Gauteng Branch 7 August 2008 Presenter : Keith Reynolds

Agenda

What is ISO 20000? Why have it? Advantages ISO 20000 & the V3 Lifecycle ISO 20000 Current and Future status Available Publications Questions

Copyright 2008 NSS

"The wonderful thing about standards is that there are so many of them to choose from". - Grace Hopper

Copyright 2008 NSS

Service Management Frameworks Governance Quality Management e tic ac es r s t P es es roc ITIL B P Maturity Measure CMMI
& it ce ud ran A u s As y lit ua Q

er riv D

SOX

External Drivers

Overall Framework

ISO 20000

COBIT

Independent Certification

BASEL II eTOM
ce ss Ma p Six Sigma Pr o

Copyright 2008 NSS

ISO 20000 What it is

ISO/IEC 20000 is the international, independent Quality Standard for IT Service Management. This quality standard specifies the practical procedures an organisation should follow to improve the quality of its IT Service Management processes. Published in December 2005, is the first international standard for IT Service Management - based on British Standard, BS 15000. ISO/IEC 20000 is aligned with and complementary to the process approach defined within ITIL from the Office of Government Commerce (OGC).

Copyright 2008 NSS

ISO 20000 What it is

ISO 20000-1 ('part 1') is the formal specification, it defines the requirements that must be achieved. It promotes the adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements. ISO 20000-2 ('part 2') is a 'code of practice', and describes the best practices for service management within the scope of ISO20000-1. Part 2 describes a code of practice. It comprises the same sections as 'part 1' but excludes the 'Requirements for a Management system' as no requirements are imposed by 'part 2'.

Copyright 2008 NSS

ISO 20000 What it is

ISO 20000-1 ('part 1') comprises ten sections:

Scope Terms & Definitions Planning and Implementing Service Management Requirements for a Management System Planning & Implementing New or Changed Services Service Delivery Process Relationship Processes Control Processes Resolution Processes Release Processes

Copyright 2008 NSS

ISO 20000 What it is

ISO/IEC 20000 is independent of all frameworks, it is framework neutral. There is no control defined or implied between the standard and frameworks such as MOF, ITIL or to their supporting qualification schemes. Each is developed autonomously to the other.

There are many defined frameworks both public (MOF) and private (inhouse best practices) that can help the drive towards recognition of capability and therefore eventually ISO/IEC 20000 certification.
Copyright 2008 NSS

ISO 20000 Why have it

Both internal and external service providers are being challenged to prove they will be able to provide the required service quality and to that end have adequate service management processes in place. External service providers have already been requested to become certified to the standard as part of invitation to tenders. The award of the ISO/IEC 20000 certificate is subject to audits conducted by Registered Certification Bodies against ISO/IEC 20000 Part 1 The Specification which ensure that a service provider is designing, implementing and managing an IT Service Management system in line with the requirements of the standard.

Copyright 2008 NSS

ISO 20000 Why have it

The new ISO/IEC 20000 (BS 15000) standard is set to become a cornerstone for improving the management of external service providers. It involves the processes, policies, documentation, roles and responsibilities associated with service delivery and support.

Source : Gartner Inc., G00136652, ISO/IEC 20000 Has an Important Role in Sourcing Management, January 5, 2006
Copyright 2008 NSS

Goals of ISO 20000

Reduce operational exposure to risk Meet contractual requirements Demonstrate service quality Promote the adoption of an integrated process approach to deliver managed services to meet the business and customer requirements Enable the understanding of best practices, objectives, benefits and possible problems of service management Help organizations generate revenue or be cost effective via Copyright 2008 NSS professional service management

Advantages of ISO 20000

Alignment of information technology services and business strategy. Creation of a formal framework for current service improvement projects Provides a benchmark type comparison with best practices Creation of inter-enterprise operational processes Creates a progressive ethos and culture Creates competitive advantage
Copyright 2008 NSS

Advantages of ISO 20000

Reduction of risk and thus cost in terms of external service receipt Aids major organizational changes Enhanced reputation and perception Fundamental shift to pro-active rather than re-active processes Improved relationship between different departments Creation of a stable framework for both resource training and service management automation.
Copyright 2008 NSS

ISO 20000 vs. ITIL

ITIL and ISO 20000 serve different purposes ISO 20000 provides an Independent standard suitable for third-party certification ITIL provides best practices in ITSM
Achievement

PART 1 Specification Requirements Shall Code of Practice

Management Overview

Guidance on Compliance Should Part 2 Part 3 Interpreting Part 1 Applicability/Scope

Process Definition Deployed Solution

ITIL IT Infrastructure Library In-house procedures

Copyright 2008 NSS

ISO 20000 vs. ITIL ITIL V3 Qualifications

ITIL Master

ITIL Expert

Managing Across the Lifecycle

Continual Service Improvement Planning, Protection & Optimisation Release, Control & Validation Operational Service Support & Offerings & Analysis Agreement

Service Strategy

Service Design

Service Transition

Service Operation

Lifecycle Modules

Capability Modules

ITIL v3 Foundation Certificate in IT Service Management

Start Here Copyright 2008 NSS

ISO 20000 vs. ITIL - ISO 20000 Certification (EXIN) Management

Senior Manager/Consultant Certificate Manager/Consultant Certificate

Auditing
Lead Auditor Certificate

Internal Auditor Certificate

Filtered

Filtered

Professional
Support of IT Services Control of IT Services Management and Improvement of IT Services Delivery of IT Services Alignment of Business and IT

Foundation
Foundation Certificate

Start Here

Copyright 2008 NSS

ISO 20000 Contents

Requirements for a Management System

Objective: To provide a management system, including policies and a framework to enable the effective management and implementation of all IT services.

Copyright 2008 NSS

ISO 20000 Contents Requirements for a Management System Planning and Implementing Service Management
Business requirements Customer requirements Request for new/ Changed services Managed Services Management Responsibility Plan Plan service management Business Results Customer Satisfaction New / changed services

Objective:

Do Act Other processes a management system, including policies and To provide Implement service Continual e.g. business, to enable the effective management and implementation of management Improvement Supplier, customer Service Desk Other teams, e.g. security, IT operations Check Monitor, Measure and Review

a framework all IT services. Other Processes,

e.g. business, supplier, customer Team and people satisfaction Copyright 2008 NSS

Source : ISO 20000:1 Plan-Do-Check-Act methodology for service management processes

ISO 20000 Contents Requirements for a Management System Planning and Implementing Service Management

Planning and Implementing new or Changed Services

Objective:

Objective: To provide a management system, including policies and a framework toTo ensureeffective managementand implementation of all IT services. enable the that new services and changes to services will be deliverable and manageable at the agreed cost and service quality.

Copyright 2008 NSS

ISO 20000 Contents Requirements for a Management System Planning and Implementing Service Management Planning and Implementing new or Changed Services Service Delivery Processes
Capacity Management Service Level Management Service Reporting Control Processes Objective: Configuration Management

Information Security Management Budgeting and Accounting for IT services

Service Continuity & Availability Management

Release Relationship To provide a management system, Management policies and a framework Change including Processesthe effective management and implementation of all IT services. Processes to enable Resolution Processes
Release Management Business Relationship Management Incident Management Problem Management Supplier Copyright Management 2008 NSS

10

Current Status

ISO/IEC 20000-1 The Specification for Service Management

Provide requirements for ITSM and is responsible for: - Initiating - Implementing or - Maintaining ITSM in organisations
PART 1 Specification Requirements Shall
Part 2
Interpreting Part 1

Code of Practice

ISO/IEC 20000-2 The Code of Practice for Service Management

Guidance on Compliance Should

Describes the best practices for service management within the scope of ISO20000-1 Covers ITIL processes within ITSM Copyright 2008 NSS

Current and Future Status

ISO/IEC 20000-3 - Scoping and Applicability ISO/IEC 20000-4 - IT Service Management Process Reference Model ISO/IEC 20000-5 - Incremental Approach Exemplar Implementation Plan

Part 1

Part 2

Part 3

Part 4

Part 5

Copyright 2008 NSS

11

ISO Standards Development

6. The standard enters the publication stage and is sent to the ISO Central 6. The standard enters the publication stage and is sent to the ISO Central Secretariat for publication. Secretariat for publication. 5. DIS enters the approval stage. During this stage it will again circulate through all 5. DIS enters the approval stage. During this stage it will again circulate through all member bodies for a final vote and again it must pass this stage with 75% of the vote. member bodies for a final vote and again it must pass this stage with 75% of the vote. 4. The DIS enters the enquiry stage -- circulated among all member bodies and then 4. The DIS enters the enquiry stage circulated among all member bodies and then voted upon. If it gets 75% of the vote it becomes a Final Draft International Standard voted upon. If it gets 75% of the vote it becomes a Final Draft International Standard

(FDIS). (FDIS).

3. Committee stage -- sent out for comments until a consensus is reached. The output 3. Committee stage sent out for comments until a consensus is reached. The output of this stage is the Draft International Standard (DIS). of this stage is the Draft International Standard (DIS).

2. Preparatory stage -- a working draft of the standard is developed. 2. Preparatory stage a working draft of the standard is developed.

1. Proposal stage -- a need for a standard is determined and members are identified 1. Proposal stage a need for a standard is determined and members are identified who are willing to work on it (TC/SC). who are willing to work on it (TC/SC).

Copyright 2008 NSS

Lifecycle of a standard

Working Draft (WD) Committee Draft (CD) Final Committee Draft (FCD) Final Draft International Standard (FDIS) Standard
Copyright 2008 NSS

12

Current and Future Status

ISO 20000-1 ISO 20000-2 ISO 20000-3 ISO 20000-4 ISO 20000-5

(Working Draft 3)

Committee Draft (Oct 2008) Final Committee Draft (May 2009?)

Request for new timelines

Working Draft 1 (May 2009)

Committee Draft (CD)

Draft Technical Requirement (Oct 2008)

Final Draft International Standard

Preliminary Draft Technical Requirement (Oct 2008)

Preliminary Draft Technical Requirement (Oct 2008)

Copyright 2008 NSS

Management of the Certification Scheme

itSMF created, and now manages the ISO/IEC 20000 IT Service Management Certification Scheme which provides this independent verification against ISO/IEC 20000. Operation of the scheme is closely monitored by itSMF to ensure consistency of implementation.

Any organisation wishing to be formally certified against the scheme will need to be assessed by an itSMF Registered Certification Body (RCB).

Copyright 2008 NSS

13

ISO 20000 Compliance

ISO/IEC 20000 is increasingly seen as the quality standard for IT Service Management which many companies are striving to adopt. Any organisation is able to claim compliance with an industry standard such as ISO/IEC 20000 and may put such claims in their documentation and other collateral.

It is more valuable for compliance claims to be independently verified as part of a formal certification scheme (ISO 9000 and BS 7799/ ISO 27001 are examples where such certification schemes have already been established).
Copyright 2008 NSS

Organisational Certification

8. Maintenance 8. Maintenance 7. Registration 7. Registration 6. Schedule and Complete Initial Assessment 6. Schedule and Complete Initial Assessment 5. Select the Registered Certification Body 5. Select the Registered Certification Body 4. Obtain Quotations 4. Obtain Quotations 3. Optional initial Self-Assessment 3. Optional initial Self-Assessment 2. Determine the scope 2. Determine the scope 1. Identify/determine the need 1. Identify/determine the need
Copyright 2008 NSS

14

Certified Organisations

Once an organisation has successfully completed an ISO/IEC 20000 audit by a Registered Certification Body and a certificate bearing the scheme logo has been issued, the organisation is eligible to use the logo as evidence of their achievement. The certified organisation also has the right to request a listing on the ISO/IEC 20000 site.
Users of this site should note that ISO/IEC 20000 certifies the quality management system and processes SUPPORTING the products or services provided - It does NOT certify the products or services themselves.

The scoping statements associated with each certification should be carefully read to ensure the scope of certification, and geographical Copyright 2008 NSS locations, actually cover the areas of interest

Available Publications

ISO 20000-1 and ISO 20000-2 available from SABS

https://www.sabs.co.za/Business_Units/Standards_SA/index.aspx

Copyright 2008 NSS

15

Available Publications

Integrated Service Management

Making Metrics Work

Management Decisions & Documentation

Keeping the Service Going

Why People Matter

Pocket Guide

Certification Roadmap

Managing end-end Service

Capacity Management

Enabling Change

Finance for Service Managers

Difference between 15000 & 20000

ISO 20000 An Introduction

Introduction to SM Based on ISO 20000 and ITIL V3

Copyright 2008 NSS

Thank You

Questions?

Copyright 2008 NSS

16