iso/ iec 20000 (itsm) certification roadmap · 20000 2 iso / iec 20000 foundation and lead auditor...
TRANSCRIPT
ISO/ IEC 20000 (ITSM)
Certification Roadmap
Rasheed Adegoke
June 2013
FirstBank
Outline
About First Bank
Motivations
Definitions – ITIL, ISO/IEC 20000 & DIFFERENCES
ISO/ IEC 20000 Certification Roadmap
First Bank ITSM Processes after ISO/ IEC 20000
Benefits of ISO/ IEC 20000 Certification
Next Steps & Work-in-progress
Conclusion/Wrap up
ABOUT FIRST BANK
- 2 -
FirstBank
About FIRST BANK
MOTIVATIONS FOR ISO 20000
- 4 -
FirstBank
Motivations/Drivers…
GROWTH
• Build reliable highly scalable infrastructure and agile IT architecture to support growth & rapid integration of acquired capacity
PROCESS EXCELLENCE
• Facilitate process simplification and workflow automation
• Enable innovative use of customer self-service channels
• Reduce IT OPEX
PERFORMANCE MANAGEMENT & PEOPLE
• Build robust enterprise performance management & reporting platform
• Empower employees with innovative solutions
IT VISION
To create and operate best-in-class technology infrastructure & services for the achievement of FirstBank’s clear leader objective.
FirstBank
Motivations/Drivers…
Enable
AGILE &
INNOVATIVE
enterprise
1.
Build capacity &
talents 3.
Improve
communication
with business
5.
Optimise
business
applications 6.
Optimise
service
delivery
4.
Optimise
infrastructure
2.
Improve IT
Processes
2009-2010:
Build reliable and Agile IT
Service foundation :-
Infrastructure & Processes
(AGILITY)
2010-2012:
Deploy new solutions to
support Product & Service
Innovation
(INNOVATION)
2011-2013:
Achieve global certification
of IT Processes &
Governance
(EXCELLENCE)
DEFINITIONS: ITIL, ISO 20000
- 7 -
FirstBank
DEFINITIONS: WHAT IS ITIL?
ITIL (Information Technology Infrastructure Library) is the most widely adopted approach for IT Service Management in the world.
It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business.
Source: www.ITIL-officialsite.com
FirstBank
• ISO 20000 is the international standard for IT service management.
• It describes an integrated set of management processes for the effective delivery of services to the business and its customers.
• Closely follows the ITIL framework.
• While individuals are ITIL certified, organizations are ISO20000 certified.
ISO/ IEC
20000
PART 2 – CODE OF PRACTICE
Code of Practice and describes
the best practices for Service
Management processes within
the scope of ISO/IEC 20000-1.
PART 1 - SPECIFICATION
Formal specification and defines
the requirements for an
organization to deliver managed
services of an acceptable quality
for its customers.
DEFINITIONS: ISO 20000 AND HOW IT DIFFERS FROM ITIL
FirstBank
ISO/ IEC 20000 IMPLEMENTATION IN FIRST BANK
First Bank Policies, Processes and Procedures
Part 1
Specification
Part 2
Code of Practice
ITIL, COBIT and other
related guidelines
AUDITABLE
SPECIFICATION:
Target for
achievement
CODE OF PRACTICE:
Explanatory guidance of
the standard
Other best Practice
guidance
Implementation and
improvement plans
ITSM STANDARD ISO/ IEC 20000
ISO/IEC 20000 comprises of two parts: The first part is the auditable specification, which defines the requirements for certification
(the “shalls”) and the second part is the code of practice (the “shoulds”), which contains recommendations and guidance for helping
organizations achieve the first part. We also considered other guidelines and standards including industry/internal policies in our
implementation of relevant IT Processes and Procedures.
OTHER APPLICABLE STANDARDS
REFERENCED
ISO 20000 CERTIFICATION ROADMAP
- 11 -
FirstBank
ISO/IEC 20000 CERTIFICATION ROADMAP
Conduct ISO 20000
Readiness Assessment
REA
DIN
ESS
ASSESSM
EN
T
Conduct PDCA cycle
review of ISO 20000
processes and remediate
gaps PREPA
RIN
G &
IMPLEM
EN
TIN
G
Conduct certification
audit
CERTIF
ICA
TIO
N &
MA
INTA
ININ
G
FirstBank
ISO/ IEC 20000 Certification Roadmap - Readiness Assessment
13
Capacity Management
Service Continuity and Availability
Service Level Management
Service Reporting
Information Security Management
Budgeting and Accounting for IT
Configuration Management
Change Management
Incident Management
Problem Management
Release Management
Business Relationship Management
Supplier Management
Process Area Maturity
Assessment
Absent
0
Informal
1
Repeatable
2
Defined
3
Managed &
Measurable
4
Optimized
5
As part of the certification
roadmap, a readiness
assessment was conducted
at the beginning of the
project
Key Findings;
• Insufficient documentation of
business requirements for IT
Services
• Many IT Processes are
manually operated
• Lack of dedicated personnel
assigned to ITSM processes
• Reports are not generated
periodically but on a need-
basis
FirstBank
Is this right for us?
Are we eligible, is this a mandatory
business need, will we get clear
benefits?
Where do we stand currently against the
standards?
How would we score and what are the
current gaps that need to be filled?
What benefits do we expect from
ISO/IEC 20000?
Industry standing, cost and quality
benefits, benefits of going through a
quality programme
What work is involved?
Planning, costs, time and resources
required to achieve ISO/IEC 20000
accreditation. This includes the
development work and the auditing
process
ISO/ IEC 20000 Certification Roadmap - Key Considerations for implementation
FirstBank
SCOPE
OBJECTIVES
ORGANIZATION
A formal project organization was established. The Chief Risk Officer was the project
sponsor. Digital Jewels Limited were engaged as consultants on the project. Project was
executed in line with our in-house project management methodology.
To improve and certify First Bank Plc.'s IT Service Management framework (policies, processes
and practices) based on compliance with the international best practice standard in ITSM:
ISO/IEC 20000 . Fifteen (15) services defined in FirstBank IT’s service catalogue were covered.
• Reduce risks in service delivery
• Increase productivity and profit margin
• Measure effectiveness of service delivery
• Improve quality of IT services
ISO/ IEC 20000 Certification Roadmap - Project Scope, Objectives and Organization
FirstBank
PERIOD (Months) ACTION
1 Initial Gap assessment, definition of scope, planning, review of current
processes and procedures.
Definition of IT services based on ISO 20000
Selection of service and process owners
2 Definition/ refinement and implementation of processes in line with ISO
20000
2 ISO / IEC 20000 Foundation and Lead Auditor training for all process
owners and selected staff
Ongoing awareness sessions for the entire IT Organization
3 Fine tuning of processes
Commenced implementation of a new service management tool
3 - 4 Final review of processes before audit
Mock Audit
Preparation for Certification Audit
4 Certification Audit
ISO/ IEC 20000 Certification Roadmap -Action and Timeplan
FirstBank
COMMUNICATION PLAN;
During the project, regular internal staff communication took place,
including periodic meetings and circulation of progress reports. Staff
communication encompassed;
• Project start-up
• Progress
• Possible changes in processes and policies
• Roll Out
• Certification
COLLECTING DATA ON THE MANAGEMENT SYSTEM
• Metrics for Incident Management Process was generated from
the existing ITSM tool. This includes information on incidents
logged, closed, outstanding and resolved within the period.
• Monthly service status report reports are collated across the
fifteen defined FirstBank IT services. The reports itemized how
the thirteen ITSM processes impact on the quality of their
services.
• Processes, policies and procedures were assessed
• Interviews were conducted with relevant staff of the IT
organization
ISO/ IEC 20000 Certification Roadmap - Communication Plan and Data Collection
FirstBank
SERVICE IMPROVEMENT PLAN
A formal Service Improvement Plan was established to cover areas of
improvement in operations, services, staff training and ITSM processes.
Progress of the Service Improvement Plan is measured through trends analysis,
customer satisfaction surveys to highlight the impact of service improvement
successes and failures.
CERTIFICATION AUDIT
Certification Assessment was conducted by auditor from British Standards
Institute from 18th to 26th of April 2013 to assess the Service Management
System. There were no major non conformances found
The Certificate was awarded on May 21st, 2013
ISO/ IEC 20000 Certification Roadmap - SIP and Certification Audit
FIRST BANK ITSM AFTER ISO 20000
- 19 -
FirstBank
FirstBank ITSM Processes after ISO 20000
20
Capacity Management
Service Continuity and Availability
Service Level Management
Service Reporting
Information Security Management
Budgeting and Accounting for IT
Configuration Management
Change Management
Incident Management
Problem Management
Release Management
Business Relationship Management
Supplier Management
Process Area Maturity
Assessment
Absent
0
Informal
1
Repeatable
2
Defined
3
Managed &
Measurable
4
Optimized
5
Key improvements
• Effective documentation of
business requirements for IT
Services
• All IT processes are defined
managed and measured
• Dedicated personnel have
been assigned to ITSM
processes as Process
owners
• Periodic reports are
generated for continuous
evaluation and improvement
of the SMS
• Appointment of a dedicated
IT Service Manager
• Implementation of Microsoft
System Centre Suite
BENEFITS OF ISO 20000 CERTIFICATION
- 21 -
FirstBank
ISO/ IEC 20000 and the Banking Services Industry - Benefits of Certification to an IT Service Provider
IT SERVICE PROVIDER
IMPROVED IT SERVICE
DELIVERY
REDUCED IT BREAK DOWNS
AND FASTER RESOLUTIONS
STAFF MOTIVATION
HIGHER RETURN ON IT
INVESTMENTS
ISO/ IEC 20000 certification CAN
ENHANCE CUSTOMER PERCEPTION
FirstBank
ISO/ IEC 20000 and the Banking Services Industry - Impact on Banks
• Continuous improvement of service quality, including
stability and cooperation, resulting in more customer
confidence in the banks.
• Focused services through alignment with the enterprise
strategy
• Insight into IT performance that is confirmed by an
independent source and may serve as a basis for
marketing and selling services
• Improved understanding by all process participants for
defining objectives, responsibilities and roles
• Compliance to emerging regulatory regime that may
enforce IT standards
NEXT STEPS & WORK IN PROGRESS
- 24 -
FirstBank
Next Steps and Work – in-progress
PRESERVING THE CERTIFICATE
We plan to maintain the Certification by sustaining provision and continually improving services in line with the ISO 20000 standard.
METRICS AND REVIEWS
Monitoring processes have been embedded within IT Governance processes and other mechanisms such as audits of the SMS (internal and external) and management reviews.
OPPORTUNITIES FOR IMPROVEMENT
All identified opportunities for improvement will be exploited to achieve a better SMS Currently implementing a BSM system to automate ITSM processes
PROCESS & SERVICE OWNERS
Selected process and service owners have been assigned the task of monitoring and improving compliance to the standard
FirstBank
Conclusion / Wrap up
We expect to leverage the ISO 20000 Certification process and subsequent
automation of ITSM processes along with other IT Governance & Process
improvements including CMMi, ISO 38500, etc. to deliver on the goal of
attaining world-class IT Services in First Bank.
FirstBank