iso 20000- what it is and how it relates to itil v3-- john dimaria

7/27/2019 ISO 20000- What It is and How It Relates to ITIL V3-- John DiMaria

1/46

John DiMaria; Certified Six Sigma BB, HISPBSI Product Manager; ICT (ISMS,ITSM,BCM)

ISO20000: What it is and how it relates to ITIL v3

2006 BSI Management Systems All Rights Reserved


2/46

- 2 - 2006 BSI Management Systems All Rights Reserved

Objectives and Agenda

To raise awareness, to inform and to enthuse

ISO20000 what is it?

ISO20000 how does it relate to ITIL3?

ISO20000 why do you need it?

ISO20000 how to achieve certification Summary


3/46

ISO20000 What is it?


4/46


ISO/IEC 20000

Part 1 Specification for Service Management

ISO/IEC 20000-1: 2005 Part 2 Code of practice for Service Management

ISO/IEC 20000-2:2005

To promote the adoption of an integrated processapproach to deliver managed services to meet thebusiness and customer requirements

ISO/IEC 20000-1:2005


5/46


Part 1 and Part 2

Part 1 Specification

Management with appropriate

authority shall approve aninformation security policy thatshall be communicated to allrelevant personnel andcustomers where appropriate.

Part 2 Code of Practice

The service providers staff with

information security rolesshould be conversant withBS7799 (ISO17799/ISO27001).

Audit is against part 1. Assess and Aim initially for minimum

requirements part 1; Use Part 2 for guidance and

continuous improvement


6/46


History

UK Government launches IT Infrastructure Library (ITIL)in 1989

ITIL defines best practice processes and procedures

ITSMF formed in 1991 to further develop best practice

BSI Service Management committee develops a code ofpractice book and then a standard aligned to ITIL

BS 15000 first published in 2000 as a specification

Early adopters programme led to revised edition in 2002

Certification scheme available from November 2003

Adopted as ISO 20000 in December 2005


7/46


Product Fit

ISO 20000ISO 20000 ISO 27001ISO 27001

ISO 9001:2000ISO 9001:2000ISO 9001:2000


8/46


Process mapped to organizational unit

IT

Manager

Operations and

Network Management

Office Automation

and Telematics

Software

Department

Service

Desk

Print

and Mail

Project

Organization

Software Maintenance

and Application

Management

Organization

Process


9/46


The worlds first IT service management processstandard

that provides the industry with a standard that can be used for auditingand assessing internal service providers and external suppliers acrossthe supply chain

Scope of ISO 20000Customer

Supplier

AServiceProvider

Supplier B(Lead

Supplier)

Supplier 2Supplier1 Supplier 3Supplier2

To help organizations provide a quality service and be cost effective viaprofessional service management


10/46

- 1 0 - 2006 BSI Management Systems All Rights Reserved

ISO20000 Process Framework


11/46


Plan, Do, Check, Act Management System

Manage ServicesManage Services

PLAN

Plan service

management

PLAN

Plan service

management

DO

Implement

Service

Management

DO

Implement

Service

Management

CHECKMonitor, Measure

and Review

CHECKMonitor, Measure

and Review

ACT

Continuous

Improvement

ACT

Continuous

Improvement

Management Responsibili tyManagement Responsibi lityBusiness

Results

Business

Results

Customer

Satisfaction

Customer

Satisfaction

New or changed

service

New or changed

service

Other process,business,supplier, customer


Team & People

Satisfaction

Team & People

Satisfaction

Business

requirements

Business

requirements

Customer

requirements

Customer

requirements

Request for new

or changed services

Request for new

or changed services

Other Teams,

e.g. Secur ity

Other Teams,

e.g. Security



Source: ISO 20000


12/46

ISO20000 How does it relateto ITIL


13/46


IT Service Management Framework


14/46


ITIL v3 Lifecycle Framework

ServiceTransition

Continual ServiceImprovement

Contin

ualSe

rvic

e

Improv

eme

nt

ContinualS

ervice

Improv

ement

ServiceOperation

ServiceDesign

ServiceStrategies

ITIL

Governance MethodsStandardsAlignm

ent

CaseStudies

Templates

Scalabilit

y

Quick

Wins

Qualifications

StudyAids

Know

ledg

e&Skill

s

S

pecialt

yT

opic

s

Executiv

eIn

troductio

n

ServiceTransition


Contin

ualSe

rvic

e

Improv

eme

nt

ContinualS

ervice

Improv

ement

ServiceOperation

ServiceDesign

ServiceStrategies

ITIL

ServiceTransition


Contin

ualSe

rvic

e

Improv

eme

nt

ContinualS

ervice

Improv

ement

ServiceOperation

ServiceDesign

ServiceStrategies

ITIL


ent

CaseStudies

Templates

Scalabilit

y

Quick

Wins

Qualifications

StudyAids

Know

ledg

e&Skill

s

S

pecialt

yT

opic

s

Executiv

eIn

troductio

n


ent

CaseStudies

Templates

Scalabilit

y

Quick

Wins

Qualifications

StudyAids

Know

ledg

e&Skill

s

S

pecialt

yT

opic

s

Executiv

eIn

troductio

n

ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office

ITIL

(c) Crown Copyright 2007Reproduced under

Licence from OGC


15/46


Common processes across ISO20000 and ITIL v3

Incident Management

Problem Management Service Level Management

Service Reporting

Supplier Management

Capacity Management

Information Security Management Change Management


16/46


Similar processes across ISO20000 and ITIL v3

Release Management

Release and Deployment Management in ITIL v3

It additionally covers deployment approaches and knowledge transfer inmore detail, and early life support

Configuration Management

Service Asset and Configuration Management in ITIL v3

Manages service assets from acquisition to disposal

Provides a configuration model of services, assets and infrastructure, and theirrelationships

Service Continuity and Availability Management

Two separate processes in ITIL v3

Budgeting and Accounting for IT Services

Financial Management in ITIL v3


17/46


Processes within ISO20000 but not ITIL v3

Business Relationship Management

This is mentioned briefly in the ITIL v3 Service Strategybook but is not expanded to be a process

Some elements such as Customer Satisfaction Surveyand addressing complaints are covered in the ITIL3 SLMprocess


18/46


Functions

ISO20000

None ISO20000 is

process based and does notcover functions

ITIL v3

Service Desk

IT Operations Management

Application Management

Technical Management


19/46


Roles

ISO20000 ITIL v3

Top/Executive Management not defined

Senior Responsible Owner not definednot defined Service Owners

Process Owners Process Owners/Managers

not defined Functional Group Managers

Contract Managers Contract Managers

Individual(s) responsible for customersatisfaction and the whole businessrelationship process

Business Relationship Manager

not defined Product Manager

not defined Service Design Manager

not defined Chief Sourcing officer


20/46


Key Corresponding DocumentsISO20000 ITIL v3

Service Improvement Policy Continual Service Improvement Policy

Configuration Management Policy Service Asset and Configuration Management Policies

Release Policy Release Policy

Financial Policy Financial Plans and Budgets

Information Security Policy Information Security Policy

Service Level Agreements, SupportingService Agreements and Contracts

Service Level Agreements, Operating Level Agreementsand Contracts

Emergency Change Policy Change Management Plans

Service Improvement Policy

Plan for improving the serviceService Improvement Plans

Availability, Service Continuity, Capacity,Roll Out and Release Plans

Availability, IT Service Continuity, IT Recovery, Capacityand Release Plans

Documented Processes and Procedures Appropriate Process Documentation


21/46


Other Key DocumentsISO20000

Service Management Policy

Service Management Plan

Definitions of Service Management Roles,Responsibilities and their competencies

Framework of Management Roles andResponsibilities

Plans for New and Changed Services

Document Management Procedures

Risk Management Approach

Methods for Monitoring and MeasuringProcesses

Audit Procedure and Audit Plan

Complaints process

Security Controls

List of Stakeholders and Customers Service Report Descriptions

ITIL v3

Stakeholder Management Strategy

Service Portfolio

Service Design Package

Service Level Package

Test Strategy

Service Catalogue

Reporting Policy

Knowledge Management Strategy

Projected Service Outage

Change Schedule


22/46


Mapping Summary

ISO20000 ITIL v3

Standard and Code of Practice Best Practice

Certification for a service provider Qualifications for individuals

Definitive high-level requirementsfor processes and management

system

Detailed Best Practice guidance,description and implementation

aidsOrganisational structureindependent

Defines many function and processroles and responsibilities

13 processes; no functions,

lifecycle not explicitly specified

26 processes and four functions

documented in five lifecycle stages

Definitive set of requireddocuments

Descriptions of key documentation


23/46

ISO20000 Why do you need it?


24/46


Why do we need Service Management?

The Business is more and more dependent on IT

Complexity of Technology constantly Increases

Customers are demanding more for less

Global competitiveness growing at rapid rate requiring a more flexible

approach to integration

Stronger focus on controlling costs of IT

Low customer satisfaction levels (Not surveys)

Information Governance Regulations

Customers have become services focused with a strong orientation

related to service levels and costs.


25/46


Drivers

Move from investing in tools to develop software tomanaging the quality of these systems and linkedprocesses once they are live

The need to deliver cost effective service delivery

Lack of guidance and accepted standards

Raising the profile of the IT department

Government / ITIL / ISO20000

Employee

retention

Employee

retention

Internal

Services

Quality

Internal

Services

Quality

EmployeesatisfactionEmployee

satisfaction

Value

for

customers

Value

for

customers

CustomersatisfactionCustomer

satisfaction

Employee

productivity

Employee

productivity

Customerloyalty

Customerloyalty

I

n

v

e

s

t

m

e

n

t

I

n

v

e

s

t

m

e

n

t

Revenue

growth

Revenue

growth

ProfitabilityProfitability


26/46


Drivers to achieving certification to ISO20000

External service providers

ISO20000 is becoming a basic bidrequirement especially for IT ServiceProviders, in the same way as ISO9000

ten years ago Gives confidence to customers in

selecting an external service providerwho is ISO20000 certified

Provides a competitive edge

Internal service providers

Significant milestone for an ITdepartment demonstratingprofessionalism that has beenindependently certified

Generic drivers for all

Hard evidence that Quality of ITSMis taken seriously

Supports the business to operatemore effectively

Enforces a method of review andassessment linked to continuousimprovement

Staff morale boosted by working ina controlled environment

Enforces process compliance byturning the shoulds into shallsso that all the benefits of best

practice ITSM will be gained


27/46


Certification to ISO 20000

ISO 20000 is increasingly seen as the qualitystandard for IT Service Management

Many companies striving to adopt for its benefits tothem and to also help qualify and choose suppliersand partner organizations

Only a formal certification scheme providesindependent verification of compliance

Raises internal profile


28/46


Gartner view of ISO20000 - 2006

By 2008 ITIL Compliance will be a buyingcriteria in 75% of relevant IT sourcing

decisions (0.8 probability)By year end 2008 at least 60% public

sector and at least 30% private sectorrelevant IT sourcing deals in mature ICTeconomies will demand ISO/IEC 20000

certification in their RFPs (0.6probability)


29/46


Samsung Case Study

Benefits

Verification of IT services delivery meeting the

needs of our topnotch customers 37.5% reduction in operational problems through

proactive problem management

Paradigm shift on IT service management fromthe technology-centered to the customer-oriented

Demonstrating strengths as a strategic partner inIT outsourcing market both internally andexternally


30/46

ISO20000 How to achievecertification


31/46


Implementing Service Management

Some of the biggest challenges IT teams face whenimplementing Service Management include:

1) getting the attention and commitment of seniormanagement and

2) ensuring acceptance and adoption of managedchange throughout the organization.


32/46


Preparation Assessment Implementation

What is the vision?

What are our objectives?

Where are we now?

Where do we want to be?

Are we there?

How do we get there?

Service Improvement Program



33/46



Preparation Assessment Implementation


34/46


Preparing for ISO20000


35/46


Planning and Business case

Use gap analysis to plan way forward including quick wins

Costs:

Auditors

Internal staff involvement

External consultancy

Training

Tools Benefits:

Quantifiable service improvements, staff savings, cost savings andcontrol, holding onto contracts, winning contracts if requirement of bids,

taking on more services with same staff numbers etc Non-quantifiable quality improvements, competitive edge, staff morale,

customer satisfaction etc


36/46


Establish Management System and Processes

Use a process approach to

implementation

Examine each key componentin the process

Examine issues

Compare current status VSrequirements

Take action on the differences

and improve

Organizational skil lsassessment and training plan

Use a specified case study as

guidance

Process ownership

R esponsibil ity

A uthority S kil ls

A ccountability

R ecognition

The RASARs edge


37/46


Certification Assessment Stages

Pre- audit assessment

(optional)

Documentation Assessment

Compliance Assessment

Pre-certification

Post-certification Continuing Assessment Triennial Re-assessment

Certification Body Issues Certificate


38/46


Common Pit Falls to implementation

1. Existing processes & procedures did not always align

2. Some processes did NOT exist, others not being used

3. Some staff did not really understand the difference betweenprocess & procedure

4. Implementation resource staff still had to do their day job

5. Staff reluctant to admit if they dont know or understand

requirements

6. Scope creep

7. Not EVERYTHING recorded or measured, especially

performance of identified improvements8. Concentration on tools rather than process implementation


39/46


How long will it take?

For a company who has not yet implemented ITIL

Approx. 18 months

For a company who has implemented ITIL well Approx. 9 months

Remember that once the processes are designed and

documented, they need to be rolled out and run for about3 months before being audited to prove compliance


40/46

Summary


41/46


Qualifications

ISO20000 consultant (ITSMF) 3 day course examining part 1, part 2 and the certi fication process

Pre-requisite is ITIL Foundation + 5 years relevant IT experience

ISO20000 auditor (ITSMF)

2 day course examining part 1 in detail with an overview of part 2 and thecertification process

Pre-requisite is ISO9000/ISO27001/TickIT certified auditor or certif ied internalauditor

Service Quality Management Foundation (EXIN) 3 day course examining part 1, part 2 and the quality management systems in

ISO9000

Pre-requisite is IT Service Management experience, preferably the ITILFoundation

Many training providers offer non-accredited courses including awareness,planning to implement ISO20000


42/46


ISO 20000 Publicly AvaliableTraining

Understanding ISO 20000:20051 Day

ISO 20000:2005 - Internal Auditor course3 Days

Implementing ISO 20000:20052 Days

Lead Auditor ISO 20000:2005

5 Days Expected Launch October 2007


43/46


ISO20000 Certified Organizations

161 Certified Organizationsat April 2007

External:Internal serviceprovider ratio is approx. 2:1


44/46


ISO 20000 The Future Businesses are beginning to demonstrate increasingdemand for ISO 20000-1:2005 certification

Certification will become a key market differentiatorand pivotal in the selection of supplier and partnerorganizations.

Because of it s strong structure and ability to showROI, ISO 20000 will be THE frame work of choice for ITService Management.

The standard itself wil l evolve to aid clarity, respond to

feedback and align with ITIL3


45/46


References

ISO/IEC 20000

www.iso.org

www.bsi-global.com

www.ansi.org

ISO20000 pocket guide

www.itsmf.com

BSI: Achieving ISO20000 series BSI: A managers guide to service management

BSI: Self assessment workbook

www.bsi-global.com

ITSMF Certification scheme

www.isoiec20000certification.com
http://www.iso.org/http://www.bsi-global.com/http://www.bsi-global.com/http://www.isoiec20000certification.com/http://www.isoiec20000certification.com/http://www.bsi-global.com/http://www.bsi-global.com/http://www.iso.org/


46/46


Thank You

[email protected]

314-831-7835inquiry.msamericas@bsi-

global.com

www.bsiamericas.com

703-437-9000
mailto:[email protected]:[email protected]:[email protected]://www.bsiamericas.com/http://www.bsiamericas.com/mailto:[email protected]:[email protected]:[email protected]