Business is evolving, you should too.

What is ISO20000?
Ben Kalland, Tieturi
Helsinki, Tampere, Turku, Tukholma, Gteborg | www.tieturi.fi

Agenda
What is ISO/20000 and why should I care? History and future Relationship to ITIL and other standards Certification, who, how much, why and when ISO20000 processes difference to ITIL How to proceed from here

ITIL is a library of best practice

Service Strategy
strategic analysis, planning, positioning

Service Design translates plans to designs and specifications Service Transition ensures design will deliver and can be operated Service Operation manage a service throughout production life Continual Service Improvement measure performance for maximum benefit

ITIL
ITIL knowledge can be certified for individuals
Foundation Practitioner Service Manager ITIL Expert

An organisation cannot be ITIL certified Anyone can claim they have adopted ITIL

ISO/IEC 20000
Worldwide standard for IT Service Management International certification against standard Proof that best practices are implemented ITIL not requirement Not as deep as ITIL minimum requirement ITIL is a set of guidance ISO is requirements Easier to achieve if ITIL based approach 200 + requirements to be able to demonstrate compliance Based on BS15000, 400 minor adjustments Certification for Quality Management (not i.e. tools)

Relationship ISO 20000 - ITIL

Relationship ISO 20 000 - ITIL

Timeline - history and future

1989 ITIL V1 1999 ITIL V2 2000 BS15000 2003 itSMF launched BS15000 certification 2005 ISO/IEC 20000 2007 ITIL V3 2009 IS/IEC 20000 v2

Can you answer these questions?

What are the current and future requirements of the business What happens if you have a major disaster What level of service do you provide What level of risks and liability do you have What is the current level of failures and how much does it cost the business If your business customer base doubles, what does it mean for IT and how much does it cost and when is it ready Goal of SM: align with business, low cost, high quality

Note!

ISO/IEC 20000 certifies the quality management system and processes SUPPORTING the products or services provided. It does NOT certify the products or services themselves.

Position against other frameworks

Requirements
Part 1 provides the requirements for IT service management to gain certification This is relevant to those responsible for initiating, implementing or maintaining IT service management in their organization Senior Management are responsible and accountable for ensuring all requirements of Part One are met if Certification is sought Compulsory requirements shall Basis for independent auditing Example: All incidents shall be recorded

Guidance
Part 2 - Code of Practice for Service Management Provides guidance to internal auditors and assists service providers planning service improvements or preparing for audits against ISO 20000 Guidance should Explanations, not compulsory Ex: The process for a major incident should include a review

Scope
Part 3 - Scope & Applicability
Advice on scoping for service management Planning & improvements Scope statements for certification audits Suggestions on applicability include adding communications or wider technology enabled services Not yet formally agreed.

Who is certified? Examples

50% private, 50% public 50% internal, 50% external service providers CSC Nordic, Denmark Fujitsu Services, Finland Siemens Business Services, Germany Flughafen Munchen, Germany T-Systems ITC Services, Spain Salzburg AG, Austria EDS, Netherlands ING Services Centre Budapest, Hungary

Who is certified? 349 organizations in March 2009

UK Japan India South Korea China Germany

52 50 41 35 34 20

Denmark 2 Finland 1 Sweden, Norway - none

Eligibility
An organisation must be able to demonstrate it has management control of each of the ISO 20000 processes

All requirements must be met If a process or function is outsourced, the organisation must retain management control Control of input, policy setting Use and knowledge of output Define metrics and continuous improvement
Management control of a process consists of: knowledge and control of the inputs knowledge, use and interpretation of the outputs definition and measurement of metrics demonstration of objective evidence of accountability for process functionality definition, measurement and review of process improvements

ISO/IEC 20000 processes

Delivery processes

Support processes

How to proceed
Prepare for certification through Consultancy Services Assessment, implementation of processes, mentoring and guidance Undertake various forms of training:

ISO 20000 Foundation

Aimed at individuals familiar with ITIL, who participate in developing processes

or preparing for audition
ISO 20000 Consultants Certifiacte

Aimed at experienced IT Service Management practitioners whose roles and

responsibilities include preparing organisations for the adoption of ISO 20000.
ISO 20000 Auditors Certificate:

Aimed at experienced internal or external auditors who have at least 3 years

general IT auditing experience and are either certified ISO 9000, ISO 27001 or TickIT auditors or are certified internal auditors
Service Management

ITIL Foundation, Practitioner, Managers Planning To Implement Experiential Learning & Awareness
Select an approved Registered Certified Body

Audits
RCB Needed documentation
Evidence of intention: process designs, SLAs, plans, contracts, ...

Inputs, specifications
Records of achievement or activities performed: statistical data,
minutes of meetings, RFCs, ...

Outputs
Surveillance audits at least annually Full re-audits every three year Internal audits at planned intervals

More information?

Ben Kalland ITIL Expert, ISO 20000 Foundation certified consultant Accredited ITIL trainer ben.kalland@tieturi.fi Tieturi Oy, HTC Santa Maria Tammasaarenkatu 5 00180 HELSINKI www.tieturi.fi/itil