iso/iec 20000 overview - itsmf
TRANSCRIPT
ISO/IEC 20000 ISO/IEC 20000 overviewoverview
Copyright © 2006 ITpreneurs Nederland BV.
2
1. What is ISO/IEC 20000?
2. ISO/IEC 20000 and ITIL…
Overview
Copyright © 2006 ITpreneurs Nederland BV.
3
BS 15000
• BS15000 started in UK and first launched on July 1, 2003. Which was replaced by ISO/IEC 20000 after formal launching on December, 2005.
• ISO/IEC 20000 is the first formal worldwide standard specifically aimed at IT Service Management
It describes an integrated set of management processes for the effective delivery of services to the business and its customers
• ISO/IEC 20000 is derived from and complementary to ITIL• Audits are already available globally• Gartner on BS 15000… (now ISO/IEC 20000)
• “All improvement efforts in Service Management should be done with ITIL and BS 15000 as a frame of reference and baseline.”
• ISO/IEC 20000 is likely to become a basic business requirement, in the same way as ISO 9000
Copyright © 2006 ITpreneurs Nederland BV.
4
• The standard is aligned with ITIL but is broader in concept• The standards checks that the overall concept of Service
Management has been set up and running correctly
• ISO/IEC 20000 defines a level of quality for ITSM activities which can be audited
• The standard looks for a fixed feedback loopPlan – Plan Service ManagementDo – Implement Service ManagementCheck – Monitor Measure and ReviewAct – Continuous Improvement
• ISO/IEC 20000 Certification provides a basis for proving that anorganisation has implemented best practises and are using them consistently across the organisation
ISO/IEC 20000, the worlds first quality standard for service management
Copyright © 2006 ITpreneurs Nederland BV.
5
Manage ServicesManage Services
PLANPlan service management
PLANPlan service management
DOImplement
Service Management
DOImplement
Service Management
CHECKMonitor, Measure
and Review
CHECKMonitor, Measure
and Review
ACTContinuous
Improvement
ACTContinuous
Improvement
Management ResponsibilityManagement Responsibility
ISO/IEC 20000: Plan, Do, Check, Act Management System
Business Results
Business Results
Customer SatisfactionCustomer
Satisfaction
New or changedservice
New or changedservice
Other process,business,
supplier, customer
Other process,business,
supplier, customer
Team & peopleSatisfaction
Team & peopleSatisfaction
Business requirements
Business requirements
Customerrequirements
Customerrequirements
Request for new or changed services
Request for new or changed services
Service DeskService Desk
Other process,business,
supplier, customer
Other process,business,
supplier, customer
Source: ISO/IEC 20000-1:2005
Common toISO/IEC 20000 andISO 9001
Other Teams, e.g. Security, IT Operations
Other Teams, e.g. Security, IT Operations
Copyright © 2006 ITpreneurs Nederland BV.
7
ISO 20000 Part 1 and Part 2 – Basics
Part 1Shall
Part 2should
4 Applicable to service providers of all sizes and types4 Independent of organizational structure4 ISO/IEC 20000-1:2005 is a specification
4 Compulsory requirements 4 Defines what is required – “shall”4 Used as the basis of independent third-party audits4 Notes are not mandatory
4 ISO/IEC 20000-2:2005 is a code of practice 4 Uses “should”4 Guidance on best practice and guidance on the
application of the requirements contained in ISO 20000-1
4 Explains best practices and therefore the Part 1 requirements
4 ISO 20000-2 does not itself contain any compulsory requirements
Copyright © 2006 ITpreneurs Nederland BV.
8
ISO/IEC 20000 Content Overview
Service Delivery ProcessesCapacityManagement
Service Continuity & Availability Management
Service Level Management
Service Reporting
Information Security Management
Budgeting and Accounting
Release Processes
Release Management
Resolution Processes
Incident Management
Problem Management
Relationship Processes
BusinessRelationship Management
Supplier Management
Control ProcessesConfiguration Management
Change Management
Management system Planning and implementing service management
Planning and implementing new and changed services
Source: BSI based on process diagram in ISO/IEC 20000
Copyright © 2006 ITpreneurs Nederland BV.
10
Why do you need a formal certification program for Service Management?
• A formal certification ensures your service management investment is being well used
• Drives consistency through the market place• Uses a broad base of Service Management experience to ensure that
you have implemented Service Management correctly• A formal seal of approval that the IT Department (Service Provider) can
use to show its sponsors
Copyright © 2006 ITpreneurs Nederland BV.
11
How is certification provided?
• itSMF have created a certification scheme under which organizations can be independently audited
Managed by an itSMF Executive Sub-Committee (ESC)itSMF register Certification Bodies (RCBs) and grant a licence to use the itSMFISO/IEC 20000 logo RCBs conduct the audits
• Auditors must remain independentRCB auditors are only allowed to audit, they cannot also provide consultancy
Copyright © 2006 ITpreneurs Nederland BV.
12
ISO 20000 and ITIL
ISO/IEC 20000 and ITIL are aligned but:4 ITIL is a set of guidelines4 ISO 20000 is a set of universal requirements 4 Minor differences in scope and groupingAnyone can claim “they have adopted ITIL”The standard provides 4 A quality level for service management processes that can be
auditedISO/IEC 20000 does not specify ITIL4 ..but ISO 20000 would be difficult to achieve without ITIL 4 ..ISO 20000 checks ITIL has been adopted intelligentlyISO/IEC 20000 certification 4 Proof that an organization has implemented best practice4 Independent, external auditing body4 Personal certification examinations (consultant, auditor courses)
accredited by itSMF
Copyright © 2006 ITpreneurs Nederland BV.
13
ITIL and ISO20000
Copyright © 2006 ITpreneurs Nederland BV.
18
The position of the ISO 20000 quality management framework in respect to
other frameworks
PERFORMANCE: business goals
CONFORMANCEBasel II, Sarbanes-
Oxley Act, etc
“Enterprise Governance”
“IT Governance”
ISO 9001:2000
ISO 17799
ISO 20000Best practice standards
QAProcedures
Processes and Procedures
Drivers
COBIT®
COSO
Security Principles
ITIL
Balanced Scorecard
Copyright © 2006 ITpreneurs Nederland BV.
19
For more information . . .
• ISO/IEC 20000 Certificationhttp://www.isoiec20000certification.com/
• Institute of Service Managementhttp://www.iosm.com
• itSMFhttp://www.itsmf.com