ISO/ IEC 20000 (ITSM)

Certification Roadmap

Rasheed Adegoke

June 2013

FirstBank

Outline

About First Bank

Motivations

Definitions – ITIL, ISO/IEC 20000 & DIFFERENCES

ISO/ IEC 20000 Certification Roadmap

First Bank ITSM Processes after ISO/ IEC 20000

Benefits of ISO/ IEC 20000 Certification

Next Steps & Work-in-progress

Conclusion/Wrap up

ABOUT FIRST BANK

- 2 -

FirstBank

About FIRST BANK

MOTIVATIONS FOR ISO 20000

- 4 -

FirstBank

Motivations/Drivers…

GROWTH

• Build reliable highly scalable infrastructure and agile IT architecture to support growth & rapid integration of acquired capacity

PROCESS EXCELLENCE

• Facilitate process simplification and workflow automation

• Enable innovative use of customer self-service channels

• Reduce IT OPEX

PERFORMANCE MANAGEMENT & PEOPLE

• Build robust enterprise performance management & reporting platform

• Empower employees with innovative solutions

IT VISION

To create and operate best-in-class technology infrastructure & services for the achievement of FirstBank’s clear leader objective.

FirstBank

Motivations/Drivers…

Enable

AGILE &

INNOVATIVE

enterprise

1.

Build capacity &

talents 3.

Improve

communication

with business

5.

Optimise

business

applications 6.

Optimise

service

delivery

4.

Optimise

infrastructure

2.

Improve IT

Processes

2009-2010:

Build reliable and Agile IT

Service foundation :-

Infrastructure & Processes

(AGILITY)

2010-2012:

Deploy new solutions to

support Product & Service

Innovation

(INNOVATION)

2011-2013:

Achieve global certification

of IT Processes &

Governance

(EXCELLENCE)

DEFINITIONS: ITIL, ISO 20000

- 7 -

FirstBank

DEFINITIONS: WHAT IS ITIL?

ITIL (Information Technology Infrastructure Library) is the most widely adopted approach for IT Service Management in the world.

It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business.

Source: www.ITIL-officialsite.com

FirstBank

• ISO 20000 is the international standard for IT service management.

• It describes an integrated set of management processes for the effective delivery of services to the business and its customers.

• Closely follows the ITIL framework.

• While individuals are ITIL certified, organizations are ISO20000 certified.

ISO/ IEC

20000

PART 2 – CODE OF PRACTICE

Code of Practice and describes

the best practices for Service

Management processes within

the scope of ISO/IEC 20000-1.

PART 1 - SPECIFICATION

Formal specification and defines

the requirements for an

organization to deliver managed

services of an acceptable quality

for its customers.

DEFINITIONS: ISO 20000 AND HOW IT DIFFERS FROM ITIL

FirstBank

ISO/ IEC 20000 IMPLEMENTATION IN FIRST BANK

First Bank Policies, Processes and Procedures

Part 1

Specification

Part 2

Code of Practice

ITIL, COBIT and other

related guidelines

AUDITABLE

SPECIFICATION:

Target for

achievement

CODE OF PRACTICE:

Explanatory guidance of

the standard

Other best Practice

guidance

Implementation and

improvement plans

ITSM STANDARD ISO/ IEC 20000

ISO/IEC 20000 comprises of two parts: The first part is the auditable specification, which defines the requirements for certification

(the “shalls”) and the second part is the code of practice (the “shoulds”), which contains recommendations and guidance for helping

organizations achieve the first part. We also considered other guidelines and standards including industry/internal policies in our

implementation of relevant IT Processes and Procedures.

OTHER APPLICABLE STANDARDS

REFERENCED

ISO 20000 CERTIFICATION ROADMAP

- 11 -

FirstBank

ISO/IEC 20000 CERTIFICATION ROADMAP

Conduct ISO 20000

Readiness Assessment

REA

DIN

ESS

ASSESSM

EN

T

Conduct PDCA cycle

review of ISO 20000

processes and remediate

gaps PREPA

RIN

G &

IMPLEM

EN

TIN

G

Conduct certification

audit

CERTIF

ICA

TIO

N &

MA

INTA

ININ

G

FirstBank

ISO/ IEC 20000 Certification Roadmap - Readiness Assessment

13

Capacity Management

Service Continuity and Availability

Service Level Management

Service Reporting

Information Security Management

Budgeting and Accounting for IT

Configuration Management

Change Management

Incident Management

Problem Management

Release Management

Business Relationship Management

Supplier Management

Process Area Maturity

Assessment

Absent

0

Informal

1

Repeatable

2

Defined

3

Managed &

Measurable

4

Optimized

5

As part of the certification

roadmap, a readiness

assessment was conducted

at the beginning of the

project

Key Findings;

• Insufficient documentation of

business requirements for IT

Services

• Many IT Processes are

manually operated

• Lack of dedicated personnel

assigned to ITSM processes

• Reports are not generated

periodically but on a need-

basis

FirstBank

Is this right for us?

Are we eligible, is this a mandatory

business need, will we get clear

benefits?

Where do we stand currently against the

standards?

How would we score and what are the

current gaps that need to be filled?

What benefits do we expect from

ISO/IEC 20000?

Industry standing, cost and quality

benefits, benefits of going through a

quality programme

What work is involved?

Planning, costs, time and resources

required to achieve ISO/IEC 20000

accreditation. This includes the

development work and the auditing

process

ISO/ IEC 20000 Certification Roadmap - Key Considerations for implementation

FirstBank

SCOPE

OBJECTIVES

ORGANIZATION

A formal project organization was established. The Chief Risk Officer was the project

sponsor. Digital Jewels Limited were engaged as consultants on the project. Project was

executed in line with our in-house project management methodology.

To improve and certify First Bank Plc.'s IT Service Management framework (policies, processes

and practices) based on compliance with the international best practice standard in ITSM:

ISO/IEC 20000 . Fifteen (15) services defined in FirstBank IT’s service catalogue were covered.

• Reduce risks in service delivery

• Increase productivity and profit margin

• Measure effectiveness of service delivery

• Improve quality of IT services

ISO/ IEC 20000 Certification Roadmap - Project Scope, Objectives and Organization

FirstBank

PERIOD (Months) ACTION

1 Initial Gap assessment, definition of scope, planning, review of current

processes and procedures.

Definition of IT services based on ISO 20000

Selection of service and process owners

2 Definition/ refinement and implementation of processes in line with ISO

20000

2 ISO / IEC 20000 Foundation and Lead Auditor training for all process

owners and selected staff

Ongoing awareness sessions for the entire IT Organization

3 Fine tuning of processes

Commenced implementation of a new service management tool

3 - 4 Final review of processes before audit

Mock Audit

Preparation for Certification Audit

4 Certification Audit

ISO/ IEC 20000 Certification Roadmap -Action and Timeplan

FirstBank

COMMUNICATION PLAN;

During the project, regular internal staff communication took place,

including periodic meetings and circulation of progress reports. Staff

communication encompassed;

• Project start-up

• Progress

• Possible changes in processes and policies

• Roll Out

• Certification

COLLECTING DATA ON THE MANAGEMENT SYSTEM

• Metrics for Incident Management Process was generated from

the existing ITSM tool. This includes information on incidents

logged, closed, outstanding and resolved within the period.

• Monthly service status report reports are collated across the

fifteen defined FirstBank IT services. The reports itemized how

the thirteen ITSM processes impact on the quality of their

services.

• Processes, policies and procedures were assessed

• Interviews were conducted with relevant staff of the IT

organization

ISO/ IEC 20000 Certification Roadmap - Communication Plan and Data Collection

FirstBank

SERVICE IMPROVEMENT PLAN

A formal Service Improvement Plan was established to cover areas of

improvement in operations, services, staff training and ITSM processes.

Progress of the Service Improvement Plan is measured through trends analysis,

customer satisfaction surveys to highlight the impact of service improvement

successes and failures.

CERTIFICATION AUDIT

Certification Assessment was conducted by auditor from British Standards

Institute from 18th to 26th of April 2013 to assess the Service Management

System. There were no major non conformances found

The Certificate was awarded on May 21st, 2013

ISO/ IEC 20000 Certification Roadmap - SIP and Certification Audit

FIRST BANK ITSM AFTER ISO 20000

- 19 -

FirstBank

FirstBank ITSM Processes after ISO 20000

20

Capacity Management

Service Continuity and Availability

Service Level Management

Service Reporting

Information Security Management

Budgeting and Accounting for IT

Configuration Management

Change Management

Incident Management

Problem Management

Release Management

Business Relationship Management

Supplier Management

Process Area Maturity

Assessment

Absent

0

Informal

1

Repeatable

2

Defined

3

Managed &

Measurable

4

Optimized

5

Key improvements

• Effective documentation of

business requirements for IT

Services

• All IT processes are defined

managed and measured

• Dedicated personnel have

been assigned to ITSM

processes as Process

owners

• Periodic reports are

generated for continuous

evaluation and improvement

of the SMS

• Appointment of a dedicated

IT Service Manager

• Implementation of Microsoft

System Centre Suite

BENEFITS OF ISO 20000 CERTIFICATION

- 21 -

FirstBank

ISO/ IEC 20000 and the Banking Services Industry - Benefits of Certification to an IT Service Provider

IT SERVICE PROVIDER

IMPROVED IT SERVICE

DELIVERY

REDUCED IT BREAK DOWNS

AND FASTER RESOLUTIONS

STAFF MOTIVATION

HIGHER RETURN ON IT

INVESTMENTS

ISO/ IEC 20000 certification CAN

ENHANCE CUSTOMER PERCEPTION

FirstBank

ISO/ IEC 20000 and the Banking Services Industry - Impact on Banks

• Continuous improvement of service quality, including

stability and cooperation, resulting in more customer

confidence in the banks.

• Focused services through alignment with the enterprise

strategy

• Insight into IT performance that is confirmed by an

independent source and may serve as a basis for

marketing and selling services

• Improved understanding by all process participants for

defining objectives, responsibilities and roles

• Compliance to emerging regulatory regime that may

enforce IT standards

NEXT STEPS & WORK IN PROGRESS

- 24 -

FirstBank

Next Steps and Work – in-progress

PRESERVING THE CERTIFICATE

We plan to maintain the Certification by sustaining provision and continually improving services in line with the ISO 20000 standard.

METRICS AND REVIEWS

Monitoring processes have been embedded within IT Governance processes and other mechanisms such as audits of the SMS (internal and external) and management reviews.

OPPORTUNITIES FOR IMPROVEMENT

All identified opportunities for improvement will be exploited to achieve a better SMS Currently implementing a BSM system to automate ITSM processes

PROCESS & SERVICE OWNERS

Selected process and service owners have been assigned the task of monitoring and improving compliance to the standard

FirstBank

Conclusion / Wrap up

We expect to leverage the ISO 20000 Certification process and subsequent

automation of ITSM processes along with other IT Governance & Process

improvements including CMMi, ISO 38500, etc. to deliver on the goal of

attaining world-class IT Services in First Bank.

FirstBank