successful with iso/iec 20000

We make ICT strategies work

Detecon

Successful with ISO/IEC 20000

Content

1. Management Summary

2. Why your Organization needs ISO/IEC 20000

3. ISO/IEC 20000 an Overview

4. ISO/IEC 20000 Approach and Methodology

5. Contact

6. References

7. Backup

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 2 – © D

etec

on

ISO/IEC 20000 is the norm of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) for IT Service Management.

The ISO/IEC 20000 certificate is the proof that your IT organization is customer focused, able to deliver services which meet defined quality levels by using resources economically.

The aim of an ISO/IEC 20000 certification is a long-term increase in efficiency and flexibility of the entire IT organization based on best-practices.

Management attention as well as a high level of maturities for the services and high process quality are the key for a successful ISO/IEC 20000 certification.

ITIL is strongly aligned with ISO/IEC 20000 and it offers a rather detailed collection of best practices, which are a good basis for designing ISO/IEC 20000 compliant processes, so that introducing ITIL is the best way to prepare an organization for the ISO/IEC 20000 certification.

Detecon’s project approach consists of seven consistent and coordinated phases, which lead to qualitative statements concerning the maturity levels of the IT organization.

This approach will put your organization in the position to know exactly the gaps and the necessary activities in order to achieve ISO/IEC 20000 certification.

In cooperation with your organization Detecon will lead you through the certification process, as described in this presentation.

Management Summary

Detecon will support your IT organization during the whole ISO/IEC 20000 certification process.

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 3 – © D

etec

on

Content

Arguments for ISO/IEC 20000Benefits of ISO/IEC 20000

2. Why your Organization needs ISO/IEC 20000

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 4 – © D

etec

on

ISO/IEC 20000 is increasingly seen as the quality standard for IT Service Management and it is internationally recognized.

ISO/IEC 20000 certified organizations demonstrate superiority over competitors.

The establishment of a service quality management system allows an excellent support of the IT processes in a continual service improvement environment.

Because of the optimization of necessary interfaces between management, IT delivery organization, suppliers and customers, the performance of the organization will increase significantly while cost will decrease.

After ISO/IEC 20000 certification the IT organization will be able to use all necessary mechanisms for the delivery of high quality IT services.

The maturity level of IT organizations has a significant effect to the IT expenses:

The higher the maturity level the lower the IT expenses.

Higher maturity level lead to improved quality of service and increase business and customer confidence & satisfaction.

ISO/IEC 20000 enables your IT organization for higher maturity levels.

IT organizations such as service providers have an instrument for monitoring and improving their services.

Business departments will be sufficient to get the best value for their money and they will know why they spend money for IT and exactly for what they spend the money.

Why your Organization needs ISO/IEC 20000

The ISO/IEC 20000 certificate confirms that your IT organization is customer focused, able to deliver services which meet defined qualities by using resources economically.

Arguments for ISO/IEC 20000

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 5 – © D

etec

on

Why your Organization needs ISO/IEC 20000

The aim of an ISO/IEC 20000 certification is a long-term increase in efficiency and flexibility of the entire IT organization based on best-practices.

Benefits of ISO/IEC 20000

ISO/IEC 20000Certification

Alignment of IT services and

business strategy

Establish a management

system framework

Increase in IT process quality (pro-active vs. re-active)

Reducing IT process times and costs Service-orientated

planning, control and monitoring

Increase in customer

satisfaction

Enhanced company reputation and superiority over

competitors

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 6 – © D

etec

on

Content

Market PerspectiveParts of ISO/IEC 20000The IT Service Management System

3. ISO/IEC 20000 an Overview

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 7 – © D

etec

on

According to the IT Service Management Forum (itSMF) currently more than 400 companies world wide are certified against ISO/IEC 20000.

ISO/IEC 20000 is a set of controls and criteria against which an IT organization can be assessed for effective IT Service Management processes.

To become formally certified IT organizations will be assessed by an itSMF Registered Certification Body (RCB).

Once the requirements of ISO/IEC 20000 have been satisfied, the RCB will issue a certificate of conformance.

The organization will be then eligible to use the itSMF ISO/IEC 20000 logo as a sign of their achievement.

Information Technology Infrastructure Library (ITIL, especially the new version 3 is strongly aligned with ISO/IEC 20000 and it offers a rather detailed collection of best practices – which are a good basis for designing ISO/IEC 20000 compliant processes.

Introducing ITIL is therefore the best way to prepare an organization for ISO/IEC 20000 certification.

The increasing demand is also reflected in a Detecon study, which points out that ISO/IEC 20000 is the most important standard beside ITIL and COBIT in business IT alignment.

ISO/IEC 20000 an Overview

ISO/IEC 20000 is internationally recognized and is increasingly seen an upcoming CIO topic for the next years.

Market Perspective

248

19623

134

Europe Asia Pacific

AfricaMiddle East

Middle and South America

North Amercia

1%

27%

5%

0%18%

49%

Source: itSMF (IT Service Management Forum); 08.01.2010http://www.isoiec20000certification.com/lookuplist.asp?Type=9

Source: Detecon Studie: Die geschäftsfokussierte Informationstechnologie; 08/2009; http://www.detecon.com/de/publikationen/studien/studien.html?unique_id=37468

Certified Organizations Remarks and Comments

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 8 – © D

etec

on


ISO/IEC 20000 consists of three parts which are described as “Information Technology –Service Management”.

Parts of ISO/IEC 20000

ITIL: IT Infrastructure Library ISO 9001: Quality Management ISO/IEC 27001: Information Security Management Systems

Related and Complementary Standards

ISO/IEC 38500: Corporate Governance of Information Technology

COBIT: Control Objectives for Information and Related Technology

Part 2 (ISO/IEC 20000-2:2005) represents an industry consensus on quality standards for IT service management. The approach focus on the delivery of best possible services to meet business needs within agreed resource level, cost and manageability.

Service provider should adopt common terminology, a consistent approach for service management and a common basis for improvements in services.

It provides guidance to auditors and offers assistants to service providers for planning service improvements.

2: Code of Practice

Part 1 (ISO/IEC 20000-1:2005) defines the requirements for the adoption of an integrated process approach for the delivery of managed services to meet business and customer needs in an acceptable quality.

This part offers a number of closely related service management processes.

Objective and controls contained in part 1 are not exhaustive. Additional objectives and controls must be considered by each organization in accordance to their particular business objectives.

1: Specification

Part 3 (ISO/IEC 20000-3: 2009) provides guidance and commentary on scope definition, applicability and demonstration of conformity for the IT organization aiming to fulfill the requirements specified in ISO/IEC 20000-1.

This part of ISO/IEC 20000 provides practical examples of scope statements for establishing a service management system (SMS) in service organizations.

3: Guidance on Scope Definition

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 9 – © D

etec

on

Requirements for a Management SystemManagement responsibility; documentation requirements; competence, awareness and training


Management attention as well as a high level of maturities for the services and high process quality are the key for a successful ISO/IEC 20000 certification.

The IT Service Management System

Planning & Implementing Service ManagementPlan, Implement, Monitor, Improve (Plan, Do, Check, Act)

Planning & Implementing New or Changed ServicesPlanning and implementing new or changed services

Service Delivery Processes

Relationship ProcessesRelease Process

Solution Processes Incident Management Problem Management

Release and Deployment Management

Business Relationship Management

Supplier Management

Capacity Management IT Service Continuity

Management Availability Management

Information Security Management

Budgeting and Accounting for IT Services

Service Level Management Service Reporting

Control Processes Service Asset and

Configuration Management Change Management

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 10 – © D

etec

on

Content

Success Factors for Planning and Achieving CertificationProject ApproachProject Prerequisites and ResultsProject Timeline – ExemplaryPhase 1: Preparation & AwarenessPhase 2: Analysis & AssessmentPhase 3: Service DesignPhase 4: ImplementationPhase 5: AuditPhase 6: Continual ImprovementPhase 7: Project Management/ Controlling, Quality Assurance

4. ISO/IEC 20000 Approach and Methodology

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 11 – © D

etec

on

Management commitment

Proper assessment and the awareness of the organization

Project organization: involvement of certified consultants and motivated personnel

Timely involvement of certified auditor

Involvement and commitment of the suppliers

Clear definition of scope and objectives

Communication, communication, communication

ISO/IEC 20000 Approach and Methodology

The success of Detecon’s ISO/IEC 20000 certification approach, its implementation and operation depend on various success factors.

Success Factors for Planning and Achieving Certification

Preparation &Awareness Analysis &

Assessment

DesignAudit

Implementation

ISO/IEC 20000

Certification

Preparation &Awareness

ContinualImprovement1

2

3

4

5

6

Project Management/ Controlling, Quality Assurance

Detecon’s ISO/IEC 20000 Certification Approach Success Factors

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 12 – © D

etec

on


Detecon’s project approach consists of seven consistent and coordinated phases, which will lead to qualitative statements concerning the maturity levels of the IT organization.

Project Approach

ContinualImprovement

Preparation &Awareness AuditImple-

mentationAnalysis &

Assessment

Key Activities Organization and

execution of assessments

Identification of maturity levels

Presentation and discussion of results

Identification of gaps Description of follow-

up activities Business case and

decision Development of

framework

Planning and design of processes, organization, IT according to ITIL V3

Planning of measures and specification of potential

Review of suitable pilot projects

Creation of implementation plan

Planning to avoid complexity

Implementation of target concepts

Definition and establishment of a management system

Definition and implementation of processes

Improvement of management system and processes

Implementation of a PDCA cycle

Training of staff

Conduct pre-assessment

Final changes and improvements

Supervision during the external audit

Celebrate the certification

Definition and implementation of compliance measurements

Adjustment of PDCA cycle

Definition and implementation of a monitoring system

Regular audits, self-assessments

Evaluation and recommendation for improvement

Results Maturity levels Gap identification Framework Detailed project plan

Target concepts for processes, organization, IT

Agreed improvement potential/measures

Implementation plan

Implementation strategy, including PDAC cycle

Management system/ framework

Implemented processes

ISO/IEC certification Compliance measures

Monitoring system PDCA cycle

Design

Management Commitment

Identification of stakeholders

Project organization Organization and

execution of workshops

Presentation of ISO/IEC 20000 to stakeholders

Identification and alignment with external auditor

Project Kick-off Generic project plan Management and

staff commitment Selection of auditor

Project Management/ Controlling, Quality Assurance

1 2 3 4 5 6

The audit itself cannot be performed by Detecon,

therefore an independent certified and accredited

external auditor is needed!

*

PDCA = Plan Do Check Act (Deming Cycle)

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 13 – © D

etec

on

Planning the assessment, agree plans with IT manager and identify key personnel

Conduct the assessment by using a specific ISO/IEC 20000 methodology and structured interview guidelines

Identify and evaluate all relevant process descriptions, documentations and records

Definition of the maturity level of the IT organization Presentation and discussion of the results Gap identification and activities description Definition of a generic roadmap for the certification Definition of a generic framework for the certification

Availability and access to all relevant information(e.g.: org. structure incl. head count, process map, documentations, records etc.)

Availability of management for awareness workshops and interviews

Availability and access to key staff for interviews Customer availability and commitment

Definition of organizational maturity levels to be certified

Knowledge of organization gaps in connection to the ISO/IEC certification

Define the next steps to be done for the certification Analysis, design, implementation, audit and

certification

Assessment of the maturities of the organization’s IT services for ISO/IEC 20000 certification

Identification of the gaps and relevant activities in order to certify the IT service organization

Define a generic roadmap for the ISO/IEC 20000 certification

Implementation and audit Certification and process improvement


Detecon’s approach will put your organization in the position to know exactly the gaps and the necessary activities in order to achieve ISO/IEC 20000 certification.

Project Prerequisites and Results

Activities

Prerequisites Client Benefit

Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 14 – © D

etec

on


The project duration is subject to the maturities of the IT organization, its processes and the number of processes to be certified. Therefore the Gantt chart is for illustration only.

Project Timeline – Exemplary

43 109876521

WP 3: Service Design Define the framework Define the detail plan Gap identification and activities description Presentation and discussion of results Identification of maturity levels Conduct the assessmentWP 2: Analysis and AssessmentWP 1: Preparation & Awareness

Supervision during external audit

ISO/IEC 20000 CertificationImplementation

PlanMaturity Levels,

Gap IdentificationProjectKick-off

WP 7: Project/Quality Management

Work Package (WP)

WP 6: Continual Improvement External audit and certification *

Month

Preparation of the auditWP 5: Audit Reporting and monitoring (min. 3 months) Implementation of IT processesWP 4: Implementation

ProjectClosure

Illustrative Project Plan for an ISO/IEC 20000 Certification

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 15 – © D

etec

on

ITIL reference process model according to ITIL version 3

Workshops, kick-off meetings Scenario technique, portfolio technique (e.g. SWOT) Questionnaires, checklists for interviews Detecon project management tools Sector comparisons, benchmarks, best practices Research (products, markets, competitors) Analysis of key data (rough) Assessment of the service portfolio




Stakeholder commitment Common understanding of the project objective, terms,

processes and ISO/IEC 20000 certification procedure Specified analysis framework Description of requirements

Approval of a project plan and organization Strategic general plan for the project Explanation of the ISO/IEC 20000 certification

procedure Incorporation and, where necessary, review of the

vision and strategy of IT Creation of common understanding of terms and

processes Presentation of ISO/IEC 20000 standard to

stakeholders Identification and alignment with authorized certification

body Involvement of external auditor


This work package focuses on generating a common understanding of the project objective and executing the kick-off workshop with all relevant stakeholders.

Phase 1: Preparation & Awareness

Methodology

Prerequisites Client Benefits/Results

Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 16 – © D

etec

on

Customer/ user requirements are determined from the success factor analysis which are specified as control parameters for the optimization of IT processes

Identification of primary and secondary IT processes and prioritizing where necessary, creating process model on level 1

Check of the IT strategy and architecture

Identification of an initial rough optimization potential

Definition of service/ project objectives and variables according to the order

Where necessary selecting a business process management tool

Creating an information and communication plan


The requirements of the service portfolio are raised and form the basis for quality improvements or right sizing of IT services.

Phase 1: Preparation & Awareness

IT processes according to ITIL

Trigger(e.g. byuser/

customer)

Result(e.g. for

customer/specialist

dept)

ServiceStrategy

ServiceDesign

ServiceTransition

Service Operation

Continual ServiceImprovement

Continual Service

Improvem

ent

Cont

inua

l Ser

vice

Impr

ovem

ent

ServiceStrategy

ServiceDesign

ServiceTransition

Service Operation


Continual Service

Improvem

ent

Cont

inua

l Ser

vice

Impr

ovem

ent

Orientationtowards

Requirements*

Standardi-zation

Automat-tion

ITcontrolling

Service portfolio Architecture ToolsInformation

SLA IT systems StaffManagementorganization

Right sizingRedesign ofapplicationlandscape

Motivationvs.

motivating

Redesign ofstructural andworkflow org.

Control parameters = service features Cost/price Throughput time Quality / SLA Response time

Customer satisfaction Accessibility Etc. = Activators

= Examples for optimization approaches

RemarksProject Snapshot

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 17 – © D

etec

on


Structured interviews, questionnaires Self-recording, external recording Workshops, group work ABC analysis, portfolio analysis Sector comparisons Comparison with best practices Pragmatic benchmarking with most important KPIs of

IT services




Maturity levels and gap identification Framework and detailed project plan Overview of interfaces and interdependencies Quantified and prioritized optimization potential Quick wins

Mapping of the service portfolio, business processes and sub-processes where necessary

Identification of weaknesses Quantification and prioritization and prioritized

optimization potential Definition of (rough) solutions for utilizing potential Cost/benefit assessment Identification of quick wins Recommendation on next steps


Based on the strategic framework, the potential is analyzed, quantified and then defined in the form of measurable process objectives.

Phase 2: Analysis & Assessment

Methodology


Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 18 – © D

etec

on

Weaknesses in current IT services and processes and the resulting potentials are systematically surveyed using comparisons with best-practice models

Redesign of IT services and underlying IT processes based on a KPI driven approach

Alignment of the IT services and IT processes based on market best practices

Optimization of the IT service portfolio

Deviations from benchmarks, market KPIs with causes


Six consistent and proofed steps will lead to qualitative statements concerning the maturity level of the IT organization.

Phase 2: Analysis & Assessment

Conduct the assessment

Identification of maturity level

Presentation and discussion of results

Gap identification and activities description

Define the detail plan Define the framework

1 2 3

654

High process integration

Controlling and steering

Effectiveness measurements

Policies and objectives

Only rudimental processes descriptions

5

4

3

2

1

Maturity Level

Analysis ofas-is processes

Analysis ofFTE

* FTE = Full Time Equivalent

Analysisper OU**- area- group- location

OE

Summe Summe OE-b OE-c[PT] [PJ] A HH A M

MAK [PT] pro Jahr [REAL-Wert] 7220,0 1330,0 1520,0 1710,0 2660,0MAK [PT] pro Jahr [SCHÄTZ-Wert] 1330,0 1520,0 1710,0 2660,0

50 0 0 Infrastruktur-Bereitstellung 678,00 3,57 x 193,0 193,0 152,0 140,050 100 0 Bereitstellung Host, C/S 96,00 0,51 x 32,0 32,0 0,0 32,050 100 10010 Planung Hardwarebedarf (Neuanschaffung, Erweiterung) x x x50 100 10020 Planung von Leistungsanforderungen (Kapazitäten,

Volumenentwicklung Performance Verfügbarkeitszeiten) x x x50 100 10030 Planung von Kostenvorgaben x x x50 100 10040 Management von Geräten x x x50 100 10050 Management Betriebssysteme (Parameter, Customizing, etc.) x x x50 100 10060 Management TP-Monitore x x x50 100 10070 Management Standard-SW50 100 10080 Management Datenbank-Systeme oder Datenbanken x x x50 100 10090 Management Storage-Systeme50 100 10100 Durchführung 3rd Level Support (Host, C/S)50 100 10110 Unterstützung von Bürokommunikationssystemen 50 100 10120 Installation, Implementierung und Wartung x x x50 100 10130 Abgabe von Daten zur Kosten- und Leistungsrechnung x x x50 200 0 Bereitstellung Gebäude-Infrastruktur 60,00 0,32 x 16,0 16,0 12,0 16,050 300 0 Bereitstellung Netze, TK-Anlagen 32,00 0,17 x 0,0 0,0 0,0 32,050 400 0 Bereitstellung Tools & Supportprogramme 360,00 1,89 x 100,0 100,0 140,0 20,050 500 0 Bereitstellung Architekturen 50,00 0,26 x 20,0 20,0 0,0 10,050 610 0 Ressourcen Management Personal (Fremdleistungen) 60,00 0,32 x 20,0 20,0 0,0 20,050 620 0 Ressourcen Management Hardware, Software (Fremdleistungen) 0,00 0,00 0,0 0,0 0,0 0,050 700 0 Controlling des Prozesses 20,00 0,11 x 5,0 5,0 0,0 10,0

60 0 0 TtP (Transition to Produktion) 0,00 0,00 0,0 0,0 0,0 0,060 100 0 Test 0,00 0,00 0,0 0,0 0,0 0,060 200 0 Abnahme, Freigabe 0,00 0,00 0,0 0,0 0,0 0,060 300 0 Controlling des Prozesses 0,00 0,00 0,0 0,0 0,0 0,0

HP

AMGIS Prozessmodell Version 1.0

TP Beschreibung OEP

Organisationseinheiten

OEOE-a

* OU = Organizational Unit

305

285

274

330

200

220

240

260

280

300

320

340

IST-Szenario Min-Case Mittel-Case Max-Case

45 Mio. € potential savings in 2008*

Result

The net present value calculation allows for each case to identify the saving potential. For the „Min-Case“there is an calculated saving potential of 25 Mio. € (cumulated for 5 years) in contrast to the as is scenario.

Mio. Euro

Net present value results of:

Total HR cost 2003-2008, Relevant investments

(Consulting, Training, IT-Tools, „Ratio-cost“, Maintenance Fee),

Discount till 2003.

56 Mio.

25 Mio.

project exampleproject example

*) Cumulative

Gap Analysis

Aufstellung orientiert an Businessprozessen

BS (152)VV (30)CRM (8)SAP (18)IT (68)CR (4)EAI (14)SEC (1)

Legende:

2 6 – 25 %3 26 – 50 % 4 51 – 75 %PJ5 <76 – 100 %

1 > 0 – 5 %2 6 – 25 %3 26 – 50 % 4 51 – 75 %PJ5 <76 – 100 %

1 > 0 – 5 %

% Prozessanteil FTE /Gesamt FTEFTE

Custom

er(User)

Custom

er

Project Portfolio Mgmt

Operations

Coordination & Adminstration

Monitoring

Takeover

Operating

CustomerDemand Mgmt

Service SupportConfiguration

MgmtIncidentMgmt

ProblemMgmt

ChangeMgmt

ReleaseMgmt

SolutionPlanning

ApplicationSupport

ITConcept

InnovationManagement

IT Infrastructure &Application Strategy

Strategy &Governance

Finance &Controlling

ProcurementSecurity- & Risk-

ManagementProcess &

OrganizationHR-

Management

SolutionDevelopment

SolutionSupport

Service Level Mgmt.

CapacityMgmt.

AvailabilityMgmt.

Forecast-to-Deploy

Finance &Controlling

Procure-to-pay

Market-to-Cash

Human Resource

MasterData

Management Reporting

DevelopmentCustomizing

Test

Acceptance, Release

Roll-out

Zugriffs-Mgmt.

Solution-Strategy

SolutionPlanning

Business Consulting

DemandMgmt.

Marketing & Comunication

Plan RessourceMgmt.

ControllingProjectMgmt.

2

2

2

2

2

3

2

2

2

3 2

2

2

22

2

2

2

2

3

2

2

3

2

HR-Management

2 2

2

3

32 2 2

2

11,02

8,48 28,45

17,56

23,72

0,73

0,96 0,95 1,03 1,34

2

2

2

2

1,04

0,80

1,15

2,06

2,95

0,45

0,64

8,98

12,8515,67

12,13 40,68 33,91

25,10

1,38 1,36 1,48 1,91

2

Potential Analysis

S O PRedundantstructure

Synergies throughorganizational changesLegend:

IT Processes

Total:

IT Management

Demand Management

Application Development

Application and System Management

Service Support

Project Portfolio Management

Infrastructure Provisioning

Transition to Production

IT Security Management

Central Functions

566,3

33,70

40,55

105,95

138,15

127,75

12,20

45,55

41,70

4,35

16,60

6%

7%

19%

24 %

23%

2%

8%

7%

1%

3%

97

11 12

-39 ---

4 14

42 28

9 24

-9 3

6 9

-15 5

-7 ---

-1 2

S O P

As-isFTEPY*

As-isFTE%

ExpectedPotential

in PY*

Potential Benchmark

in PY*

Assessment Bench-marks

4%

14%

18%

17 %

21%

4%

7%

10%

2%

3%

Synergies throughprocess changes

*PY = Person Years

2008Febr.MärzApr.MaiJuniJuliAug.Sept.Okt.Nov.

SSM-Aufgaben bearbeiten

Tätigkeit

12.2007

TCO-Aufgaben bearbeiten

ProjektplanAnforderungsmanagementEntwicklung RACI-MatrixIntegration LadesteuerungIntegration ZugriffskonzeptesReferenzüberarbeitungData Mart RedesignMigration BO-XIIntegration globeler ProdukteMPM-Aufgaben bearbeiten

Project Snapshot Remarks

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 19 – © D

etec

on


Process design tools (ARIS, Visio, etc.) IT Benchmarking Structured interviews, questionnaires Self-recording, external recording Workshops, group work ABC analysis, portfolio analysis Sector comparisons Brainstorming Comparative analyses, cost/benefit analyses




Target concepts for processes, organization, IT Agreed improvement potential/measures Agreed implementation plan Persons responsible for the process, including tasks,

skills, responsibility

Design of processes in accordance with ITIL best practices

Define process interfaces Design of detailed process model (level 2, where

necessary on level 3) Define process performance measurement indicators

(KPIs) Define roles and responsibilities for and within

processes Guidelines and recommendation for implementation


In this work package the target processes and associated solutions are designed.Phase 3: Service Design

Methodology


Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 20 – © D

etec

on

Initial results from quick win measures and pilot projects

Integration of the employees concerned in the target process in good time (creation of acceptance)

Determination of process owners, including tasks, skills and responsibilities

Analysis of optimization potential using the specified criteria

Determination of IT requirements Working out measures and

specifying potential Identification of suitable pilot

projects; implementation plan and start

Creation of an implementation plan


Planning and design of target processes (functional organization), structural organization and IT according to ITIL best-practices.

Phase 3: Service Design

IT service objectives (examples) IT processes IT structural

organization

1 2 3

Management and control systems

Operative IT processing

IT/tool support

Target values Actual Target

Unit costs Availability Response

time HR costs

(TCO) Productivity

(turnover per employee in €1000s)

30€80%2 days10 %

200

19€99%I hour6 %

250

Processes redesign

4

1

EndEnd


ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 21 – © D

etec

on


Methods and tools of project management and project controlling or IT controlling

Coaching and moderation Workshops Where necessary, training measures




Implementation strategy, including PDAC cycle Management system and implemented processes Daily business is tracked via a target structural

organization, target processes and target IT Implemented target concepts

Implementation of target structural organization, target processes and target IT

Stabilization of target structural organization, target processes and target IT in daily business

Redistribution of responsibilities; where necessary reassignment of managerial positions

Achievement of measurable results and improvements


The concepts are implemented in the implementation phase. Effective project management ensures successful implementation.

Phase 4: Implementation

Methodology


Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 22 – © D

etec

on

Definition and acceptance of an implementation strategy (pilot projects, roll out, etc.) and of an implementation plan (measures, responsibilities, deadlines, budget, etc.)

Presentation of implementation risks

Selection of suitable specialist and managerial staff for the implementation (HR measures if necessary)

Establishment of project organization for the implementation phase

Implementation teams: Kick-off and reporting project progress

In the event of risks and delays: assessment of impact and, where necessary, introduction of countermeasures


The implementation is characterized in particular by the fact that the roles shift between the customer and the consultant.

Phase 4: Implementation

Equalpartners Active

contributionIncreasing

self-control

Initiator

Changeagent

Projectand process

manager Coach/trainer

Method specialist

Moderator

Project start Project end

CO

NSU

LTA

NT

CU

STOM

ERAdaptive

organization


ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 23 – © D

etec

on

Conduct and pre-assessment audits Evaluation of pre-audits Realization/ lead through corrective measures Supervision, coaching and moderation during the audit Documentation of the audit




Supervision, coaching and moderation during the external audit

Conduct pre-assessment Final changes and improvements Coordinate the audit schedule Supervision during the external audit

Celebrate the certification


Detecon will support the audit by preparation and coaching, but the audit itself cannot be performed by Detecon, therefore a certified external auditor is needed.

Phase 5: Audit

Methodology


Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 24 – © D

etec

on

Final definition and agreement of the scope between auditor and IT/ service organization

Conduct and document pre-audits and if necessary arrange corrective measures

The preparation of the necessary documents is an important part of the audit

The roles of different stakeholder during the audit will be clear defined an communicated

The briefing of the stakeholders and employees concerning the expected audit steps and the arrangement of necessary logistic (rooms reservation, schedule etc.) will increase the efficiency of the audit


Detecon will support during the audit and will early cooperate with the auditor, as a good cooperation between the IT organization and the auditor is essential.

Phase 5: Audit

Coordinate audit schedule

Arrange logistics

Documents evaluation

Asses readiness

Plan for next phase

Ensure people availability

Asses Mgmt. System

Draft audit findings

Discuss findings

Audit report

Supervision during the external audit


ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 25 – © D

etec

on


Process analyses Performance indicators Process monitoring PDCA = Plan Do Check Act (Deming Cycle)




Prioritized processes to be integrated into process management

Defined process objectives, evaluation parameters and target values

Results of regular process performance evaluation

Institutionalized, continual process optimization implemented

Orientation towards best practices and well-established standards such as ITIL

Integrated process management, including indicators


Continual improvement of processes and process performance to ensure sustainability.Phase 6: Continual Improvement

Methodology


Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 26 – © D

etec

on

Identification of critical processes which are to be integrated into process management

Definition of process objectives, the evaluation parameters and target values

Execution of performance evaluation and process analysis

Development and implementation of measures to optimize processes and performance (PDCA cycle)

Continual process improvement requires a closed proposalcircle (process management cycle)

In total quality management, all areas, services and products focus on satisfying the requirements of customers


Sustainable IT process optimization is the basis for a high performance level and requires a process management to be established.

Phase 6: Continual Improvement

IT process optimization

1

Performancelevel

Development in concentration on a one-off reengineering project

Development without measures

Time (schematic)

Continual improvementAuditImple-mentationDesignAnalysis &

AssessmentPreparation &

Awareness

Development in continual process management

TQM

Process management cycle PDCA cycle (Deming Cycle)

IT process analysis

IT process design

IT processimplementation

IT processevaluation

IT monitoring& surveillance

IT processintroduction

Evaluation of improvement measures

Investigation into new improve-ment potential

Problem identification

Objective, improvement strategy

Improvementmeasures

Target processes

Implementation

Internal audits Acceptance of

improvement measures

2 3


ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 27 – © D

etec

on

Project management and controlling is particularly important in large projects with a number of individual activities and people involved

The structured project management process leads to a professional handling of the three factors: Time Budget Quality/ result

Concise project management ensures high quality outputs

Detecon offers standardized project management procedures according to PMI1) and PRINCE22) with certified project managers


Project management covers the whole process of a project from initiation to closing and ensures high quality results according to the defined project’s targets.

Phase 7: Project Management/ Controlling, Quality Assurance

Project initiation

Project start

Project monitoring & controlling

Project execution

Project planning

Project closing

Project Charter Project Scope Limitations

Project structure & organization

Deliverables & work packages

Resources Project plan &

Milestones

Decision on implementation options

Determine resources Determine rules

Monitor workperformance

Progress reporting Monitoring &

forecasting Quality & risk

management

Approval of results Project review Final report Lessons learned Handover

Perform quality assurance

Communication & documentation

Team building & development

Project steering1) PMI: Project Management Institute2) PRINCE2: Projects in Controlled Environments

Project Management Process Remarks

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 28 – © D

etec

on

Content

Detecon a Perfect PartnerContact DetailsConsultant Profiles

5. Contact

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 29 – © D

etec

on

Extensive knowledge of best practices in IT and standards such as ITIL.

Innovative solutions from problem transformation to dual process design.

Efficient and pragmatic procedure in the project based on sector know-how and methodology tested in practice, paired with expertise in assessing and designing processes ensure success.

Many years of experience with IT optimization projects in various sectors and companies with various structures and sizes.

Acceptance of consultancy service through practicable project results and integrating customer employees.

Strategy, planning and implementation of organization and information technology on the one hand through the incorporation of Detecon in T-Systems (synergies, e.g. common IT benchmark database).

Professional project management and strict project management by Detecon ensures consistent compliance with schedules and quality in project work.

Independent assessment of efficiency and display of possible improvement potential with specific recommendations on actions to take.

Contact

Many years experience and competence in IT management and the accompanying restructuring of the IT landscape according to ITIL makes Detecon a perfect partner.

Detecon a Perfect Partner

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 30 – © D

etec

on

Content

6. References

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 31 – © D

etec

on

References

ITIL, IT reengineering, IT reorganization (excerpt).

Development of a concept for operating the SMC based on ITIL Development of a concept for a downtime strategy for the SMC based on ITIL Process design of operations, fault clearance and escalation Draft of organizational units, including roles, tasks and responsibilities Description of the technical architecture of service mgmt. centers

Definition of an ITIL-compliant OLA management process Mirroring OLA components in SAP and eTOM processes Preparing components in an OLA guide

Introduction of problem management for IPLS, taking into account the existing incident management based on ITIL

Analysis of existing processes Interface definitions for other processes and specifications Development of workflows and their agreement with those involved in the process

Incident/problem management process Analysis/agreement on requirements of the IM/PM workflow Optimization of the IM/PM interface optimization to service partners Increase in efficiency due to clearer and defined interfaces and an optimized workflow Informative IM/PM KPIs based on the IM/PM workflow concept

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 32 – © D

etec

on

References


As-is analysis Framework and target design of an IT Service Catalogue Target design of IT Portfolio Management process Target design of IT Financial Management process

Process-orientated reorientation of the IT organization Analysis and optimization of processes Definition of a target process model based on ITIL, for example Definition of a target organization derived from the processes and implementation of

the target organization

Design of IT Service Management Processes based on ITIL Design of IT Organization Technical design of Data Center Business Case and analysis of different sourcing models

Reorganization and consolidation of IT Consolidation of IT organizations, processes & governance Consolidation of IT infrastructure & application landscape, service consolidation

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 33 – © D

etec

on

References


Operation of the worldwide data network of the SIEMENS Group (SCN Future) Analysis, optimization and documentation of business processes Introduction of a business process management Standardization of processes, taking into account ITIL standards

IT strategy and organization study Strategic orientation of IT Integration of commercial IT with logistics IT and preparation for hiving off a system

house

IT reorganization Program to increase efficiency in the IT organization and service offering definitions

IT strategy and IT reorganization Reorientation of IT to the new corporate strategy and coordination with the Group's

headquarters

scnfuture

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 34 – © D

etec

on

Content

ITIL – IT Infrastructure Library ISO/IEC 9001 – Quality Management Systems RequirementsISO/IEC 27001 – Information Security Management SystemsISO/IEC 38500 – Corporate Governance of Information TechnologyCOBIT – Control Objectives for Information and Related Technology

7. Backup

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 35 – © D

etec

on

Service StrategyFinancial Management, Service Portfolio Management, Demand Management, Return on Investment

Service DesignService Catalogue Management, Service Level Management, Capacity Management, Availability Management, IT Service Continuity Management, Supplier Management, Information Security Management

Service TransitionChange Management, Service Asset and Configuration Management, Transition Planning and Support, Release and Deployment Management, Service Validation and Testing, Evaluation, Knowledge Management

Service OperationEvent Management, Incident Management, Request Fulfillment, Problem Management, Access Management, Service Desk

Continual Service ImprovementService Measurement, Service Reporting, Service Improvement

Backup

The Information Technology Infrastructure Library (ITIL®) version 3 has five books that are oriented on the ITIL lifecycle.

ITIL – IT Infrastructure Library

® ITIL is a registered trademark of UK Government's Office of Government Commerce, OGC

ServiceStrategy

ServiceDesign

ServiceTransition

Service Operation


ITIL BooksITIL V3 Overview

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 36 – © D

etec

on

ISO/IEC 9001 provides a set of procedures that covers the key processes of an organization and corresponding monitoring processes to ensure effectiveness

ISO/IEC 9001 is intended to be used in any organization regardless of size, type or product

ISO/IEC 9001 supports to demonstrate the companies ability to consistently provide products which meet customer expectations

ISO/IEC 9001 aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system

ISO/IEC 9001 shows the conformity regulatory requirements

ISO/IEC 9001 creates quality awareness throughout all relevant functions and levels

ISO/IEC 9001 focuses on a continuous improvement

An organization has to establish, handle and maintain processes which are required to ensure that an offered product fulfills customer requirements

The quality management system is the fundamental framework for the execution and presentation of the defined processes which fulfill the requirements of the standard

Composition and extension of quality documentation have to be company specific

Detecon is ISO/IEC 9001 certified

Backup

ISO/IEC 9001 describes requirements for quality management systems focusing on customer satisfaction through consistent products/ services which meet expectations.

ISO/IEC 9001 – Quality Management Systems Requirements

Scope Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 37 – © D

etec

on

The ISO/IEC 27001 is the international recognized standard that provides evidence of a best-practice security management implementation

The ISO/IEC 2700x series focuses on security related standards for Information Security Management Systems (ISMS) and consolidates existing and future standards for information security: ISO/IEC 27000 will provide an overview of related standards,

terms and definitions (in preparation) ISO/IEC 27001 (identical to BS 7799-2:2005) describes a

model to establish and manage an ISMS and presents control objectives and controls against which organizations` ISMS may be certified

ISO/IEC 27002 (renamed ISO/IEC 17799:2005, identical to BS 7799-1:2005) establishes a code of practice for information security management as a guideline to fulfill the ISO/IEC 27001 controls

ISO/IEC 27003 will be an information security management system implementation guide (in prep)

ISO/IEC 27004 is a new standard for information security management measurements (in prep)

ISO/IEC 27005 will provide a standard for risk management (corresponding to BS 7799-3:2006)

ISO/IEC 27006 is a guide to the certification and registration process against ISO/IEC 27001

There is a growing demand from the customers, that their information processing and information transporting service providers should align their IT security setup with the most commonly accepted security standard

In today's economy security of information processing is of growing importance.

Several factors increase this importance: dependency of all companies and organizations on their IT trend to outsourcing of information processing and

information transporting capabilities to service providers strong legal and economical regulations IT as a service is fundamentally based on trust

Customers expectations and image of the IT organization Forms the system by which multiple legal, regulatory, and

business requirements can be identified, analyzed, addressed, managed, and monitored (e.g. SOX)

Backup

The ISO/IEC 27001 certificate is the proof that your IT organization is compliant with security guidelines.

ISO/IEC 27001 – Information Security Management Systems

Scope Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 38 – © D

etec

on

ISO/IEC 38500 is a high level, principle based advisory standard in order to:

provide a broad guidance on the role of governing body

encourage organizations to use appropriate standards to underpin their governance of IT

Further related publication planed in the future:

Governance of projects involving IT investment

Governance of IT used in ongoing business operations

Related documents to this standard:

The Financial Aspects of Corporate Covernance, 1992

OECD Principles of Corporate Governance, 2004

ISO Guide 73 2002 – Risk Management

The Objective of ISO/IEC 38500 is to provide a framework of principles to the management for evaluation, direction and monitoring of IT use in their organization.

All stakeholder (management, shareholder, customer, employees) gain confidence in the organization's corporate governance of IT

Informing and guiding directors in governing the use of IT in their organization

Providing a basis for objective evaluation of the corporate governance of IT

Establish a standard model and vocabulary for the governance of IT

Underpinning directors in fulfillment their obligations concerning legal and compliance aspects of IT

Ensure that the IT contributes a significant benefit to the organizations performance

Backup

ISO/IEC 38500 is a standard for providing high level definitions, principles and models for the establishment and operation of a framework for the effective governance of IT.

ISO/IEC 38500 – Corporate Governance of Information Technology

Source: International Standard, ISO/IEC 38500, First Edition 2008:-06-01

Scope Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 39 – © D

etec

on

COBIT is designed by the IT Governance Institute (ITGI, www.itgi.org/cobit) and Information Systems Audit and Control Association (ICASA, http://www.isaca.org)

COBIT is a common language for executives and IT staff to get a a better understanding of how business and IT can work together for the successful delivery of IT services

COBIT is a sign of a well-run enterprise, as it is a proven and internationally accepted set of tools and techniques to manage IT

COBIT ensures ownership and responsibilities based on a clear process orientation

IT Governance ensures a decision-making approach, which is aligned with processes, business requirements and with the business strategy

The official standard for corporate governance of IT is ISO/IEC 38500

COBIT is an international framework focusing on IT Governance to ensure: Better quality for IT services IT enables the business Alignment of IT and business IT maximizes benefits Responsible use of IT resources IT is managed throughout an IT life-cycle Appropriate management of IT risks Increase in efficiency and quality

Detecon’s IT Governance Framework:

Backup

COBIT improves IT efficiency and effectiveness by trying to understand business requirements and to align business and IT.

COBIT – Control Objectives for Information and Related Technology

Focusing on overall development, improvement, operation, monitoring, compliance, communication and information

Focusing on approved standards and guidelines as well as principles, tools & templates, roles & responsibilities, organizational structures and KPIs

IT-Organization Processes

Processes to Manage

BusinessAlignment

Content to Direct

Objectives

Information

Scope Objectives

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 40 – © D

etec

on

Contact

Contact Details

Dr. Evangelos HadjicharalambousDetecon International GmbHIT Service & Operations Management

Sternengasse 14-1650676 Cologne (Germany)Phone: +49 221 9161 1131Fax: +49 221 9161 4663Mobile: +49 160 [email protected]

ISO

-IEC

2000

0_M

ETH

OD

OLO

GY_

AND

_AP

PRO

ACH

_V.1

.2_E

N.P

PT

– 41 – © D

etec

on