iso/iec 20000 for practitioners instructor guide

INSTRUCTOR GUIDE

ITpreneurs Nederland B.V.© Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.

r 2.0.0

ISO/IEC 20000 Practitioner

ISO/IEC 20000

Sample

Mate

rial -

Not for

Rep

rint

ISM2310CL Version 2.0

© Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.

Nothing from this publication may be duplicated and/or published by means of printing, photocopy, microfi lm, any electronic medium, or in any other way and may not be stored in any way without preceding the written permission of ConnectSphere Limited or ITpreneurs.

Sample

Mate

rial -

Not for

Rep

rint

Contents

i

OVERVIEW 1

STUDENT COURSE AGENDA 5

TUTOR COURSE PLAN 7

TUTOR PRESENTATION 15

GUIDANCE FROM APMG 181

TEST 1: ANSWER GUIDANCE 187

TEST 2: MULTIPLE CHOICE QUESTIONS 189

TEST 2: ANSWERS GUIDANCE 195

ASSIGNMENT 1: ISO/IEC 20000 POLICIES 201

ASSIGNMENT 2: INCIDENT AND SERVICE REQUEST MANAGEMENT 203

ASSIGNMENT 3: APPLICABILITY AND SCOPE 205

ASSIGNMENT 3: APPLICABILITY AND SCOPE ANSWER GUIDANCE 209

ASSIGNMENT 4: PLANNING AND ANALYSIS OF READINESS FOR CERTIFICATION 213

ISO/IEC 20000 TERMS AND DEFINITIONS – APMG FOUNDATION 217

APMG ISO20000 EXAMINATIONS SUPPLEMENTARY REFERENCE PAPER V1 221

ISO/IEC 20000 WHITE PAPER 235

ISOIEC 20000 FOUNDATION AND PRACTITIONER SYLLABUS 247

RELEASE NOTES 275

INSTRUCTOR FEEDBACK FORM 277

Sample

Mate

rial -

Not for

Rep

rint

Sample

Mate

rial -

Not for

Rep

rint

Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 1

Overview

Sample

Mate

rial -

Not for

Rep

rint


Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.2

Requirements and Process Groupings inISO/IEC 20000-1:2011 Information technology – Service Management – Part 1: Service management system requirements

6 Service delivery processes

8 Resolution processes 7 Relationship processes

9 Control processes

CapacitymanagementService continuity and availability management

Service level managementService reporting

Information security managementBudgeting and accounting for services

Incident management andservice request management Problem management

Business relationship managementSupplier management

Configuration managementChange management

Release and deployment management

5 Design and transition of new or changed services

4. Service management system general requirementsManagement responsibilityGovernance of processes operated by other parties

Documentation management Resource management Establish and improve the SMS

Clauses with requirements in ISO/IEC 20000-1:2011 Information technology – Service Management – Part 1: Service management system requirements

Sample

Mate

rial -

Not for

Rep

rint

Instructor | IISO/IEC 20000 Practitioner | Overview


ForewordIntroduction1 Scope1.1 General1.2 Application

2 Normative references

3 Terms and defi nitions

4 Service management system general requirements

4.1 Management responsibility

4.1.1 Management commitment

4.1.2 Service management policy

4.1.3 Authority, responsibility and communication

4.1.4 Management representative

4.2 Governance of processes operated by other parties

4.3 Documentation management

4.3.1 Establish and maintain documents

4.3.2 Control of documents

4.3.3 Control of records

4.4 Resource management

4.4.1 Provision of resources

4.4.2 Human resources

4.5 Establish and improve the SMS

4.5.1 Defi ne scope

4.5.2 Plan the SMS (Plan)

4.5.3 Implement and operate the SMS (Do)

4.5.4 Monitor and review the SMS (Check)

4.5.4.1 General4.5.4.2 Internal audit

4.5.4.3 Management review

4.5.5 Maintain and improve the SMS (Act)

4.5.5.1 General

4.5.5.2 Management of improvements

5 Design and transition of new or changed services

5.1 General

5.2 Plan new or changed services

5.3 Design and development of new or changed services

5.4 Transition of new or changed services

6 Service delivery processes

6.1 Service level management

6.2 Service reporting

6.3 Service continuity and availability management

6.3.1 Service continuity and availability requirements

6.3.2 Service continuity and availability plans

6.3.3 Service continuity and availability monitoring and testing6.4 Budgeting and accounting for services

6.5 Capacity management

6.6 Information security management

6.6.1 Information security policy

6.6.2 Information security control

6.6.3 Information security changes and incidents

7 Relationship processes

7.1 Business relationship management

7.2 Supplier management

8 Resolution processes

8.1 Incident and service request management

8.2 Problem management

9 Control processes

9.1 Confi guration management

9.2 Change management

9.3 Release and deployment management

Bibliography

Figure 1 — PDCA methodology applied to service management

Figure 2 — Service management system

Figure 3 — Example of supply chain relationshipsSample

Mate

rial -

Not for

Rep

rint

This p

age

has b

een le

ft bla

nk in

tentio

nally

Sample

Mate

rial -

Not for

Rep

rint


Student Course Agenda

Sample

Mate

rial -

Not for

Rep

rint



DAY 1 Course introduction

Overview of ISO/IEC 20000

Break ISO/IEC 20000 terms and defi nitions

Lunch Service Management System (SMS) general requirements (continued)

Break SMS general requirements

Close

HomeworkHomework – Test questions and review of material

DAY 2 Review of Day 1 and test questions

ISO/IEC 20000-1 specifi c service management (SM) processes

Break ISO/IEC 20000-1 specifi c SM processes (continued)

Lunch ISO/IEC 20000-1 specifi c SM processes

Break Mock examination (part of sample paper)

Homework: Complete and review mock exam. Review for fi nal exam.

DAY 3 Review of Day 2 and sample examination questions

Achieving ISO/IEC 20000 Certifi cation (continued)

Break Achieving ISO/IEC 20000 Certifi cation

Lunch Review to prepare for exam

Break Examination (14.00 – 17.00)

CloseSam

ple M

ateria

l - Not

for R

eprin

t


Tutor Course Plan

Sample

Mate

rial -

Not for

Rep

rint



INSTRUCTOR COURSE PLAN

The following MUST be available to the tutor and class.

ISO/IEC 20000-1: 2011, Part 1: Requirements for a specifi cation for service management

ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management systems requirements

ISO/IEC 20000-2: 2012, Information technology — Service management — Part 2: Guidance on the application of service management systems (when available)

ISO/IEC TR 20000-3, Information technology — Service management — Part 3: Guidance on scope defi nition and applicability for ISO/IEC 20000-1

ISO/IEC TR 20000-5, Information technology — Service management — Part 5: Exemplar implementation plan

The exam is an open book and we recommend each student to carry a copy of Part 1. All students must have access to reference copy of Part 1, 2, and 3 of the standard, at least for the duration of the course. However, it is not mandatory for every student to have personal access to Part 2 and Part 3 throughout the course.

Day 1 Topic Content

09:00

Module 1

Course introduction

Slides 1 to 12

Introduction to the course

Slide 10 – Introduction

Slide 12 – Ask the class

Write these on a fl ipchart and refer to them throughout the course:

1. Select an IT service provider organization to use as an example in the course. List the main business objectives of the IT service provider organization.

2. What are the challenges for the IT service provider? Ask students to list the challenges for the service provider organization. Further, ask the students to select the important challenges for the organization.

Sample

Mate

rial -

Not for

Rep

rint

Instructor | ISO/IEC 20000 Practitioner | Tutor Course Plan


Day 1 Topic Content

09:30

Module 2

Overview of ISO/IEC 20000

Slides 13 to 40

Slide 13 Ask the class: To brainstorm what they already know about ISO/IEC 20000. Write up their responses on a fl ipchart so that you can refer to them.

Slide 13 Ask the class: To brainstorm what they already know about ISO/IEC 20000.

Slide 21 Ask the class: What is included in an SMS?

Slide 22 The SMS process diagram – Distribute the full page handout of the diagram.

Slide 22 Ask the class: Why is it important to integrate processes?

Slide 24 Ask the class: Are they using any of these standards (9001, 27001)?

Slide 27 Part 3. Explanation to make sure the students understand this part.

Slide 28 Introduce the use of Part 5 Ask the class: How far into a two year journey do you think your selected service provider is?

Slide 34-35 Emphasize the points about certifi cation.

Slide 34-38 Explain the APMG Certifi cation Scheme, a key part of the syllabus.

Slide 37 Benefi ts of certifi cation to ISO/IEC 20000.

Slide 38 and 39 Module 2: Test your understanding

11:00 Break

11:15

Module 3

Terms and Defi nitions

Slides 41 to 52

Slide 43 Check that students are familiar with the foundation terms and defi nitions, especially if they do not have the APMG Foundation qualifi cation.

Slide 44 Ask the class: What examples can you identify for service components?

Slide 46 Ask the class: Can you identify examples of an interested party? Part 1 provides examples.

Slide 47 Ask the class: What would you include in the service requirements? It is really important to help students understand the concept of service requirements.

Slide 48 Exercise: Select a service that is delivered by your selected service provider and then:

1. Write a brief description of the service.

2. Identify the interested parties using the classifi cation in Part 1.

3. Ascertain a few high-level service requirements for each interested party.

Slide 50 Ask the class: What is a process that is effective? What is a process that is fi t for purpose? Write it on the fl ip chart.Sam

ple M

ateria

l - Not

for R

eprin

t



Day 1 Topic Content

12:30

Module 4

SMS general requirements

Slides 53 to 64

Slide 56 Ask the class: Who could be responsible for the coordination and management of all services - Can the CIO delegate this?

Slide 62 Ask the class: Are you familiar with a RACI model? Is C or I better?

12:30 Lunch

13:30

Module 4 SMS general requirements

Slides 65 to 88

Assignment 1. See the student handbook. Service management policy and continual service improvement policy.

Slide 65 Ask the class: What is the difference between a document and a record? Please provide examples of documents and records.

Slide 68 Ask the class: To identify the mandatory documents and records in Part 1 and classify the fi ndings as: Being out of scope, Showing conformity to Part 1, Exhibiting nonconformity.

Slide 69 Ask the class: For examples for each type of resource within an SMS.

Slide 70 Ask the class: How an auditor would assess whether personnel are aware of how they contribute to the achievement of: Service management objectives, Fulfi llment of service requirements.

Slide 71 Test your understanding: Human resource.

Slide 75 Ask the class: What kind of Return on Investment does their selected service provider want?

Slide 76 Ask the class: What are the real points to think about when planning an SMS?

Slide 78 Ask the class: For what would a management review of the SMS and services be used?

Slide 79 Ask the class: Brainstorm the key inputs that you would use to conduct a management review. Which inputs are mandatory inputs conforming to the requirements of Part 1?

Slide 81 Ask the class: Provide examples of aspects to consider in a policy on continual improvement?

Slide 86 Exercise: C4.5 Establish and improve the SMS

16:00 Sample paper Question 1 with review

17:00 Close

Day 1 Homework Homework: Review and test 2

Sample

Mate

rial -

Not for

Rep

rint



Day 2 Topic Content

09:00 Review Review of Day 1 and Homework

09:15

Module 5

ISO/EC 20000

Specifi c service management processes

Slides 89 to 150

Slide 92 Ask the class: What will the interfaces include? (Between the design and transition of new or changed services and the control processes).

Slide 95 Exercise: Part 1 requirements for Clause 5 to 9

For the design and transition of new or changed services (DTNCS) in Clause 5, identify the:

a) Process objectivesb) Process specifi c policies and plans that are required to conform to the

Part 1 requirementsc) Inputs, outputs of the processd) Actions relating to the implementation of the process required by Part 1e) Roles required for operation of the processes

Ask the class: To do the same as we go through Clauses 6 to 9.

Slide 97 Ask the class: For examples of typical business changes that impact service requirements and service-level requirements.

Slide 100 Ask the class: What are the key considerations when defi ning the structure and content of SLAs?

Slide 101 Ask the class: What is a good report?

Slide 102 and 103 Ask the class: Are the customer satisfaction reports good or bad? Why? Give reasons.

Slide 103 Ask the class: Is this better? Is it missing anything? What are the key considerations for service reporting?

Slide 104 Ask the class: For an example of each type of report.

Slide 105 Ask the class: Does the service report index show all of the mandatory requirements of Part 1?

Slide 106 Ask the class: What aspects of the service continuity and availability plans should be under the control of change management?

Slide 100 Exercise: C6.3 Service continuity and availability management. How to achieve an end-to-end availability target for an e-mail service. What availability monitoring activities are required to conform to the requirements of Part 1?

Slide 111 Ask the class: Budgeting and accounting. What do you think is included in service components? What are the important implementation considerations?

Slide 112 Ask the class: Which month should new capacity have been added?

Slide 113 Ask the class: Examples of information and data for business capacity management, service capacity management, and component capacity management.

Slide 115 Ask the class: What IT security polices will a service provider need?

Slide 123 Ask the class: What would an assessor or auditor look for in a contract?

Slide 125 Test your understanding: Relationship processes.

Sample

Mate

rial -

Not for

Rep

rint



Day 2 Topic Content

12:30 Lunch

13:30

Slide 134 Test your understanding: Resolution processes.

Assignment 3

1. Perform a self-assessment for your selected service provider for the incident and service request management process within a defi ned scope.

2. List the specifi c requirements for managing major incidents.

3. Identify the requirements presented in Part 1 for the interfaces between the:

a) Incident management and service level management processes.

b) Incident and problem management processes.

c) Problem management and confi guration management processes.

d) Problem management and change management processes.

Slide 137 Ask the class: What would they control for a PC?

Slide 138 Ask the class: What confi guration item types are required in the SMS?

Slide 142 Ask the class: How can types of change be classifi ed?

Slide 130 Ask the class: In addition to the requirements on this slide, what statements are typically in a change management policy?

Slide 144 Ask the class: What would you include in a release policy?

Slide 145 Ask the class: Who are the relevant parties involved in release and deployment planning?

Slide 147 Ask the class: How do we measure and analyse the success/failure of a release?

Slide 148 Test your understanding: Release and deployment.

Slide 149 Exercise:

1. Discuss and summarize how you can determine the suitability and effectiveness of the processes in Clauses 5 to 9.

2. List examples of process improvements.

Recommend a set of roles required for operation of the processes together with your rationale.

15:30 Sample paper Question 2 and 3 with review

17:00 Close

Day 2 Homework

Read Student handbook, Section 3.4 and 3.5. Read ISO/IEC 20000-1 requirements for internal audit.

Do sample paper Question 4, Part A and B.

Sample

Mate

rial -

Not for

Rep

rint



Day 3 Topic Content

09:00 Review of Day 3

Review of Day 2 and sample paper Question 4, Part A and B.

If required, use Slide 158 - Types of audit.

09:15

Module 5

Achieving ISO/EC 20000

Slides 152 to 183

Slide 158 Ask the class: What is the main evidence required for an external audit?

Slide 159 Exercise: Types of audit

1. List the differences between:

a) Internal audit (within the service provider organization)

b) External – Initial certifi cation audit

c) External – Surveillance certifi cation audit

d) External – Re-certifi cation audit

2. Summarize the responsibilities and activities for an external auditor of an RCB

Slide 168 Assignment 4: Applicability and scope (see student handbook).

Slide 170 Ask the class: From your experience do the Phase 1 activities seem sensible?

Slide 179 Assignment 5: Planning and analysis of readiness for certifi cation (see student handbook for scenario).

Slide 181 Ask the class: Why is it important to inspect the certifi cate?

11:45 Sample paper Question 4: Part C, D, and E and Review of answers

12:20 Course close and Feedback Slide 184

12:30 Lunch

13:30 Review for exam Cover a summary of the main syllabus points to prepare students for the exam.

14:00 – 17:00 Examination

17:00 Close

Sample

Mate

rial -

Not for

Rep

rint

This p

age

has b

een le

ft bla

nk in

tentio

nally

Sample

Mate

rial -

Not for

Rep

rint


Tutor Presentation

Sample

Mate

rial -

Not for

Rep

rint



Explain to the class:Briefl y describe the history of ISO/IEC 20000. Describe the course objectives as twofold—learning how to implement service management to meet the requirements of ISO/IEC 20000 and how to pass the exam.

ISO/IEC 20000 is the international standard for IT service management (ITSM). It is jointly published by two standards organizations, ISO and IEC.

ISO = International Organization for Standardization

Develops and publishes thousands of standards for worldwide use with inputs from industry and government.

165 members, one per country

Countries publish ISO standards as national standards

See www.iso.org

IEC = International Electrotechnical Commission

Prepares and publishes international standards for all electrical, electronic, and related technologies

See www.iec.org

ISO/IEC 20000-1 defi nes and provides details of the requirements for a service management system (SMS) to deliver managed services of an acceptable quality, together with guidance on how to demonstrate conformity with the standard.

Sample

Mate

rial -

Not for

Rep

rint

Instructor | ISO/IEC 20000 Practitioner | Tutor Presentation


2

Exercises, sample exams, homeworkISO/IEC 20000 Parts 1, 2, 3, and 5

Course Contents

1. Course introduction 32. Overview of ISO/IEC 20000 133. ISO/IEC 20000 terms and definitions 414. Service management system (SMS) general requirements 535. Specific service management (SM) processes 896. Achieving ISO/IEC 20000 certification 1537. Summary and feedback 185

Slides

Module 1 Course Introduction

Sample

Mate

rial -

Not for

Rep

rint



4

Notice

The information contained in this document is subject to change without notice. This document contains proprietary information that is protected by licensed copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs.The ISO/IEC 20000 Practitioner course includes Intellectual Property owned by ConnectSphereLimited, which is used by permission of Connect Sphere. All rights reserved.Information on international standards can be obtained from www.iso.orgCOBIT® is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute. ITIL® is a registered trademark of the Cabinet Office.

5

Course Arrangements

ScheduleBreaks and refreshmentsMobile phonesMessagesFire alarmsBathroomsSmoking

Arrangements

Sample

Mate

rial -

Not for

Rep

rint



6

Course Arrangements (Cont’d.)

Keep an open mind. It’s not just about taking the exam; it’s about understanding the principles and terminology of the approach.

Tutor note: Delegates attending the course are required to have a fundamental knowledge of IT service management principles and processes. The basic ITSM knowledge required is exemplifi ed by either an ITIL® Foundation certifi cate or an approved ISO/IEC 20000 Foundation certifi cate, possession of one of which is mandatory for attending this course.

The course is intended to be delivered in a highly practical, rather than a theoretical, way and is primarily aimed at practitioners, managers, and consultants involved in SMS implementation activities based on ISO/IEC 20000.

Sample

Mate

rial -

Not for

Rep

rint



7

ISO/IEC 20000 for Practitioners: Course Overview

Duration

Target Audience

Prerequisites

Purpose

Holder of the ITIL ® Foundation Certificate in IT Service Managementor an approved ISO/IEC 20000 Foundation Certificate

Three-day course or 18 hours of learning time, of which 16 hours involve direct contact

Practitioners, managers, and consultants involved in a service management system (SMS) or ongoing activities based on ISO/IEC 20000

To ensure that a candidate has sufficient understanding of ISO/IEC 20000 and its application to be able to analyze and apply his or her knowledge to a range of activities that would support organizations in conforming to the requirements of ISO/IEC 20000-1, and to achieve and retain the ISO/IEC 20000 certification.

ITIL® is a registered trade mark of the Cabinet Office

Syllabus: 3.3 High-Level Performance Defi nition of a Successful Practitioner Candidate

Explain to the class:

Candidates should understand and be able to apply and analyze the content of ISO/IEC 20000 within currently certifi ed organizations or those wishing to implement an SMS in preparation for initial certifi cation.

Sample

Mate

rial -

Not for

Rep

rint



8

The scope, objectives, and high-level requirements of the ISO/IEC 20000 for Practitioners include learning to:

Interpret the purpose, use, and application of Parts 1, 2, 3, and 5 of the standard Assist and advise organizations in achieving conformance to ISO/IEC 20000-1 (Part 1) and certification Explain and advise on issues of applicability and scope definition Explain the relationship between ISO/IEC 20000 and ITSM best practices, ITIL® and related standards, ISO 9001 and ISO/IEC 27001, and how these can be used to support the achievement of certification to ISO/IEC 20000Explain and apply the requirements of ISO/IEC 20000-1 Explain the use of technology and tools to support the implementation and improvement of an SMS, achieve certification, and support ongoing conformance to ISO/IEC 20000-1 Advise and assist in certification readiness assessments to evaluate an SMS against the requirements of ISO/IEC 20000-1Generate a gap analysis supported by an improvement and implementation plan Create and apply a service management plan, including policies and objectivesCreate, apply, and evaluate processes, procedures, process-specific plans, and process-specific policies required by ISO/IEC 20000-1 Assist and advise organizations on the implementation of continual improvement processesPrepare organizations for an ISO/IEC 20000 certification audit using the regulations of the APMG ISO/IEC 20000 certification scheme

ISO/IEC 20000 for Practitioners Learning Objectives

Explain to the class: A fuller agenda is in the student handbook.

Sample

Mate

rial -

Not for

Rep

rint



9

ISO/IEC 20000 for Practitioners: Agenda

IntroductionOverview of ISO/IEC 20000Terms and definitionsSMS general requirementsHomework: Review and test paper

Day 1

Day 2

Review homeworkSpecific service management processesMock examination Homework: Review

Review Achieving ISO/IEC 200000 certification Course evaluationExamination

Day 3

Tutor note: If relevant, ask students to provide any ITIL qualifi cations.

Sample

Mate

rial -

Not for

Rep

rint



10

Introductions

Please tell us about your:Experience with the organization and IT service management Experience in ISO/IEC 20000 Knowledge of Part 1Role in ISO/IEC 20000 Expectations for the session

Tutor note: All candidates must complete this course before they can be permitted to take the exam. Questions will cover all of the syllabus areas. The following syllabus areas will be combined in the examination questions: OV (Overview) and AC (Achieving ISO/IEC 20000 certifi cation) will be combined into one question, and MS (Service management system general requirements), DR (Service delivery and relationship processes), and NC (Design and transition of new or changed services, resolution, and control processes) will each be one question.

Explain to the class: The exam is intended to assess the knowledge and skills that demonstrate profi ciency in ISO/IEC 20000 and its application. There will be four questions per paper and three exam booklets.

Scenario booklet: One scenario will describe the delivery of IT services to an organization. Scenario information will be kept to a minimum. The question preamble or additional information will be used to provide the specifi c information needed for answering an individual question. Additional information for one or more questions will be included. Please note that this additional information is ONLY to be used for that question and NOT for any other question.

Question booklet: Four questions. Each question will be comprised of two to fi ve parts, called part-questions. All information provided within a part-question will only apply to that part-question and will not be used for other part-questions. Each part-question contains a number of question items. Each question item will be worth one point, with a whole question totaling 20 points.

Answer booklet: A pre-printed booklet with a line of ovals for each question item. Each question item option will be represented by a single oval. Candidates indicate their chosen answers by fi lling in the appropriate ovals. Ovals must be darker than the grey square at the top of the fi rst page of the Answer Booklet and be at least 80% fi lled.

Sample

Mate

rial -

Not for

Rep

rint



11

ISO/IEC 20000 for Practitioners: Exam Overview

Each question has two to five parts with question items.Each question has 20 question itemsTotal: 80 question items, each worth 1 point

Open book (ISO/IEC 20000-1:2011)Scenario, question, and answer booklets

One exam of three hours’ duration (180 minutes) No additional reading timeOne exam of three hours’ duration (180 minutes) No additional reading time

Passing score is 40+ out of 80 points (50%)Passing score is 40+ out of 80 points (50%)

ExamExam

4 exam questions4 exam questions

Question exampleQuestion 1

Part A• Question item 1• Question item 2• Question item 3• Question item 4• Question item 5

Part B• Question item 1• Question item 2

Part B….

Part C…

Explain to the class: The APMG ISO/IEC 20000 Qualifi cation Scheme provides individuals with accredited qualifi cations at the foundation, practitioner, and auditor levels based on the ISO/IEC 20000 standard.

Tutor note: Bloom’s Taxonomy of Educational Objectives is a classifi cation system that is widely used to design assessments for certifi cation and education. It classifi es learning objectives into six ascending learning levels, each defi ning a higher degree of competencies and skills (Bloom et al., 1956, Taxonomy of Educational Objectives). APMG has adapted this into a four-step variation of the Bloom model. For the ISO/IEC 20000 qualifi cation, the four levels of learning outcomes are shown.

Sample

Mate

rial -

Not for

Rep

rint



12

APMG ISO/IEC 20000 Qualification Scheme

Foundation, Practitioner, and Auditor QualificationsAPMG ISO/IEC 20000 Learning Outcomes Assessment Model

1. Knowledge Know facts, including terms and definitions,

concepts, requirements, processes, key

responsibilities, and use of documents

outlined in the standard

2. Comprehension Understand the

concepts, responsibilities, and tools used and the

requirements, processes, and

documents needed to conform to the

standard

3. Application Be able to apply key

ITSM concepts relating to achieving the requirements of

ISO/IEC 20000 for a given scenario

4. Analysis Be able to identify,

analyze, and advise on appropriate use of ITSM methods and

techniques to achieve the requirements of

ISO/IEC 20000 through assessing typical scenarios

Tutor note: Write the responses on a fl ip chart and refer to them throughout the course.

Ask the class: To select an IT service provider to use as an example in the course.

1. List the main business objectives for the IT service provider’s organization.

Examples of business objectives

o Increase profi ts

o Increase customer retention and satisfaction

o Increase value for the customer or business

o Build reputation

o Increase trustworthiness

2. What are the three most important challenges your selected IT service provider is facing and why?

Examples of challenges for an IT service provider:

o Contributing to solving business challenges

o Demonstrating value creation from services

o Aligning IT services with business needs

o Managing a constantly increasing and higher volume of change in business and technology

o Keeping IT services up and running

Sample

Mate

rial -

Not for

Rep

rint



o Optimizing the cost of IT

o Managing the risks and complexity of IT

o Complying with statutory, regulatory, and contractual requirements

o Adding value within the supply chain

13

Competitive

Today’s Business Environment

New products and services

Business development

Regulatory and legal requirements Globalization

Mergers/integrations

Economic challenges

Increasing dependence on information technology and related services

Cloud computing

Before starting this module:

Ask the class: To brainstorm what they already know about ISO/IEC 20000. Write up their responses on a fl ip chart so that you can refer to it. It may help to structure the responses by writing them under different categories, such as Scope, Certifi cation, General Requirements for a Service Management System (SMS), Design and Transition of New or Changed Services, Service Delivery Processes, Relationship Processes, Resolution Processes, Control Processes, Release Processes, and so on.

Sample

Mate

rial -

Not for

Rep

rint



Module 2 Overview of ISO/IEC 20000

Explain to the class: The syllabus content codes covered in this module are:

OV - Overview of ISO/IEC 20000 and Related Best Practices, Standards, and Schemes

AC - Achieving the ISO/IEC 20000 Certifi cation

This module introduces the topics; students will also cover these topics in more depth in module 5. In the syllabus, these topics are at Learning Level Outcome 3. Application: Be able to apply key ITSM concepts relating to achievement of the requirements of ISO/IEC 20000 for a given scenario.

Sample

Mate

rial -

Not for

Rep

rint



15

Overview of ISO/IEC 20000: Module 2 Objectives

The purpose and use of ISO/IEC 20000-1The relationship between ISO/IEC 20000 part 1, 2, 3, 5The relationships and differences between ISO/IEC 20000 and ITIL Where the concepts of ITIL, ISO 9001, and ISO/IEC 27001 can be usedTypes of audit, requirements, and evidence required for ISO/IEC 20000Roles and responsibilities within the APMG certification scheme

Syllabus: OV0204 Typical uses and examples of the defi ned terms in OV0105

Explain to the class: Although the standard defi nes service management as a set of capabilities and processes, in ITIL, COBIT, and

CMMI, a process is also a capability.

The more mature a service provider’s capabilities are, the greater its ability to consistently produce quality services that meet the needs of the customer.

A common defi nition of service management is the effective and effi cient management of all IT services subject to constraints.

Sample

Mate

rial -

Not for

Rep

rint



16

What is service management?

Service management is a set of capabilities and processes that: Directs and controls the service provider’s activities and resources.Designs, transitions, delivers, and improves services to fulfillthe service requirements.

Syllabus: OV0204 Typical uses and examples of the defi ned terms in OV0105.

Sample

Mate

rial -

Not for

Rep

rint



17

Examples: Benefits of adopting service management best practices

IT service management – Represents the lifecycle stage that consumes approximately 70 to 80 percent of the total IT

expenditure.

Gartner– Cost per call down by 30 percent– 85 percent resolution at first point of contact– 50 percent reduction in new product cycle

Datalect Group Ltd.– Delivery of services focused on business and customer needs– 20 percent reduction in operational costs through proactive problem management– Creation of competitive advantage – Demonstration of strengths as a strategic partner

Tutor note: As you go through each part, hold up copies to show the class.

Explain to the class: ISO/IEC 20000 is a multipart series of standards. Part 4 is not in the syllabus and is not included in the exam. Part 4 has been developed to act as the basis of a process assessment model to be published as ISO/IEC TR 15504-8. Parts 3, 4, and 5 are being updated to align with the Part 1 2011 edition. Additional parts of the ISO/IEC 20000 series are planned. The ISO/IEC’s JTC1 SC7 Software and System Engineering Committee Working Group 25 has developed the series since 2005 and will continue its development.

The timeline shows the development of ISO/IEC 20000 since 2000.

The development work for ITIL and BS 15000 started in the UK in the late 1980s; the two processes were aligned with each other. BS 15000 was developed by the British Standard Institution (BSI) and editions were published in 2000 and 2002. In 2005, BS 15000 Parts 1 and 2 went through the ISO fast-track process to become ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005. As an international standard, it was not possible to maintain the relationship with ITIL in a formal way, because an ISO standard has to be framework independent. However, the service management community that drives the development of ISO/IEC 20000 wants ISO/IEC 20000 to be aligned with ITIL and COBIT.

The itSMF UK has introduced a worldwide certifi cation scheme to support the standard. The itSMF® is an independent, internationally recognized forum for IT service management professionals worldwide. The itSMF has more than 6,000 member companies covering more than 40,000 individuals in more than fi fty itSMF chapters. itSMF International (itSMFI) has representatives on the Working Group that develops the ISO/IEC 20000 series as a Technical Liaison representative. Sam

ple M

ateria

l - Not

for R

eprin

t



18

Information Technology: ISO/IEC 20000 SMS

• SMS requirementsPart 1 - 2011

• Guidance on the application of SMSPart 2 - 2012

• Guidance on scope definition and applicability of ISO/IEC 20000 (technical report)Part 3 - 2009

• Service management process reference model (technical report, not in the syllabus) Part 4 - 2010

• Sample implementation plan (technical report)Part 5 - 2010

2000 2002 2005 2009 2010 2011 2012

Explain to the class: Using ISO/IEC 20000 means basing your service management on tried and tested industry best practices that help save time and money.

As an international standard, the general principles of ISO/IEC 20000 apply to a very broad base of organizations with a variety of forms, interests, and circumstances. Consequently, different organizations implement service management in ways that differ in the details, but the general best practices and principles remain the same across these organizations.

Sample

Mate

rial -

Not for

Rep

rint



19

Introduction to ISO/IEC 20000-1:2011 (Part 1)

Information technology service management —Part 1: SMS Requirements

An international standard based on tried and tested industry practices for IT service management.Used by a broad base of organizations worldwide that apply its best practices and principles in a variety of ways.Part 1 includes requirements for the design, transition, delivery, and improvement of services that fulfill service requirements and provide value for both the customer and the service provider.The coordinated integration and implementation of an SMS provides ongoing control and opportunities for continual improvement, greater effectiveness, and efficiency.

Tutor note: Reference: ISO/IEC 20000-1: 1 Scope 1.1 General

The 20000 series is applicable to many organizations, both internal and external service providers, in both the public and private sectors. It applies to service providers of all sizes, from less than fi ve people to many thousands of personnel. While the requirements remain unchanged for large and small organizations, the ways in which those requirements are fulfi lled may differ signifi cantly. For example, a large service provider would need a sophisticated capacity management plan to meet Part 1 requirements, whereas a small organization could meet these requirements and function effectively with a very basic plan.

Sample

Mate

rial -

Not for

Rep

rint



20

Using ISO/IEC 20000 Part 1

Seek services from a service provider with the assurance that its service requirements will be fulfilled. Wants all of the service providers in its supply chain to use a consistent approach.

An organization uses Part 1 when it wants to: An organization uses Part 1 when it wants to:

Monitor, measure, and review its processes and services. Design, transition, deliver, and improve services that fulfill service requirements. Improve its design, transition, and delivery of services through the effective implementation and operation of an SMS.

A service provider uses Part 1 to demonstrate its capability to: A service provider uses Part 1 to demonstrate its capability to:

As a set of criteria for a conformity assessment of a service provider’s SMS to the requirements in Part 1.

An assessor or auditor uses Part 1: An assessor or auditor uses Part 1:

Syllabus: The purpose and use of ISO/IEC 20000-1 (introduction, scope, application)

Explain to the class:The number of requirements measured by the occurrence of word ‘shall’ in part 1 is 259. ISO standards refer to sections as clauses. Each clause in Part 1 contains at least one requirement.

Part 1 does not prescribe that its requirements be met by the ITIL framework. However, ITIL is the most widely used approach for obtaining ISO/IEC 20000 certifi cation. Other common frameworks used are Six Sigma, COBIT, and Microsoft Operations Framework (MOF), sometimes in combination.

Tutor note: Ask students to look at Part 1.

Write the terms on the fl ip chart: “Shall” can be read as “must” or “is required to.”

For example, “The service provider shall create an SLA for each service.”

“Shall” is used for a requirement that must be followed strictly in order to conform, if the ISO/IEC 20000 clause is within the scope of the assessment or audit.

Sample

Mate

rial -

Not for

Rep

rint



21

ISO/IEC 20000 -1: 2011 (Part 1)

The first edition of the SMS requirements was published in 2005. A revised version was published in April 2011.The SMS requirements set a “management system” standard that requires a service provider to establish and improve SMS.Clauses include mandatory requirements or “shalls” that describe:

Something that is a “must do,” is “necessary,” or “has” to occur.Something definite about the requirements, expressed with “is required to.”

“Shall” statements are audited for certification or conformance and no deviation is permitted, if the clause is within scope.The SMS requirements are framework-independent. SMS requirements provide a basis for assessments and act as the auditing standard and model for certification.

Information Technology Service Management — Part 1: SMS RequirementsInformation Technology Service Management — Part 1: SMS Requirements

SMS: The SMS is a management system to direct and control the service management activities of the service provider. The SMS applies to all aspects of managing a service. It includes the capabilities and resources to do service management including documents and records.

Ask the class: What is included in an SMS?

Some people think that a management system is a living document used to describe service management activities, but it is far more than this. It is the system used to perform service management within the service provider organization. An SMS applies to all aspects of managing a service. It includes the capabilities and resources to do service management.

Some management systems are ineffective. Typically, they lack senior management direction, are variable in operation, and have too little documentation. In these organizations, the managers are usually too busy dealing with crises to actually manage people, processes, or technology. An SMS is broadly applicable to all aspects of managing a service. The SMS is how the service provider achieves overall control of everything used to deliver technology-based services. An SMS includes some aspects of governance. It covers the full spectrum of roles and responsibilities, from top management to the most junior personnel.

The PDCA methodology is the Deming cycle of continual improvement.

Sample

Mate

rial -

Not for

Rep

rint

iso/iec 20000 for practitioners instructor guide

Documents

management responsibility4

management commitment4

management representative4

service management policy4

reprintsample material

overviewsample material

scope answer guidance

answers guidance