Sosialisasi

Seri SNI ISO/IEC 20000

Sistem Manajemen Layanan

Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM

Ketua WG Tata Kelola dan Layanan TI
PT35-01 Teknologi Informasi

Makassar 7 Mei 2014

1
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
Current:
Director of Certification CRISC & CGEIT, ISACA Indonesia Chapter
ISACA Academic Advocate at ITB
SME for Information Security Standard for ISO at ISACA HQ
Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung
Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01
Program Nasional Penetapan Standar bidang Teknologi Informasi, BSN Kominfo.
Past:
Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008)
Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April
2009 May 2011

Professional Certification:
Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of
Engineering, the University of Texas at Austin. 2000
IRCA Information Security Management System Lead Auditor Course, 2004
ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005
Brainbench Computer Forensic, 2006
(ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007
ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007
Award:
(ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior
Information Security Professional. http://isc2.org/ISLA

2
Blooms Taxonomy of Educational Objectives

Evaluate
judge, critique, justify, Synthesize
verify, assess, recommend
create, construct, design,
improve, produce, propose
Analyze
compare, contrast, classify, Apply
categorize, derive, model
calculate, solve,
determine, apply
Comprehend
explain, paraphrase Remember
list, recite
Kategori Kontrol berbasis Risiko

4
Source: Transforming Cybersecurity: Using COBIT 5, ISACA, 2013
 Kerangka dan Standar tinjauan

COSO
SNI ISO PP60/ ITIL v2 ITIL v3 SNI SNI Common
38500 2008 COBIT SNI ISO ISO ISO Criteria
board level

20000 2700x 900x SNI ISO

15408
management

SNI ISO
27013
technical
 Seri SNI 20000 - Sistem Manajemen Layanan
ISO/IEC 20000-1:2011
SNI ISO/IEC 20000-1:2013 Teknologi Informasi - Manajemen Layanan - Bagian 1:
Persyaratan sistem manajemen layanan IEEE Std 20000-1-2013

ISO/IEC 20000-2:2012
SNI ISO/IEC 20000-2:2013 Teknologi informasi - Manajemen layanan - Bagian 2: Pedoman
penerapan sistem manajemen layanan IEEE Std 20000-2-2013

ISO/IEC TR 20000-3:2012
SNI ISO/IEC TR 20000-3:2013 Teknologi informasi - Manajemen layanan - Bagian 3: Pedoman
pendefinisian lingkup dan kesesuaian dari SNI ISO/IEC 20000-1

ISO/IEC TR 20000-4:2010
SNI ISO/IEC TR 20000-4:2013 Teknologi informasi - Manajemen layanan - Bagian 4: Model
referensi proses

ISO/IEC TR 20000-5:2010 replaced by ISO/IEC TR 20000-5:2013

SNI ISO/IEC TR 20000-5:2013 Teknologi informasi - Manajemen layanan - Bagian 5: Contoh
acuan perencanaan implementasi SNI ISO/IEC 20000-1

ISO/IEC 27013: 2012

SNI ISO/IEC 27013: 2013 Teknologi informasi - Teknik keamanan - Pedoman penerapan
terintegrasi SNI ISO/IEC 27001 dan SNI ISO/IEC 20000-1

Akan diusulkan menjadi SNI ISO/IEC TR 20000-10:2013

Information technology -- Service management -- Part 10: Concepts and terminology 6
7
 Process assessment Action plan
Assessment of the audited processes and Actions plan to reach level .
Extend assessment througth the overall organisation to be able to
compare same referential with same objectives and continuity of
processes

Lvl 5 : Value

Lvl 4 : Service
Communications Process
RFC Process
Problem Management OLAs Implementation
Implementation
Lvl 3 : Proactiv
Catalogues of Services
Knowledge Improvement
Improvement

Lvl 2 : Reactiv

Lvl 1 : Chaos

Service Desk Incident Problem Change Service Level

Management Management Management Management

Month 200X Page 8

 Trying to Run Before Walking
Level 5
Value
Level 4
IT as strategic
Service business partner
Level 3 IT as a service IT and business
Proactive provider metric linkage
Level 2 Analyze trends Define services, IT/business
Set thresholds classes, pricing
Reactive collaboration
Level 1 Fight fires Predict problems Understand costs improves business
Inventory Guarantee SLAs process
Chaotic Measure appli-
Ad hoc Desktop SW cation availability Measure & report Real-time
distribution service availability infrastructure
Automate
Undocumented Integrate processes Business planning
Initiate Mature problem,
Unpredictable problem mgt configuration, Capacity
process Manage IT as a Business
Multiple help change, asset mgt
desks Alert and and performance
event mgt mgt processes Service and Account Management
Minimal IT
Measure component
operations Service Delivery Process Engineering
availability (up/down)
User call
notification Operational Process Engineering

Tool Leverage
Diskusi

10