iso/iec 20000 for practitioners student handbook

STUDENT HANDBOOK

ITpreneurs Nederland B.V.© Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.

r 2.0.0

ISO/IEC 20000 Practitioner

ISO/IEC 20000

Sample

Mate

rial -

Not for

Rep

rint

ISM2310CL Version 2.0

© Copyright 2012 by ITpreneurs Nederland B.V. All rights reserved.

Nothing from this publication may be duplicated and/or published by means of printing, photocopy, microfi lm, any electronic medium, or in any other way and may not be stored in any way without preceding the written permission of ConnectSphere Limited or ITpreneurs.

Sample

Mate

rial -

Not for

Rep

rint

Contents

i

OVERVIEW 1

COURSE AGENDA 5

COURSE PLAN 7

CLASSROOM PRESENTATION 17

GUIDANCE FROM APMG 111

TEST 1: ANSWER GUIDANCE 117

TEST 2: MULTIPLE CHOICE QUESTIONS 119

TEST 2: ANSWERS GUIDANCE 125

ASSIGNMENT 1: ISO/IEC 20000 POLICIES 131

ASSIGNMENT 2: INCIDENT AND SERVICE REQUEST MANAGEMENT 133

ASSIGNMENT 3: APPLICABILITY AND SCOPE ANSWER GUIDANCE 135

ASSIGNMENT 3: ANSWERS 139

ASSIGNMENT 4: PLANNING AND ANALYSIS OF READINESS FOR CERTIFICATION 143

ISO/IEC 20000 TERMS AND DEFINITIONS – APMG FOUNDATION 147

APMG ISO20000 EXAMINATIONS SUPPLEMENTARY REFERENCE PAPER V1 151

ISO/IEC 20000 WHITE PAPER 165

ISOIEC 20000 FOUNDATION AND PRACTITIONER SYLLABUS 177

RELEASE NOTES 205

STUDENT FEEDBACK FORM 207

Sample

Mate

rial -

Not for

Rep

rint

Sample

Mate

rial -

Not for

Rep

rint

Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved. 1

Overview

Sample

Mate

rial -

Not for

Rep

rint


Copyright © 2012, ITpreneurs Nederland B.V. All rights reserved.2

Requirements and Process Groupings inISO/IEC 20000-1:2011 Information technology – Service Management – Part 1: Service management system requirements

6 Service delivery processes

8 Resolution processes 7 Relationship processes

9 Control processes

CapacitymanagementService continuity and availability management

Service level managementService reporting

Information security managementBudgeting and accounting for services

Incident management andservice request management Problem management

Business relationship managementSupplier management

Configuration managementChange management

Release and deployment management

5 Design and transition of new or changed services

4. Service management system general requirementsManagement responsibilityGovernance of processes operated by other parties

Documentation management Resource management Establish and improve the SMS

Clauses with requirements in ISO/IEC 20000-1:2011 Information technology – Service Management – Part 1: Service management system requirements

Sample

Mate

rial -

Not for

Rep

rint

Student | ISO/IEC 20000 Practitioner | Overview


ForewordIntroduction1 Scope1.1 General1.2 Application

2 Normative references

3 Terms and defi nitions

4 Service management system general requirements

4.1 Management responsibility

4.1.1 Management commitment

4.1.2 Service management policy

4.1.3 Authority, responsibility and communication

4.1.4 Management representative

4.2 Governance of processes operated by other parties

4.3 Documentation management

4.3.1 Establish and maintain documents

4.3.2 Control of documents

4.3.3 Control of records

4.4 Resource management

4.4.1 Provision of resources

4.4.2 Human resources

4.5 Establish and improve the SMS

4.5.1 Defi ne scope

4.5.2 Plan the SMS (Plan)

4.5.3 Implement and operate the SMS (Do)

4.5.4 Monitor and review the SMS (Check)

4.5.4.1 General4.5.4.2 Internal audit

4.5.4.3 Management review

4.5.5 Maintain and improve the SMS (Act)

4.5.5.1 General

4.5.5.2 Management of improvements

5 Design and transition of new or changed services

5.1 General

5.2 Plan new or changed services

5.3 Design and development of new or changed services

5.4 Transition of new or changed services

6 Service delivery processes

6.1 Service level management

6.2 Service reporting

6.3 Service continuity and availability management

6.3.1 Service continuity and availability requirements

6.3.2 Service continuity and availability plans

6.3.3 Service continuity and availability monitoring and testing6.4 Budgeting and accounting for services

6.5 Capacity management

6.6 Information security management

6.6.1 Information security policy

6.6.2 Information security control

6.6.3 Information security changes and incidents

7 Relationship processes

7.1 Business relationship management

7.2 Supplier management

8 Resolution processes

8.1 Incident and service request management

8.2 Problem management

9 Control processes

9.1 Confi guration management

9.2 Change management

9.3 Release and deployment management

Bibliography

Figure 1 — PDCA methodology applied to service management

Figure 2 — Service management system

Figure 3 — Example of supply chain relationshipsSample

Mate

rial -

Not for

Rep

rint

This p

age

has b

een le

ft bla

nk in

tentio

nally

Sample

Mate

rial -

Not for

Rep

rint


Course Agenda

Sample

Mate

rial -

Not for

Rep

rint



DAY 1 Course introduction

Overview of ISO/IEC 20000

Break ISO/IEC 20000 terms and defi nitions

Lunch Service Management System (SMS) general requirements (continued)

Break SMS general requirements

Close

HomeworkHomework – Test questions and review of material

DAY 2 Review of Day 1 and test questions

ISO/IEC 20000-1 specifi c service management (SM) processes

Break ISO/IEC 20000-1 specifi c SM processes (continued)

Lunch ISO/IEC 20000-1 specifi c SM processes

Break Mock examination (part of sample paper)

Homework: Complete and review mock exam. Review for fi nal exam.

DAY 3 Review of Day 2 and sample examination questions

Achieving ISO/IEC 20000 Certifi cation (continued)

Break Achieving ISO/IEC 20000 Certifi cation

Lunch Review to prepare for exam

Break Examination (14.00 – 17.00)

CloseSam

ple M

ateria

l - Not

for R

eprin

t


Course Plan

Sample

Mate

rial -

Not for

Rep

rint



Day 1 Topic Content Syllabus topics to cover

09:00

Module 1

Course introduction

Slides 1 to 12

Introduction to the course

Slide 10 – Introduction

Slide 12 Ask the classWrite these on a fl ipchart and refer to them throughout the course.

1. Select an IT service provider organization to use as an example in the course. List the main business objectives for the IT service provider’s organization.

2. What are the challenges for the IT service provider? Ask students to identify the challenges that are most important for the service provider organization that they have selected.

Not part of the syllabus.

Slides 9 and 12 are key to set the scene, help students to introduce themselves, and get ready for the rest of the course.

09:30

Module 2

O v e r v i e w of ISO/IEC 20000

Slides 13 to 40

Slide 13 Ask the class: To brainstorm what they already know about ISO/IEC 20000. Write up their responses on a fl ipchart so that you can refer to it.

Slide 13 Ask the class:

To brainstorm what they already know about ISO/IEC 20000.

Slide 21 Ask the class: What is included in an SMS?

Slide 22 The SMS process diagram – distribute the full page hand-out of the diagram.

Slide 22 Ask the class: Why is it important to integrate processes?

Slide 24 Ask the class: Are they are using any of these standards (9001, 27001)?

Slide 27 Part 3. Explanation to make sure students understand this part.

Slide 28 Introduce the use of Part 5 Ask the class: How far into a two-year journey do you think your selected service provider is?

Syllabus Area OV and AC

OV - Overview of ISO/IEC 20000 and Related Best Practices, Standards, and Schemes and some topics within

AC - Achieving ISO/IEC 20000 Certifi cation

The purpose and use of ISO/IEC 20000-1

The relationship between ISO/IEC 20000 part 1, 2, 3, 5

The relationships and differences between ISO/IEC 20000 and ITIL

Where the concepts of ITIL, ISO 9001, ISO/IEC 27001 can be used

The types of audit, requirements, and evidence required for ISO/IEC 20000

The roles and responsibilities within the APMG certifi cation schemeSam

ple M

ateria

l - Not

for R

eprin

t

Student | ISO/IEC 20000 Practitioner | Course Plan



09:30

Module 2

Overview of ISO/IEC 20000

Slides 13 to 40

Slide 34-35 Emphasise the points about certifi cation.

Slide 34-38 Explain the APMG Certifi cation Scheme, a key part of the syllabus.

Slide 37 Benefi ts of certifi cation to ISO/IEC 20000.

Slide 38 and 39 Module 2 Test your understanding.

11:00 Break

11:15

Module 3

Terms and Defi nitions

Slides 41 to 52

Slide 43 Check that students are familiar with the foundation terms and defi nitions, especially if they have not done the APMG Foundation qualifi cation.

Slide 44 Ask the class: What examples can you identify for service components?

Slide 46 Ask the class: Can you identify examples of an interested party? Part 1 provides examples:

Slide 47 Ask the class: What would you include in the service requirements? This is really important to help students to understand the concept of service requirements.

Slide 48 Exercise: Select a service that is delivered by your selected service provider and then:

Write a brief description of the service.

Identify the interested parties using the classifi cation in Part 1.

A few high-level service requirements for each interested party.

Slide 50 Ask the class: What is an effective process? What is a process that is fi t for purpose? Write it on the fl ipchart.

Syllabus Area OV

Level 2 – comprehension. You should be able to understand and explain the purpose, objective, and key activities for:

All the defi nitions, typical uses, and concepts of the defi ned terms in ISO/IEC 20000-1

12:30

Module 4 SMS general requirements

Slides 53 to 64

Slide 56 Ask the class: Who could be responsible for the coordination and management of all services - can the CIO delegate this?

Slide 62 Ask the class: Are you familiar with a RACI model? Is C or I better?

Syllabus Area MS

See next section.

12:30 Lunch

Sample

Mate

rial -

Not for

Rep

rint




13:30

Module 4 SMS general requirements

Slides 65 to 88

Assignment 1. See student handbook. Service management policy and continual service improvement policy.

Slide 65 Ask the class: What is the difference between a document and a record? Please provide examples of documents and records.

Slide 68 Ask the class: To identify the mandatory documents and records in part 1 and classify the fi ndings: out of scope, conformity to Part 1, and nonconformity.

Slide 69 Ask the class: For examples for each type of resource within an SMS.

Slide 70 Ask the class: How an auditor would assess whether personnel are aware of how they contribute to the achievement of: Service management objectives and fulfi llment of service requirements.

Slide 71 Test your understanding: Human resources.

Slide 75 Ask the class: What kind of Return on Investment does their selected service provider want?

Slide 76 Ask the class: What are the real points to think about when planning an SMS?

Slide 78 Ask the class: What would a management review of the SMS and services be used for?

Slide 79 Ask the class: Brainstorm the key inputs that you would use to conduct a management review. Which inputs are mandatory inputs conforming to the requirements of Part 1?

Slide 81 Ask the class: Please provide examples of aspects to consider in a policy on continual improvement.

Slide 86 Exercise: C4.5 Establish and improve the SMS

Syllabus Area MS

You should be able to apply Part 1, its content, application, usage, and relevance to achieving certifi cation. This includes:

Comprehension of:

The concepts, responsibilities, requirements, and processes needed to conform to the SMS general requirements.

All of Clause 4 SMS general requirements.

Application of the SMS general requirements 20000-1 for a given scenario to:

Support the achievement of conformity to Part 1, identifying nonconformities, opportunities for improvements, and actions required.

Analyze and distinguish between appropriate and inappropriate application of the SMS general requirements for a given scenario, including:

The SM policy, SM objectives, and the service management plan.

Roles required for operation of the SMS general requirements.

16:00 Sample paper Question 1 with review

17:00 Close

Day 1 Homework Homework: Review and test 2

Sample

Mate

rial -

Not for

Rep

rint




09:00 Review Review of day 1 and homework

09:15

Module 5

ISO/EC 20000

Specifi c service managemen t processes

Slide 89 - 150

Slide 92 Ask the class: What will the interfaces include? (Between the design and transition of new or changed services and the control processes).

Slide 95 Exercise: Part 1 requirements for Clause 5 to 9

For the design and transition of new or changed services (DTNCS) in Clause 5, identify the:

a) Process objectives

b) Process-specifi c policies and plans that are required to conform to the Part 1 requirements

c) Inputs and outputs of the process

d) Actions relating to the implementation of the process required by Part 1

e) Roles required for operation of the processes

Ask the class: To do the same as we go through Clauses 6 to 9.

Slide 97 Ask the class: For examples of typical business changes that impact service requirements and service-level requirements.

Slide 100 Ask the class: What are key considerations when defi ning the structure and content of the SLAs?

Slide 101 Ask the class: What is a good report?

Slide 102 and 103 Ask the class: Are the customer satisfaction reports good or bad? Give reasons.

Slide 103 Ask the class: Is this better? Is it missing anything? What are key considerations for service reporting?

Slide 104 Ask the class: For an example of each type of report.

Slide 105 Ask the class: Does the service report index show all of the mandatory

Syllabus Areas NC and DR

Understand the concepts, responsibilities, requirements, and integration of

NC New and changed services processes

DR Service delivery and relationship processes

NC Control processes

You should be able to:

Understand the concepts, responsibilities, requirements, and integration of the processes and specifi cally identify all requirements of the specifi c service management processes in Clause 5 to 9.

Apply each process to support the achievement of conformity to ISO/IEC 20000-1.

Identify, analyze, and distinguish between appropriate and inappropriate application of each process for a given scenario.

Specifi cally analyze with reasons the suitability and effectiveness of the processes, policies, and plans.

Determine whether actions and opportunities for improvement are appropriate and prioritised correctly.

Identify nonconformities and actions required..

Sample

Mate

rial -

Not for

Rep

rint




Slide 106 Ask the class: What aspects of the service continuity and availability plans should be under the control of change management?

Slide 100 Exercise: C6.3 Service continuity and availability management. How to achieve an end-to-end availability target for an email service. What availability monitoring activities are required to conform to the requirements of Part 1?

Slide 111 Ask the class: Budgeting and accounting. What do you think is included in service components? What are the important implementation considerations?

Slide 112 Ask the class: Which month should new capacity have been added to?

Slide 113 Ask the class: Examples of information and data for business capacity management, service capacity management, and component capacity management.

Slide 115 Ask the class: What IT security polices will a service provider need?

Slide 123 Ask the class: What would an assessor or auditor look for in a contract?

Slide 125 Test your understanding: Relationship processes.

Identify and justify the roles required for the operation of the process.

12:30 Lunch

Sample

Mate

rial -

Not for

Rep

rint




13:30

Slide 134 Test your understanding: Resolution processes.

Assignment 3

1. Perform a self-assessment for your selected service provider for the incident and service request management process within a defi ned scope.

2. List the specifi c requirements for managing major incidents.

3. Identify the requirements in Part 1 for the interfaces between the:

a) Incident management and service-level management processes

b) Incident and problem management processes

c) Problem management and confi guration management processes

d) Problem management and change management processes

Slide 137 Ask the class: What would you control for a PC?

Slide 138 Ask the class: What confi guration item types are required in the SMS?

Slide 142 Ask the class: How can types of change be classifi ed?

Slide 130 Ask the class: In addition to the requirements on this slide, what statements are typically in a change management policy?

Slide 144 Ask the class: What would you include in a release policy?

Slide 145 Ask the class: Who are the relevant parties involved in release and deployment planning?Sam

ple M

ateria

l - Not

for R

eprin

t




Slide 147 Ask the class: How do we measure and analyze the success or failure of a release?

Slide 148 Test your understanding: Release and deployment

Slide 149 Exercise:

1. Discuss and summarize how you can determine the suitability and effectiveness of the processes in Clauses 5, 8, and 9.

2. List examples of process improvements.

Recommend a set of roles required for operation of the processes together with your rationale.

15:30 Sample paper Question 2 and 3 with review

17:00 Close

Day 2 Homework

Read student handbook, sections 3.4 and 3.5. Read ISO/IEC 20000-1 requirements for internal audit.

Do sample paper question 4, part A and B.

Sample

Mate

rial -

Not for

Rep

rint




09:00 Review of day 3

Review of day 2 and sample question 4, parts A and B.

Use slide 158 - types of audit, if required.

09:15

Module 5 Achieving ISO/EC 20000Slide 152 – 183

Slide 158 Ask the class: What is the main evidence required for an external audit?

Slide 159 Exercise: Types of audit

1. List the differences between:

a) Internal audit (within the service provider organization)

b) External – initial certifi cation audit

c) External – surveillance certifi cation audit

d) External – recertifi cation certifi cation audit

2. Summarize the responsibilities and activities for an external auditor of an RCB.

Slide 168 Assignment 4: Applicability and scope (see student handbook)

Slide 170 Ask the class: Do the Phase 1 activities seem sensible, from your experience?

Slide 179 Assignment 5: Planning and analysis of readiness for certifi cation (see student handbook for scenario)

Slide 181 Ask the class: Why is it important to inspect the certifi cate?

Syllabus Area AC

You should be able to identify, analyze, and distinguish between appropriate and inappropriate use of applicability, scope, APMG certifi cation scheme, and associated practices for achieving ISO/IEC 20000 by assessing typical scenarios. Specifi cally to:

Explain the responsibilities of parties with the APMG Certifi cation Scheme

Identify and distinguish conformity against ISO/IEC 20000-1

Identify, analyze with reasons, and make recommendations on scope, applicability, and governance of processes operated by other parties

Analyze an organization’s readiness for certifi cation with the rationale for the decision and recommendations

Produce and use a gap analysis report to achieve certifi cation and justify continual improvement

Plan and prepare an organization for certifi cation

Plan and apply the appropriate activities required for audits and certifi cation

Identify where the concepts of ITIL, ISO 9001, and ISO/IEC 27001 can be used and applied before, during, and after certifi cation

11:45 Sample paper Question 4 Part C, D, E and review of answers

Sample

Mate

rial -

Not for

Rep

rint




12:20 Course close and feedback Slide 184

12:30 Lunch

13:30 Review for exam

Cover a summary of the main syllabus points to prepare students for the exam.

14:00 – 17:00 Examination

17:00 Close

Sample

Mate

rial -

Not for

Rep

rint


Classroom Presentation

Sample

Mate

rial -

Not for

Rep

rint



2

Exercises, sample exams, homeworkISO/IEC 20000 Parts 1, 2, 3, and 5

Course Contents

1. Course introduction 32. Overview of ISO/IEC 20000 133. ISO/IEC 20000 terms and definitions 414. Service management system (SMS) general requirements 535. Specific service management (SM) processes 896. Achieving ISO/IEC 20000 certification 1537. Summary and feedback 185

Slides

Sample

Mate

rial -

Not for

Rep

rint

Student | ISO/IEC 20000 Practitioner | Classroom Presentation


Module 1 Course Introduction

4

Notice

The information contained in this document is subject to change without notice. This document contains proprietary information that is protected by licensed copyright. All rights reserved. No part of this document may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs.The ISO/IEC 20000 Practitioner course includes Intellectual Property owned by ConnectSphereLimited, which is used by permission of Connect Sphere. All rights reserved.Information on international standards can be obtained from www.iso.orgCOBIT® is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute. ITIL® is a registered trademark of the Cabinet Office.

Sample

Mate

rial -

Not for

Rep

rint



5

Course Arrangements

ScheduleBreaks and refreshmentsMobile phonesMessagesFire alarmsBathroomsSmoking

Arrangements

6

Course Arrangements (Cont’d.)

Keep an open mind. It’s not just about taking the exam; it’s about understanding the principles and terminology of the approach.

Sample

Mate

rial -

Not for

Rep

rint



7

ISO/IEC 20000 for Practitioners: Course Overview

Duration

Target Audience

Prerequisites

Purpose

Holder of the ITIL ® Foundation Certificate in IT Service Managementor an approved ISO/IEC 20000 Foundation Certificate

Three-day course or 18 hours of learning time, of which 16 hours involve direct contact

Practitioners, managers, and consultants involved in a service management system (SMS) or ongoing activities based on ISO/IEC 20000

To ensure that a candidate has sufficient understanding of ISO/IEC 20000 and its application to be able to analyze and apply his or her knowledge to a range of activities that would support organizations in conforming to the requirements of ISO/IEC 20000-1, and to achieve and retain the ISO/IEC 20000 certification.

ITIL® is a registered trade mark of the Cabinet Office

8

The scope, objectives, and high-level requirements of the ISO/IEC 20000 for Practitioners include learning to:

Interpret the purpose, use, and application of Parts 1, 2, 3, and 5 of the standard Assist and advise organizations in achieving conformance to ISO/IEC 20000-1 (Part 1) and certification Explain and advise on issues of applicability and scope definition Explain the relationship between ISO/IEC 20000 and ITSM best practices, ITIL® and related standards, ISO 9001 and ISO/IEC 27001, and how these can be used to support the achievement of certification to ISO/IEC 20000Explain and apply the requirements of ISO/IEC 20000-1 Explain the use of technology and tools to support the implementation and improvement of an SMS, achieve certification, and support ongoing conformance to ISO/IEC 20000-1 Advise and assist in certification readiness assessments to evaluate an SMS against the requirements of ISO/IEC 20000-1Generate a gap analysis supported by an improvement and implementation plan Create and apply a service management plan, including policies and objectivesCreate, apply, and evaluate processes, procedures, process-specific plans, and process-specific policies required by ISO/IEC 20000-1 Assist and advise organizations on the implementation of continual improvement processesPrepare organizations for an ISO/IEC 20000 certification audit using the regulations of the APMG ISO/IEC 20000 certification scheme

ISO/IEC 20000 for Practitioners Learning Objectives

Sample

Mate

rial -

Not for

Rep

rint



9

ISO/IEC 20000 for Practitioners: Agenda

IntroductionOverview of ISO/IEC 20000Terms and definitionsSMS general requirementsHomework: Review and test paper

Day 1

Day 2

Review homeworkSpecific service management processesMock examination Homework: Review

Review Achieving ISO/IEC 200000 certification Course evaluationExamination

Day 3

10

Introductions

Please tell us about your:Experience with the organization and IT service management Experience in ISO/IEC 20000 Knowledge of Part 1Role in ISO/IEC 20000 Expectations for the session

Sample

Mate

rial -

Not for

Rep

rint



11

ISO/IEC 20000 for Practitioners: Exam Overview

Each question has two to five parts with question items.Each question has 20 question itemsTotal: 80 question items, each worth 1 point

Open book (ISO/IEC 20000-1:2011)Scenario, question, and answer booklets

One exam of three hours’ duration (180 minutes) No additional reading timeOne exam of three hours’ duration (180 minutes) No additional reading time

Passing score is 40+ out of 80 points (50%)Passing score is 40+ out of 80 points (50%)

ExamExam

4 exam questions4 exam questions

Question exampleQuestion 1

Part A• Question item 1• Question item 2• Question item 3• Question item 4• Question item 5

Part B• Question item 1• Question item 2

Part B….

Part C…

12

APMG ISO/IEC 20000 Qualification Scheme

Foundation, Practitioner, and Auditor QualificationsAPMG ISO/IEC 20000 Learning Outcomes Assessment Model

1. Knowledge Know facts, including terms and definitions,

concepts, requirements, processes, key

responsibilities, and use of documents

outlined in the standard

2. Comprehension Understand the

concepts, responsibilities, and tools used and the

requirements, processes, and

documents needed to conform to the

standard

3. Application Be able to apply key

ITSM concepts relating to achieving the requirements of

ISO/IEC 20000 for a given scenario

4. Analysis Be able to identify,

analyze, and advise on appropriate use of ITSM methods and

techniques to achieve the requirements of

ISO/IEC 20000 through assessing typical scenarios

Sample

Mate

rial -

Not for

Rep

rint



13

Competitive

Today’s Business Environment

New products and services

Business development

Regulatory and legal requirements Globalization

Mergers/integrations

Economic challenges

Increasing dependence on information technology and related services

Cloud computing

Sample

Mate

rial -

Not for

Rep

rint



Module 2 Overview of ISO/IEC 20000

15

Overview of ISO/IEC 20000: Module 2 Objectives

The purpose and use of ISO/IEC 20000-1The relationship between ISO/IEC 20000 part 1, 2, 3, 5The relationships and differences between ISO/IEC 20000 and ITIL Where the concepts of ITIL, ISO 9001, and ISO/IEC 27001 can be usedTypes of audit, requirements, and evidence required for ISO/IEC 20000Roles and responsibilities within the APMG certification scheme

Sample

Mate

rial -

Not for

Rep

rint



16

What is service management?

Service management is a set of capabilities and processes that: Directs and controls the service provider’s activities and resources.Designs, transitions, delivers, and improves services to fulfillthe service requirements.

17

Examples: Benefits of adopting service management best practices

IT service management – Represents the lifecycle stage that consumes approximately 70 to 80 percent of the total IT

expenditure.

Gartner– Cost per call down by 30 percent– 85 percent resolution at first point of contact– 50 percent reduction in new product cycle

Datalect Group Ltd.– Delivery of services focused on business and customer needs– 20 percent reduction in operational costs through proactive problem management– Creation of competitive advantage – Demonstration of strengths as a strategic partner

Sample

Mate

rial -

Not for

Rep

rint



18

Information Technology: ISO/IEC 20000 SMS

• SMS requirementsPart 1 - 2011

• Guidance on the application of SMSPart 2 - 2012

• Guidance on scope definition and applicability of ISO/IEC 20000 (technical report)Part 3 - 2009

• Service management process reference model (technical report, not in the syllabus) Part 4 - 2010

• Sample implementation plan (technical report)Part 5 - 2010

2000 2002 2005 2009 2010 2011 2012

19

Introduction to ISO/IEC 20000-1:2011 (Part 1)

Information technology service management —Part 1: SMS Requirements

An international standard based on tried and tested industry practices for IT service management.Used by a broad base of organizations worldwide that apply its best practices and principles in a variety of ways.Part 1 includes requirements for the design, transition, delivery, and improvement of services that fulfill service requirements and provide value for both the customer and the service provider.The coordinated integration and implementation of an SMS provides ongoing control and opportunities for continual improvement, greater effectiveness, and efficiency.

Sample

Mate

rial -

Not for

Rep

rint



20

Using ISO/IEC 20000 Part 1

Seek services from a service provider with the assurance that its service requirements will be fulfilled. Wants all of the service providers in its supply chain to use a consistent approach.

An organization uses Part 1 when it wants to: An organization uses Part 1 when it wants to:

Monitor, measure, and review its processes and services. Design, transition, deliver, and improve services that fulfill service requirements. Improve its design, transition, and delivery of services through the effective implementation and operation of an SMS.

A service provider uses Part 1 to demonstrate its capability to: A service provider uses Part 1 to demonstrate its capability to:

As a set of criteria for a conformity assessment of a service provider’s SMS to the requirements in Part 1.

An assessor or auditor uses Part 1: An assessor or auditor uses Part 1:

21

ISO/IEC 20000 -1: 2011 (Part 1)

The first edition of the SMS requirements was published in 2005. A revised version was published in April 2011.The SMS requirements set a “management system” standard that requires a service provider to establish and improve SMS.Clauses include mandatory requirements or “shalls” that describe:

Something that is a “must do,” is “necessary,” or “has” to occur.Something definite about the requirements, expressed with “is required to.”

“Shall” statements are audited for certification or conformance and no deviation is permitted, if the clause is within scope.The SMS requirements are framework-independent. SMS requirements provide a basis for assessments and act as the auditing standard and model for certification.

Information Technology Service Management — Part 1: SMS RequirementsInformation Technology Service Management — Part 1: SMS Requirements

Sample

Mate

rial -

Not for

Rep

rint



22

Part 1 and the Service Management System (SMS)

Based on Figure 1, ISO/IEC 20000-1: 2011

CHECK

Service management

system (including processes)

PLAN

ACTDO

Services

The SMS is a management system to direct and control the service management activities of the service provider.It is how an organization performs service management by applying an integrated process approach and continual improvement. The service provider is responsible for continual improvement of the SMS. This is done by working with the customer and interested parties for improving the services using the Plan-Do-Check-Act (PDCA) methodology.

23

ISO/IEC 20000-1 SMS

6. Service delivery processes

8. Resolution processes 7 Relationship processes

9. Control processes

CapacitymanagementService continuity and availability management

Service level managementService reporting

Information security management

Budgeting and accounting for services

Incident andservice request management Problem management

Business relationship managementSupplier management

Configuration managementChange management

Release and deployment management

5. Design and transition of new and changed services

4. Service management system general requirementsResponsibility managementGovernance of processes operated by other parties

Documentation management Resource management Establishing and improving the SMS

Sample

Mate

rial -

Not for

Rep

rint



24

ISO/IEC 20000 -1: 2012 (Part 2)

The first edition was published in 2005 as a Code of Practice. It was revised in early 2012.It is used by implementers, practitioners, assessors, and auditors.It guides the application of SMS. It is different from Part 1. No “shalls.”Part 2 uses “should,” “can,” or “may”.

“Should” is used to make recommendations. Equivalent expressions are “it is recommended that” or “ought to.”“Can” means “be able to,” “there is a possibility of,” or “it is possible to.”“May” is used to signify permission. Equivalent expressions are “is permitted,” “is allowed,” or “is permissible.”

ISO/IEC 20000-2:2012 Guidance on the application of service management systemsISO/IEC 20000-2:2012 Guidance on the application of service management systems

25

ISO/IEC 20000 and other management system standards

Management system standards cover:Management responsibility

Documentation managementResource management

Plan-Do-Check-Act

Sample

Mate

rial -

Not for

Rep

rint



26

ISO/IEC 20000 and ITIL

ISO/IEC 20000 ITIL A standard containing requirements that can be used as the basis of a conformity assessment or certification for an organization

A set of best practice guidelines

Specifies the requirements for a service management system

Has very little information about management systems but contains detailed information on all stages of the service lifecycle

Uses the Plan-Do-Check-Act methodology (Deming cycle) for continual improvement

Uses the seven-step improvement process (which is mapped to the Plan-Do-Check-Act methodology) for continual improvement

Includes service management processes but not functions

Includes service management processes and functions

Specifies WHAT needs to be done Provides guidance on HOW to do the activities

27

IT Service Management Standards and Best Practices

Implementation and improvement

Policies, plans, processes, and procedures

Best practices such as ITIL

Part 2 and other parts of 20000 series

Part 1Assessment and

certification against ISO/IEC 20000-1

An auditor uses Part 1 to assess the service provider’s implementation and improvement of the documents that demonstrate management intent (bottom layer)

Service providers use best practices for assessments, designing new or changed services, implementing service management, and improvement. This can trigger updates to the documents.

Sample

Mate

rial -

Not for

Rep

rint



28

ISO/IEC TR 20000-3:2009 (Part 3)

Technical report may become a standardDescribes:

Different types of scope definition Examples based on complex supply chainsProcess governance and acceptable delegation of service management activity

Information Technology Service Management — Part 3: Technical ReportGuidance on scope definition and applicability of ISO/IEC 20000Information Technology Service Management — Part 3: Technical ReportGuidance on scope definition and applicability of ISO/IEC 20000

29

ISO/IEC TR 20000 -5 (Part 5)

Service management

system

Continual improvement

Chaos

Phase 3

Phase 2

Phase 1

Information Technology Service Management — Part 5: Technical Report Sample implementation planInformation Technology Service Management — Part 5: Technical Report Sample implementation plan

Phased approach to implementing policies and processes How to achieve ISO/IEC 20000-1

Sample

Mate

rial -

Not for

Rep

rint



30

ISO/IEC 20000 Series: Who Uses What Part?

Part1

Part2 Part 3 Part 4 PRM

Part 5

Auditors and assessors

CSI managers

Process owners

Project managers

Service operations managers

Service owners

• Parts 7, 10, and 11 are in development.

31

Service ManagementISO/IEC 20000 series Systems

engineeringISO/IEC 15288

Quality management

ISO 9000 series

ITILGovernance

standards (38500 series)

Information security

ISO/IEC 27000 series

S/W Asset Management (SAM)

ISO/IEC 19770

S/W Reference Model

ISO/IEC 12207

Process assessment model (SPICE)ISO/IEC 15504

Software & systems engineering(process reference & process assessment)

9001 for S/WISO/IEC 90003

COBIT

Managementsystemstandards

1702119011

ISO/IEC 20000 and the Wider Standards Landscape

Sample

Mate

rial -

Not for

Rep

rint



32

ISO/IEC 20000 Publications and Relationships

Related to ISO/IEC 20000:Introduction to the ISO/IEC 20000 Series. IT Service Management, business improvement publications (BIP) 0125 by DUGMORE, Jenny, and Shirley LACY, London BSI, 2011.A Guide to the New ISO/IEC 20000-1: The Differences Between the 2005 and the 2011 Editions, BIP 0124 by COOPER, Lynda, London BSI, 2011.A Manager’s Guide to Service Management , 6th ed., BIP 0005 by DUGMORE, Jenny, and Shirley LACY, London BSI, 2011.ISO/IEC 2000 Self-Assessment Workbook, ConnectSphere by DUGMORE, Jenny, 2012.

Other complementary publications ITIL COBITSix SigmaCMMI and eSCMProject management: PRINCE 2, PMBOK

33

Types of Audits

Determines whether the SMS and the services:fulfill the requirements of this part of ISO/IEC 20000fulfill the service requirements and the SMS requirements identified by the service providerare effectively implemented and maintained

Internal audit Internal audit

Initial certification auditSurveillance auditRecertification

Third-party audit Third-party audit

Sample

Mate

rial -

Not for

Rep

rint

iso/iec 20000 for practitioners student handbook

Documents