smsg future of iso iec
DESCRIPTION
Smsg Future of Iso IecTRANSCRIPT
Diapositiva 1Dr. Jenny Dugmore
uniformity of approach
National accreditation bodies
Guide 62 17021 / 19011
Certification bodies (audit companies)
1989:BSI committee established
2000:Part 1 Requirements published (BS 15000)
Part 2 Code of practice re-published
2001:Industry consultation on edition 1
2002:Edition 2 – management system standard (BS 15000)
2004:October – Fast track submission to ISO
2005:May - vote in favour / comment resolution
December – published a ISO/IEC 20000-1 and -2
2006:May - Work Group 25 starts on new Part 3
2006:November - Work on 2nd edition of Part 1 starts
2007:November – 4 more projects started………
What is ISO/IEC 20000 today?
ISO best seller (‘thousands sold’)
Used for 3rd Party certification audits
4 certification schemes accredited
Adopted internationally
Often referred to as ‘The ITIL standard’
In-house procedures / work instructions
New and changed services
Leadership
Standalone or combined audits
20000-2
8 words in Part 1
‘the scope of the service provider’s service management’
Example / scenarios based advice
20000-2 guidance
on requirements
20000-3 scoping
Closer alignment with ISO 9001 (Generic quality)
& ISO/IEC 27001 (Information security)
‘Dummy’ clauses 7.1 and 8.1 removed
Part 2 re-aligned to Part 1
Part 2
Overall more detail
Some changes to reflect ITIL 3:
But ITIL 3 is closer to ISO/IEC 20000-1 than ITIL 2
Both ITIL 2 and ITIL 3 are suitable routes
Implication of ITIL 3 changes
The link between 20K and ITIL is of spirit and intent
There cannot be a formal link between the two
ITIL is a ‘national (UK) initiative’ (from ISO perspective)
ITIL cannot be referenced in the 20000 series
Why is there flexibility?
ITIL focus is advice on ‘how to’
ISO/IEC 20000-1
Very few changes to requirements planned or required for ITIL 3
Agreement to ITIL 3 terms being incorporated
(without reference to UK crown copyright)
ISO/IEC 20000-2
OGC / BSI white paper due soon
A few random examples…..
Configuration Management Database (CMDB)
– database containing all the
relevant details of each configuration item and details of the important relationships between them
ITIL V3 uses
Configuration Management System (CMS) as a set of databases, tools used to manage
configuration data and data such as incident, problem … employee data … locations … users.
CMS is not a new name for a CMDB. CMS may contain several CMDBs as well as tools and a wide range of data types collected for many different purposes.
The difference is not a barrier to achieving Part 1 the requirements
A few random examples…..
Many international standards refer to a broad-based category of ’defects’ or similar terms.
ISO/IEC 20000:
Events
Incidents
Problems.
Requests.
This is one of the differences between the two.
Confusion can be avoided when ‘going the ITIL3 route’
by mapping what has been done to clauses/processes in the standard – and the next edition may refer to ‘request fulfilment’
A few random examples…..
9.1 Configuration management
NOTE: Financial asset accounting falls outside the scope of this section.
ITL V3 refers to ‘Service Asset and Configuration Management’ (also referred to as ‘Service Asset
Management including Configuration Management’).
The term asset is used in a very broad sense as either capabilities, resources or both, depending on the context.
ITIL V3 is different to both ITIL V2 and ISO/IEC 20000 (neither use the term ‘Service Asset’). This is likely to be seen as one of the big differences, but does not present an actual barrier to achieving the requirements of clause 6.4 or clause 9.1.
The use of the term ‘service asset’ and how the role of ‘service assets’ in service management is compatible with a focus on service as well as process that is the characteristic of the standard.
One (big) step v Incremental approach
20000-2 guidance
on requirements
20000-3 scoping
Outcome: ‘the successful achievement of the process purpose’
Defines basic maturity level
PAM defines process capability:
SPICE assessment: similar to CMMi
More detailed than 20000-1 (typically 100+pages)
More prescriptive than 20000-1
Scope as for 20000-1:2005
2nd editions
Part 2:6 m after Part 1 (longer & ITIL alignment)
New:
Part n:Incremental conformity
15504-8: Process Assessment Model
Mapping across standard/methods/frameworks
‘One standard fits all’
Common basis for staff training
Common inter-enterprise operational practices
improved automation
Inter-changeability of service providers
Delivers business benefits
Why ISO/IEC 20000?
… a quick stroll round the International standards committee structure
The standard is under the control of representatives of national standards bodies (in the UK, this is BSI)
ISO/IEC is named this way because it is under the control of a joint international committee:
ISO (International Organization for Standardization)
IEC (International Electrotechnical Commission)
SC7 = Sub-Committee 7
WG = Working Group
ISO standards are a separate stream
ISO/IEC JTC1
ISO/IEC JTC1
Service Management: 80 members, 20 National Standards Bodies.
Liaison has been established or requested with itSMF I, IAF, ISACA/ITGI (for COBIT) and other International standards groups, TC 176 (ISO 9001), JTC1/SC27 (ISO/IEC 27001, IT Security).
WG n
WG n
WG n
WG n
WG n
WG n
WG n
WG n
WG n
WG n
Mapping and CAB Panel
Panel 1: Management system
SC 7
WG 25
uniformity of approach
National accreditation bodies
Guide 62 17021 / 19011
Certification bodies (audit companies)
1989:BSI committee established
2000:Part 1 Requirements published (BS 15000)
Part 2 Code of practice re-published
2001:Industry consultation on edition 1
2002:Edition 2 – management system standard (BS 15000)
2004:October – Fast track submission to ISO
2005:May - vote in favour / comment resolution
December – published a ISO/IEC 20000-1 and -2
2006:May - Work Group 25 starts on new Part 3
2006:November - Work on 2nd edition of Part 1 starts
2007:November – 4 more projects started………
What is ISO/IEC 20000 today?
ISO best seller (‘thousands sold’)
Used for 3rd Party certification audits
4 certification schemes accredited
Adopted internationally
Often referred to as ‘The ITIL standard’
In-house procedures / work instructions
New and changed services
Leadership
Standalone or combined audits
20000-2
8 words in Part 1
‘the scope of the service provider’s service management’
Example / scenarios based advice
20000-2 guidance
on requirements
20000-3 scoping
Closer alignment with ISO 9001 (Generic quality)
& ISO/IEC 27001 (Information security)
‘Dummy’ clauses 7.1 and 8.1 removed
Part 2 re-aligned to Part 1
Part 2
Overall more detail
Some changes to reflect ITIL 3:
But ITIL 3 is closer to ISO/IEC 20000-1 than ITIL 2
Both ITIL 2 and ITIL 3 are suitable routes
Implication of ITIL 3 changes
The link between 20K and ITIL is of spirit and intent
There cannot be a formal link between the two
ITIL is a ‘national (UK) initiative’ (from ISO perspective)
ITIL cannot be referenced in the 20000 series
Why is there flexibility?
ITIL focus is advice on ‘how to’
ISO/IEC 20000-1
Very few changes to requirements planned or required for ITIL 3
Agreement to ITIL 3 terms being incorporated
(without reference to UK crown copyright)
ISO/IEC 20000-2
OGC / BSI white paper due soon
A few random examples…..
Configuration Management Database (CMDB)
– database containing all the
relevant details of each configuration item and details of the important relationships between them
ITIL V3 uses
Configuration Management System (CMS) as a set of databases, tools used to manage
configuration data and data such as incident, problem … employee data … locations … users.
CMS is not a new name for a CMDB. CMS may contain several CMDBs as well as tools and a wide range of data types collected for many different purposes.
The difference is not a barrier to achieving Part 1 the requirements
A few random examples…..
Many international standards refer to a broad-based category of ’defects’ or similar terms.
ISO/IEC 20000:
Events
Incidents
Problems.
Requests.
This is one of the differences between the two.
Confusion can be avoided when ‘going the ITIL3 route’
by mapping what has been done to clauses/processes in the standard – and the next edition may refer to ‘request fulfilment’
A few random examples…..
9.1 Configuration management
NOTE: Financial asset accounting falls outside the scope of this section.
ITL V3 refers to ‘Service Asset and Configuration Management’ (also referred to as ‘Service Asset
Management including Configuration Management’).
The term asset is used in a very broad sense as either capabilities, resources or both, depending on the context.
ITIL V3 is different to both ITIL V2 and ISO/IEC 20000 (neither use the term ‘Service Asset’). This is likely to be seen as one of the big differences, but does not present an actual barrier to achieving the requirements of clause 6.4 or clause 9.1.
The use of the term ‘service asset’ and how the role of ‘service assets’ in service management is compatible with a focus on service as well as process that is the characteristic of the standard.
One (big) step v Incremental approach
20000-2 guidance
on requirements
20000-3 scoping
Outcome: ‘the successful achievement of the process purpose’
Defines basic maturity level
PAM defines process capability:
SPICE assessment: similar to CMMi
More detailed than 20000-1 (typically 100+pages)
More prescriptive than 20000-1
Scope as for 20000-1:2005
2nd editions
Part 2:6 m after Part 1 (longer & ITIL alignment)
New:
Part n:Incremental conformity
15504-8: Process Assessment Model
Mapping across standard/methods/frameworks
‘One standard fits all’
Common basis for staff training
Common inter-enterprise operational practices
improved automation
Inter-changeability of service providers
Delivers business benefits
Why ISO/IEC 20000?
… a quick stroll round the International standards committee structure
The standard is under the control of representatives of national standards bodies (in the UK, this is BSI)
ISO/IEC is named this way because it is under the control of a joint international committee:
ISO (International Organization for Standardization)
IEC (International Electrotechnical Commission)
SC7 = Sub-Committee 7
WG = Working Group
ISO standards are a separate stream
ISO/IEC JTC1
ISO/IEC JTC1
Service Management: 80 members, 20 National Standards Bodies.
Liaison has been established or requested with itSMF I, IAF, ISACA/ITGI (for COBIT) and other International standards groups, TC 176 (ISO 9001), JTC1/SC27 (ISO/IEC 27001, IT Security).
WG n
WG n
WG n
WG n
WG n
WG n
WG n
WG n
WG n
WG n
Mapping and CAB Panel
Panel 1: Management system
SC 7
WG 25