what it is and how it relates to ITIL V3

ISO20000: What it is and how it relates to ITIL v3 John DiMaria; Certified Six Sigma BB, HISP BSI Product Manager; ICT (ISMS,ITSM,BCM)

© 2006 BSI Management Systems All Rights Reserved

Objectives and Agenda To raise awareness, to inform and to enthuse • ISO20000 – what is it? • ISO20000 – how does it relate to ITIL3? • ISO20000 – why do you need it? • ISO20000 – how to achieve certification • Summary


-2-

ISO20000 – What is it?

ISO/IEC 20000 • Part 1 – Specification for Service Management ISO/IEC 20000-1: 2005 • Part 2 – Code of practice for Service Management ISO/IEC 20000-2:2005 ‘To promote the adoption of an integrated process approach to deliver managed services to meet the business and customer requirements’ ISO/IEC 20000-1:2005


-4-

Part 1 and Part 2 Audit is against part 1. Assess and Aim initially for minimum requirements – part 1; Use Part 2 for guidance and continuous improvement Part 1 – Specification

Part 2 – Code of Practice

• Management with appropriate authority shall approve an information security policy that shall be communicated to all relevant personnel and customers where appropriate.

• The service providers staff with information security roles should be conversant with BS7799 (ISO17799/ ISO27001).


-5-

History • UK Government launches IT Infrastructure Library (ITIL) in 1989 • ITIL defines ‘best practice’ processes and procedures • ITSMF formed in 1991 to further develop best practice • BSI Service Management committee develops a code of practice book and then a standard aligned to ITIL • BS 15000 first published in 2000 as a specification • Early adopters programme led to revised edition in 2002 • Certification scheme available from November 2003 • Adopted as ISO 20000 in December 2005 © 2006 BSI Management Systems All Rights Reserved

-6-

Product Fit ISO 20000

ISO 27001

ISO 9001:2000


-7-

Process mapped to organizational unit Organization

Operations and Network Management

Print and Mail

IT Manager

Office Automation and Telematics

Software Department

Project Organization

Process


-8-

Service Desk

Software Maintenance and Application Management

The world’s first IT service management process standard … that provides the industry with a standard that can be used for auditing and assessing internal service providers and external suppliers across the supply chain To help organizations provide a quality service and be cost effective via professional service management

Supplier A

Service Provider

Supplier B (Lead Supplier)

Supplier12 © 2006 BSI Management Systems All Rights Reserved

Scope of ISO 20000

Supplier23 -9-

Customer

ISO20000 Process Framework


- 10 -

Plan, Do, Check, Act Management System Manage Services Management Management Responsibility Responsibility

Business Business requirements requirements

PLAN PLAN Plan Plan service service management management

Customer Customer requirements requirements Request Request for for new new or changed services or changed services

Other Other process, process, business, business, supplier, supplier, customer customer

Customer Customer Satisfaction Satisfaction DO DO Implement Implement Service Service Management Management

ACT ACT Continuous Continuous Improvement Improvement

CHECK CHECK

Business Business Results Results

New New or or changed changed service service Other Other process, process, business, business, supplier, supplier, customer customer

Monitor, Monitor, Measure Measure

Other Other Teams, Teams, e.g. Security e.g. Security


Source: ISO 20000

and and Review Review

- 11 -

Team Team & & People People Satisfaction Satisfaction

ISO20000 – How does it relate to ITIL

IT Service Management Framework


- 13 -

ITIL® v3 Lifecycle Framework Governance Methods

&

Continual Service Improvement

Al ig nm en t

Spe cialt y To pics

s die Stu se Ca

Service Design Service Strategies

ITIL ITIL

ice erv l S nt ua eme in nt rov Co Imp

Service Transition

Co n Im tinu pr al ov Se em rv en ice t

on cti du ro Int ve uti ec Ex

St ud y

Templates

Service Operation

s in W ick Qu

Ai ds

Qualifications © 2006 BSI Management Systems All Rights Reserved

Sc ala bil ity

e dg e l w no K

St an da rd s

s ill k S

- 14 -

(c) Crown Copyright 2007 Reproduced under Licence from OGC

ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office

Common processes across ISO20000 and ITIL v3 • Incident Management • Problem Management • Service Level Management • Service Reporting • Supplier Management • Capacity Management • Information Security Management • Change Management


- 15 -

Similar processes across ISO20000 and ITIL v3 • Release Management

Release and Deployment Management in ITIL v3

It additionally covers deployment approaches and knowledge transfer in more detail, and early life support

• Configuration Management

Service Asset and Configuration Management in ITIL v3 •

Manages service assets from acquisition to disposal

•

Provides a configuration model of services, assets and infrastructure, and their relationships

• Service Continuity and Availability Management

Two separate processes in ITIL v3

• Budgeting and Accounting for IT Services

Financial Management in ITIL v3


- 16 -

Processes within ISO20000 but not ITIL v3 • Business Relationship Management

This is mentioned briefly in the ITIL v3 Service Strategy book but is not expanded to be a process

Some elements such as Customer Satisfaction Survey and addressing complaints are covered in the ITIL3 SLM process


- 17 -

Functions ISO20000

ITIL v3

• None – ISO20000 is process based and does not cover functions

• Service Desk • IT Operations Management • Application Management • Technical Management


- 18 -

Roles ISO20000

ITIL v3

Top/Executive Management

not defined

Senior Responsible Owner

not defined

not defined

Service Owners

Process Owners

Process Owners/Managers

not defined

Functional Group Managers

Contract Managers Contract Managers Individual(s) responsible for customer satisfaction and the whole business Business Relationship Manager relationship process not defined

Product Manager

not defined

Service Design Manager

not defined

Chief Sourcing officer


- 19 -

Key Corresponding Documents ISO20000

ITIL v3

Service Improvement Policy

Continual Service Improvement Policy

Configuration Management Policy

Service Asset and Configuration Management Policies

Release Policy

Release Policy

Financial Policy

Financial Plans and Budgets

Information Security Policy

Information Security Policy

Service Level Agreements, Supporting Service Agreements and Contracts

Service Level Agreements, Operating Level Agreements and Contracts

Emergency Change Policy

Change Management Plans

Service Improvement Policy Plan for improving the service

Service Improvement Plans

Availability, Service Continuity, Capacity, Roll Out and Release Plans

Availability, IT Service Continuity, IT Recovery, Capacity and Release Plans

Documented Processes and Procedures

Appropriate Process Documentation


- 20 -

Other Key Documents ISO20000

ITIL v3

• Service Management Policy

• Stakeholder Management Strategy

• Service Management Plan

• Service Portfolio

• Definitions of Service Management Roles, Responsibilities and their competencies

• Service Design Package

• Framework of Management Roles and Responsibilities

• Test Strategy

• Plans for New and Changed Services

• Service Catalogue

• Document Management Procedures

• Reporting Policy

• Risk Management Approach

• Knowledge Management Strategy

• Methods for Monitoring and Measuring Processes

• Projected Service Outage

• Service Level Package

• Change Schedule

• Audit Procedure and Audit Plan • Complaints process • Security Controls • List of Stakeholders and Customers • Service Report Descriptions © 2006 BSI Management Systems All Rights Reserved

- 21 -

Mapping Summary ISO20000

ITIL v3

Standard and Code of Practice

Best Practice

Certification for a service provider

Qualifications for individuals

Definitive high-level requirements for processes and management system

Detailed Best Practice guidance, description and implementation aids

Organisational structure independent

Defines many function and process roles and responsibilities

13 processes; no functions, lifecycle not explicitly specified

26 processes and four functions documented in five lifecycle stages

Definitive set of required documents

Descriptions of key documentation


- 22 -

ISO20000 – Why do you need it?

Why do we need Service Management? • The Business is more and more dependent on IT • Complexity of Technology constantly Increases • Customers are demanding more for less • Global competitiveness growing at rapid rate requiring a more flexible approach to integration • Stronger focus on controlling costs of IT • Low customer satisfaction levels (Not surveys) • Information Governance Regulations • Customers have become services focused with a strong orientation related to service levels and costs. © 2006 BSI Management Systems All Rights Reserved

- 24 -

Drivers • Move from investing in tools to develop software to managing the quality of these systems and linked processes once they are “live” • The need to deliver cost effective service delivery • Lack of guidance and accepted standards • Raising the profile of the IT department • Government / ITIL / ISO20000 II nn vv ee ss tt m m ee nn tt

Revenue Revenue growth growth

Employee Employee retention retention

Internal Internal Services Services Quality Quality

Employee Employee satisfaction satisfaction


Value Value for for customers customers

Employee Employee productivity productivity

- 25 -

Customer Customer satisfaction satisfaction

Customer Customer loyalty loyalty

Profitability Profitability

Drivers to achieving certification to ISO20000 External service providers

Generic drivers for all

• ISO20000 is becoming a basic bid requirement especially for IT Service Providers, in the same way as ISO9000 ten years ago

• Hard evidence that Quality of ITSM is taken seriously

• Gives confidence to customers in selecting an external service provider who is ISO20000 certified

• Enforces a method of review and assessment linked to continuous improvement

• Provides a competitive edge

• Staff morale boosted by working in a controlled environment

Internal service providers

• Enforces process compliance by turning the “shoulds” into “shalls” so that all the benefits of best practice ITSM will be gained

• Significant milestone for an IT department demonstrating professionalism that has been independently certified


• Supports the business to operate more effectively

- 26 -

Certification to ISO 20000 • ISO 20000 is increasingly seen as the quality standard for IT Service Management • Many companies striving to adopt for its benefits to them and to also help qualify and choose suppliers and partner organizations • Only a formal certification scheme provides independent verification of compliance • Raises internal profile


- 27 -

Gartner view of ISO20000 - 2006 By 2008 ITIL Compliance will be a buying criteria in 75% of relevant IT sourcing decisions (0.8 probability) By year end 2008 at least 60% public sector and at least 30% private sector relevant IT sourcing deals in mature ICT economies will demand ISO/IEC 20000 certification in their RFPs (0.6 probability)


- 28 -

Samsung Case Study Benefits • Verification of IT services delivery meeting the needs of our topnotch customers • 37.5% reduction in operational problems through proactive problem management • Paradigm shift on IT service management from the technology-centered to the customeroriented • Demonstrating strengths as a strategic partner in IT outsourcing market both internally and externally


- 29 -

ISO20000 – How to achieve certification

Implementing Service Management Some of the biggest challenges IT teams face when implementing Service Management include: 1) getting the attention and commitment of senior management and 2) ensuring acceptance and adoption of managed change throughout the organization.


- 31 -

Implementing Service Management Service Improvement Program

Preparation

What is the vision? What are our objectives?


Assessment

Implementation

Are we there? Where are we now? Where do we want to be? How do we get there?

- 32 -

Implementing Service Management

Preparation


Assessment

- 33 -

Implementation

Preparing for ISO20000


- 34 -

Planning and Business case • Use gap analysis to plan way forward including quick wins • Costs:

Auditors

Internal staff involvement

External consultancy

Training

Tools

• Benefits:

Quantifiable – service improvements, staff savings, cost savings and control, holding onto contracts, winning contracts if requirement of bids, taking on more services with same staff numbers etc

Non-quantifiable – quality improvements, competitive edge, staff morale, customer satisfaction etc


- 35 -

Establish Management System and Processes • Use a process approach to implementation • Examine each key component in the process • Examine issues • Compare current status VS requirements • Take action on the differences and improve

Process ownership • R esponsibility • A uthority • S kills • A ccountability • R ecognition The RASAR’s edge

• Organizational skills assessment and training plan • Use a specified case study as guidance © 2006 BSI Management Systems All Rights Reserved

- 36 -

Certification Assessment Stages • Pre- audit assessment (optional) • Documentation Assessment • Compliance Assessment

Pre-certification

Certification Body Issues Certificate

• Continuing Assessment • Triennial Re-assessment


Post-certification

- 37 -

Common Pit Falls to implementation 1.

Existing processes & procedures did not always align

2.

Some processes did NOT exist, others not being used

3.

Some staff did not really understand the difference between process & procedure

4.

Implementation resource – staff still had to do their “day job”

5.

Staff reluctant to admit if they don’t know or understand requirements

6.

Scope creep

7.

Not EVERYTHING recorded or measured, especially performance of identified improvements

8.

Concentration on tools rather than process implementation


- 38 -

How long will it take? • For a company who has not yet implemented ITIL

Approx. 18 months

• For a company who has implemented ITIL well

Approx. 9 months

• Remember that once the processes are designed and documented, they need to be rolled out and run for about 3 months before being audited to prove compliance


- 39 -

Summary

Qualifications • ISO20000 consultant (ITSMF)

3 day course examining part 1, part 2 and the certification process

Pre-requisite is ITIL Foundation + 5 years relevant IT experience

• ISO20000 auditor (ITSMF)

2 day course examining part 1 in detail with an overview of part 2 and the certification process

Pre-requisite is ISO9000/ISO27001/TickIT certified auditor or certified internal auditor

• Service Quality Management Foundation (EXIN)

3 day course examining part 1, part 2 and the quality management systems in ISO9000

Pre-requisite is IT Service Management experience, preferably the ITIL Foundation

• Many training providers offer non-accredited courses including awareness, planning to implement ISO20000


- 41 -

ISO 20000 Publicly AvaliableTraining • Understanding ISO 20000:2005 1 Day • ISO 20000:2005 - Internal Auditor course 3 Days • Implementing ISO 20000:2005 2 Days • Lead Auditor ISO 20000:2005 • 5 Days – Expected Launch October 2007 © 2006 BSI Management Systems All Rights Reserved

- 42 -

ISO20000 Certified Organizations • 161 Certified Organizations at April 2007 • External:Internal service provider ratio is approx. 2:1


- 43 -

ISO 20000 – The Future • Businesses are beginning to demonstrate increasing demand for ISO 20000-1:2005 certification • Certification will become a key market differentiator and pivotal in the selection of supplier and partner organizations. • Because of it’s strong structure and ability to show ROI, ISO 20000 will be THE frame work of choice for IT Service Management. • The standard itself will evolve to aid clarity, respond to feedback and align with ITIL3


- 44 -

References • ISO/IEC 20000

www.iso.org

www.bsi-global.com

www.ansi.org

• ISO20000 pocket guide

www.itsmf.com

• BSI: Achieving ISO20000 series • BSI: A managers guide to service management • BSI: Self assessment workbook

www.bsi-global.com

• ITSMF Certification scheme

www.isoiec20000certification.com


- 45 -

Thank You

[email protected] 314-831-7835 [email protected] www.bsiamericas.com 703-437-9000


- 46 -