How can types of change be classifi ed?
Slide 130 Ask the class: In addition to the requirements on this slide, what statements are typically in a change management policy?
Slide 144 Ask the class: What would you include in a release policy?
Slide 145 Ask the class: Who are the relevant parties involved in release and deployment planning?
Slide 147 Ask the class: How do we measure and analyse the success/failure of a release?
Slide 148 Test your understanding: Release and deployment.
Slide 149 Exercise:
1. Discuss and summarize how you can determine the suitability and effectiveness of the processes in Clauses 5 to 9.
2. List examples of process improvements.
Recommend a set of roles required for operation of the processes together with your rationale.
15:30 Sample paper Question 2 and 3 with review
17:00 Close
Day 2 Homework
Read Student handbook, Section 3.4 and 3.5. Read ISO/IEC 20000-1 requirements for internal audit.
Do sample paper Question 4, Part A and B.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Course Plan
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 13
Day 3 Topic Content
09:00 Review of Day 3
Review of Day 2 and sample paper Question 4, Part A and B.
If required, use Slide 158 - Types of audit.
09:15
Module 5
Achieving ISO/EC 20000
Slides 152 to 183
Slide 158 Ask the class: What is the main evidence required for an external audit?
Slide 159 Exercise: Types of audit
1. List the differences between:
a) Internal audit (within the service provider organization)
b) External – Initial certifi cation audit
c) External – Surveillance certifi cation audit
d) External – Re-certifi cation audit
2. Summarize the responsibilities and activities for an external auditor of an RCB
Slide 168 Assignment 4: Applicability and scope (see student handbook).
Slide 170 Ask the class: From your experience do the Phase 1 activities seem sensible?
Slide 179 Assignment 5: Planning and analysis of readiness for certifi cation (see student handbook for scenario).
Slide 181 Ask the class: Why is it important to inspect the certifi cate?
11:45 Sample paper Question 4: Part C, D, and E and Review of answers
12:20 Course close and Feedback Slide 184
12:30 Lunch
13:30 Review for exam Cover a summary of the main syllabus points to prepare students for the exam.
14:00 – 17:00 Examination
17:00 Close
Sample
Mate
rial -
Not for
Rep
rint
This p
age
has b
een le
ft bla
nk in
tentio
nally
Sample
Mate
rial -
Not for
Rep
rint
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 15
Tutor Presentation
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.16
Explain to the class:Briefl y describe the history of ISO/IEC 20000. Describe the course objectives as twofold—learning how to implement service management to meet the requirements of ISO/IEC 20000 and how to pass the exam.
ISO/IEC 20000 is the international standard for IT service management (ITSM). It is jointly published by two standards organizations, ISO and IEC.
ISO = International Organization for Standardization
Develops and publishes thousands of standards for worldwide use with inputs from industry and government.
165 members, one per country
Countries publish ISO standards as national standards
See www.iso.org
IEC = International Electrotechnical Commission
Prepares and publishes international standards for all electrical, electronic, and related technologies
See www.iec.org
ISO/IEC 20000-1 defi nes and provides details of the requirements for a service management system (SMS) to deliver managed services of an acceptable quality, together with guidance on how to demonstrate conformity with the standard.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 17
2
Exercises, sample exams, homeworkISO/IEC 20000 Parts 1, 2, 3, and 5
Course Contents
1. Course introduction 32. Overview of ISO/IEC 20000 133. ISO/IEC 20000 terms and definitions 414. Service management system (SMS) general requirements 535. Specific service management (SM) processes 896. Achieving ISO/IEC 20000 certification 1537. Summary and feedback 185
Slides
Module 1 Course Introduction
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.18
4
Notice
The information contained in this document is subject to change without notice. This document contains proprietary information that is protected by licensed copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs.The ISO/IEC 20000 Practitioner course includes Intellectual Property owned by ConnectSphereLimited, which is used by permission of Connect Sphere. All rights reserved.Information on international standards can be obtained from www.iso.orgCOBIT® is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute. ITIL® is a registered trademark of the Cabinet Office.
5
Course Arrangements
ScheduleBreaks and refreshmentsMobile phonesMessagesFire alarmsBathroomsSmoking
Arrangements
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 19
6
Course Arrangements (Cont’d.)
Keep an open mind. It’s not just about taking the exam; it’s about understanding the principles and terminology of the approach.
Tutor note: Delegates attending the course are required to have a fundamental knowledge of IT service management principles and processes. The basic ITSM knowledge required is exemplifi ed by either an ITIL® Foundation certifi cate or an approved ISO/IEC 20000 Foundation certifi cate, possession of one of which is mandatory for attending this course.
The course is intended to be delivered in a highly practical, rather than a theoretical, way and is primarily aimed at practitioners, managers, and consultants involved in SMS implementation activities based on ISO/IEC 20000.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.20
7
ISO/IEC 20000 for Practitioners: Course Overview
Duration
Target Audience
Prerequisites
Purpose
Holder of the ITIL ® Foundation Certificate in IT Service Managementor an approved ISO/IEC 20000 Foundation Certificate
Three-day course or 18 hours of learning time, of which 16 hours involve direct contact
Practitioners, managers, and consultants involved in a service management system (SMS) or ongoing activities based on ISO/IEC 20000
To ensure that a candidate has sufficient understanding of ISO/IEC 20000 and its application to be able to analyze and apply his or her knowledge to a range of activities that would support organizations in conforming to the requirements of ISO/IEC 20000-1, and to achieve and retain the ISO/IEC 20000 certification.
ITIL® is a registered trade mark of the Cabinet Office
Syllabus: 3.3 High-Level Performance Defi nition of a Successful Practitioner Candidate
Explain to the class:
Candidates should understand and be able to apply and analyze the content of ISO/IEC 20000 within currently certifi ed organizations or those wishing to implement an SMS in preparation for initial certifi cation.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 21
8
The scope, objectives, and high-level requirements of the ISO/IEC 20000 for Practitioners include learning to:
Interpret the purpose, use, and application of Parts 1, 2, 3, and 5 of the standard Assist and advise organizations in achieving conformance to ISO/IEC 20000-1 (Part 1) and certification Explain and advise on issues of applicability and scope definition Explain the relationship between ISO/IEC 20000 and ITSM best practices, ITIL® and related standards, ISO 9001 and ISO/IEC 27001, and how these can be used to support the achievement of certification to ISO/IEC 20000Explain and apply the requirements of ISO/IEC 20000-1 Explain the use of technology and tools to support the implementation and improvement of an SMS, achieve certification, and support ongoing conformance to ISO/IEC 20000-1 Advise and assist in certification readiness assessments to evaluate an SMS against the requirements of ISO/IEC 20000-1Generate a gap analysis supported by an improvement and implementation plan Create and apply a service management plan, including policies and objectivesCreate, apply, and evaluate processes, procedures, process-specific plans, and process-specific policies required by ISO/IEC 20000-1 Assist and advise organizations on the implementation of continual improvement processesPrepare organizations for an ISO/IEC 20000 certification audit using the regulations of the APMG ISO/IEC 20000 certification scheme
ISO/IEC 20000 for Practitioners Learning Objectives
Explain to the class: A fuller agenda is in the student handbook.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.22
9
ISO/IEC 20000 for Practitioners: Agenda
IntroductionOverview of ISO/IEC 20000Terms and definitionsSMS general requirementsHomework: Review and test paper
Day 1
Day 2
Review homeworkSpecific service management processesMock examination Homework: Review
Review Achieving ISO/IEC 200000 certification Course evaluationExamination
Day 3
Tutor note: If relevant, ask students to provide any ITIL qualifi cations.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 23
10
Introductions
Please tell us about your:Experience with the organization and IT service management Experience in ISO/IEC 20000 Knowledge of Part 1Role in ISO/IEC 20000 Expectations for the session
Tutor note: All candidates must complete this course before they can be permitted to take the exam. Questions will cover all of the syllabus areas. The following syllabus areas will be combined in the examination questions: OV (Overview) and AC (Achieving ISO/IEC 20000 certifi cation) will be combined into one question, and MS (Service management system general requirements), DR (Service delivery and relationship processes), and NC (Design and transition of new or changed services, resolution, and control processes) will each be one question.
Explain to the class: The exam is intended to assess the knowledge and skills that demonstrate profi ciency in ISO/IEC 20000 and its application. There will be four questions per paper and three exam booklets.
Scenario booklet: One scenario will describe the delivery of IT services to an organization. Scenario information will be kept to a minimum. The question preamble or additional information will be used to provide the specifi c information needed for answering an individual question. Additional information for one or more questions will be included. Please note that this additional information is ONLY to be used for that question and NOT for any other question.
Question booklet: Four questions. Each question will be comprised of two to fi ve parts, called part-questions. All information provided within a part-question will only apply to that part-question and will not be used for other part-questions. Each part-question contains a number of question items. Each question item will be worth one point, with a whole question totaling 20 points.
Answer booklet: A pre-printed booklet with a line of ovals for each question item. Each question item option will be represented by a single oval. Candidates indicate their chosen answers by fi lling in the appropriate ovals. Ovals must be darker than the grey square at the top of the fi rst page of the Answer Booklet and be at least 80% fi lled.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.24
11
ISO/IEC 20000 for Practitioners: Exam Overview
Each question has two to five parts with question items.Each question has 20 question itemsTotal: 80 question items, each worth 1 point
Open book (ISO/IEC 20000-1:2011)Scenario, question, and answer booklets
One exam of three hours’ duration (180 minutes) No additional reading timeOne exam of three hours’ duration (180 minutes) No additional reading time
Passing score is 40+ out of 80 points (50%)Passing score is 40+ out of 80 points (50%)
ExamExam
4 exam questions4 exam questions
Question exampleQuestion 1
Part A• Question item 1• Question item 2• Question item 3• Question item 4• Question item 5
Part B• Question item 1• Question item 2
Part B….
Part C…
Explain to the class: The APMG ISO/IEC 20000 Qualifi cation Scheme provides individuals with accredited qualifi cations at the foundation, practitioner, and auditor levels based on the ISO/IEC 20000 standard.
Tutor note: Bloom’s Taxonomy of Educational Objectives is a classifi cation system that is widely used to design assessments for certifi cation and education. It classifi es learning objectives into six ascending learning levels, each defi ning a higher degree of competencies and skills (Bloom et al., 1956, Taxonomy of Educational Objectives). APMG has adapted this into a four-step variation of the Bloom model. For the ISO/IEC 20000 qualifi cation, the four levels of learning outcomes are shown.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 25
12
APMG ISO/IEC 20000 Qualification Scheme
Foundation, Practitioner, and Auditor QualificationsAPMG ISO/IEC 20000 Learning Outcomes Assessment Model
1. Knowledge Know facts, including terms and definitions,
concepts, requirements, processes, key
responsibilities, and use of documents
outlined in the standard
2. Comprehension Understand the
concepts, responsibilities, and tools used and the
requirements, processes, and
documents needed to conform to the
standard
3. Application Be able to apply key
ITSM concepts relating to achieving the requirements of
ISO/IEC 20000 for a given scenario
4. Analysis Be able to identify,
analyze, and advise on appropriate use of ITSM methods and
techniques to achieve the requirements of
ISO/IEC 20000 through assessing typical scenarios
Tutor note: Write the responses on a fl ip chart and refer to them throughout the course.
Ask the class: To select an IT service provider to use as an example in the course.
1. List the main business objectives for the IT service provider’s organization.
Examples of business objectives
o Increase profi ts
o Increase customer retention and satisfaction
o Increase value for the customer or business
o Build reputation
o Increase trustworthiness
2. What are the three most important challenges your selected IT service provider is facing and why?
Examples of challenges for an IT service provider:
o Contributing to solving business challenges
o Demonstrating value creation from services
o Aligning IT services with business needs
o Managing a constantly increasing and higher volume of change in business and technology
o Keeping IT services up and running
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.26
o Optimizing the cost of IT
o Managing the risks and complexity of IT
o Complying with statutory, regulatory, and contractual requirements
o Adding value within the supply chain
13
Competitive
Today’s Business Environment
New products and services
Business development
Regulatory and legal requirements Globalization
Mergers/integrations
Economic challenges
Increasing dependence on information technology and related services
Cloud computing
Before starting this module:
Ask the class: To brainstorm what they already know about ISO/IEC 20000. Write up their responses on a fl ip chart so that you can refer to it. It may help to structure the responses by writing them under different categories, such as Scope, Certifi cation, General Requirements for a Service Management System (SMS), Design and Transition of New or Changed Services, Service Delivery Processes, Relationship Processes, Resolution Processes, Control Processes, Release Processes, and so on.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 27
Module 2 Overview of ISO/IEC 20000
Explain to the class: The syllabus content codes covered in this module are:
OV - Overview of ISO/IEC 20000 and Related Best Practices, Standards, and Schemes
AC - Achieving the ISO/IEC 20000 Certifi cation
This module introduces the topics; students will also cover these topics in more depth in module 5. In the syllabus, these topics are at Learning Level Outcome 3. Application: Be able to apply key ITSM concepts relating to achievement of the requirements of ISO/IEC 20000 for a given scenario.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.28
15
Overview of ISO/IEC 20000: Module 2 Objectives
The purpose and use of ISO/IEC 20000-1The relationship between ISO/IEC 20000 part 1, 2, 3, 5The relationships and differences between ISO/IEC 20000 and ITIL Where the concepts of ITIL, ISO 9001, and ISO/IEC 27001 can be usedTypes of audit, requirements, and evidence required for ISO/IEC 20000Roles and responsibilities within the APMG certification scheme
Syllabus: OV0204 Typical uses and examples of the defi ned terms in OV0105
Explain to the class: Although the standard defi nes service management as a set of capabilities and processes, in ITIL, COBIT, and
CMMI, a process is also a capability.
The more mature a service provider’s capabilities are, the greater its ability to consistently produce quality services that meet the needs of the customer.
A common defi nition of service management is the effective and effi cient management of all IT services subject to constraints.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 29
16
What is service management?
Service management is a set of capabilities and processes that: Directs and controls the service provider’s activities and resources.Designs, transitions, delivers, and improves services to fulfillthe service requirements.
Syllabus: OV0204 Typical uses and examples of the defi ned terms in OV0105.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.30
17
Examples: Benefits of adopting service management best practices
IT service management – Represents the lifecycle stage that consumes approximately 70 to 80 percent of the total IT
expenditure.
Gartner– Cost per call down by 30 percent– 85 percent resolution at first point of contact– 50 percent reduction in new product cycle
Datalect Group Ltd.– Delivery of services focused on business and customer needs– 20 percent reduction in operational costs through proactive problem management– Creation of competitive advantage – Demonstration of strengths as a strategic partner
Tutor note: As you go through each part, hold up copies to show the class.
Explain to the class: ISO/IEC 20000 is a multipart series of standards. Part 4 is not in the syllabus and is not included in the exam. Part 4 has been developed to act as the basis of a process assessment model to be published as ISO/IEC TR 15504-8. Parts 3, 4, and 5 are being updated to align with the Part 1 2011 edition. Additional parts of the ISO/IEC 20000 series are planned. The ISO/IEC’s JTC1 SC7 Software and System Engineering Committee Working Group 25 has developed the series since 2005 and will continue its development.
The timeline shows the development of ISO/IEC 20000 since 2000.
The development work for ITIL and BS 15000 started in the UK in the late 1980s; the two processes were aligned with each other. BS 15000 was developed by the British Standard Institution (BSI) and editions were published in 2000 and 2002. In 2005, BS 15000 Parts 1 and 2 went through the ISO fast-track process to become ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005. As an international standard, it was not possible to maintain the relationship with ITIL in a formal way, because an ISO standard has to be framework independent. However, the service management community that drives the development of ISO/IEC 20000 wants ISO/IEC 20000 to be aligned with ITIL and COBIT.
The itSMF UK has introduced a worldwide certifi cation scheme to support the standard. The itSMF® is an independent, internationally recognized forum for IT service management professionals worldwide. The itSMF has more than 6,000 member companies covering more than 40,000 individuals in more than fi fty itSMF chapters. itSMF International (itSMFI) has representatives on the Working Group that develops the ISO/IEC 20000 series as a Technical Liaison representative. Sam
ple M
ateria
l - Not
for R
eprin
t
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 31
18
Information Technology: ISO/IEC 20000 SMS
• SMS requirementsPart 1 - 2011
• Guidance on the application of SMSPart 2 - 2012
• Guidance on scope definition and applicability of ISO/IEC 20000 (technical report)Part 3 - 2009
• Service management process reference model (technical report, not in the syllabus) Part 4 - 2010
• Sample implementation plan (technical report)Part 5 - 2010
2000 2002 2005 2009 2010 2011 2012
Explain to the class: Using ISO/IEC 20000 means basing your service management on tried and tested industry best practices that help save time and money.
As an international standard, the general principles of ISO/IEC 20000 apply to a very broad base of organizations with a variety of forms, interests, and circumstances. Consequently, different organizations implement service management in ways that differ in the details, but the general best practices and principles remain the same across these organizations.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.32
19
Introduction to ISO/IEC 20000-1:2011 (Part 1)
Information technology service management —Part 1: SMS Requirements
An international standard based on tried and tested industry practices for IT service management.Used by a broad base of organizations worldwide that apply its best practices and principles in a variety of ways.Part 1 includes requirements for the design, transition, delivery, and improvement of services that fulfill service requirements and provide value for both the customer and the service provider.The coordinated integration and implementation of an SMS provides ongoing control and opportunities for continual improvement, greater effectiveness, and efficiency.
Tutor note: Reference: ISO/IEC 20000-1: 1 Scope 1.1 General
The 20000 series is applicable to many organizations, both internal and external service providers, in both the public and private sectors. It applies to service providers of all sizes, from less than fi ve people to many thousands of personnel. While the requirements remain unchanged for large and small organizations, the ways in which those requirements are fulfi lled may differ signifi cantly. For example, a large service provider would need a sophisticated capacity management plan to meet Part 1 requirements, whereas a small organization could meet these requirements and function effectively with a very basic plan.
Sample
Mate
rial -
Not for
Rep
rint
Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 33
20
Using ISO/IEC 20000 Part 1
Seek services from a service provider with the assurance that its service requirements will be fulfilled. Wants all of the service providers in its supply chain to use a consistent approach.
An organization uses Part 1 when it wants to: An organization uses Part 1 when it wants to:
Monitor, measure, and review its processes and services. Design, transition, deliver, and improve services that fulfill service requirements. Improve its design, transition, and delivery of services through the effective implementation and operation of an SMS.
A service provider uses Part 1 to demonstrate its capability to: A service provider uses Part 1 to demonstrate its capability to:
As a set of criteria for a conformity assessment of a service provider’s SMS to the requirements in Part 1.
An assessor or auditor uses Part 1: An assessor or auditor uses Part 1:
Syllabus: The purpose and use of ISO/IEC 20000-1 (introduction, scope, application)
Explain to the class:The number of requirements measured by the occurrence of word ‘shall’ in part 1 is 259. ISO standards refer to sections as clauses. Each clause in Part 1 contains at least one requirement.
Part 1 does not prescribe that its requirements be met by the ITIL framework. However, ITIL is the most widely used approach for obtaining ISO/IEC 20000 certifi cation. Other common frameworks used are Six Sigma, COBIT, and Microsoft Operations Framework (MOF), sometimes in combination.
Tutor note: Ask students to look at Part 1.
Write the terms on the fl ip chart: “Shall” can be read as “must” or “is required to.”
For example, “The service provider shall create an SLA for each service.”
“Shall” is used for a requirement that must be followed strictly in order to conform, if the ISO/IEC 20000 clause is within the scope of the assessment or audit.
Sample
Mate
rial -
Not for
Rep
rint
ISO/IEC 20000 Practitioner
Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.34
21
ISO/IEC 20000 -1: 2011 (Part 1)
The first edition of the SMS requirements was published in 2005. A revised version was published in April 2011.The SMS requirements set a “management system” standard that requires a service provider to establish and improve SMS.Clauses include mandatory requirements or “shalls” that describe:
Something that is a “must do,” is “necessary,” or “has” to occur.Something definite about the requirements, expressed with “is required to.”
“Shall” statements are audited for certification or conformance and no deviation is permitted, if the clause is within scope.The SMS requirements are framework-independent. SMS requirements provide a basis for assessments and act as the auditing standard and model for certification.
Information Technology Service Management — Part 1: SMS RequirementsInformation Technology Service Management — Part 1: SMS Requirements
SMS: The SMS is a management system to direct and control the service management activities of the service provider. The SMS applies to all aspects of managing a service. It includes the capabilities and resources to do service management including documents and records.
Ask the class: What is included in an SMS?
Some people think that a management system is a living document used to describe service management activities, but it is far more than this. It is the system used to perform service management within the service provider organization. An SMS applies to all aspects of managing a service. It includes the capabilities and resources to do service management.
Some management systems are ineffective. Typically, they lack senior management direction, are variable in operation, and have too little documentation. In these organizations, the managers are usually too busy dealing with crises to actually manage people, processes, or technology. An SMS is broadly applicable to all aspects of managing a service. The SMS is how the service provider achieves overall control of everything used to deliver technology-based services. An SMS includes some aspects of governance. It covers the full spectrum of roles and responsibilities, from top management to the most junior personnel.
The PDCA methodology is the Deming cycle of continual improvement.
Sample
Mate
rial -
Not for
Rep
rint