Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What is iso iec 20000

986 views

Published on

ISO/IEC 20000 is a worldwide service management standard that describes the implementation of an integrated process approach for the delivery of services. It consists of a set of minimum requirements to audit an organization against effective Service Management. The standard promotes the adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements.

This white paper introduces the reader to what the standard is all about and why organizations choose to meet is requirements. It also describes the certification process and it has useful hints, tips and links.

Published in: Services
  • Be the first to comment

  • Be the first to like this

What is iso iec 20000

  1. 1. What is ISO/IEC 20000? An Introduction to the International Service Management Standard by Mart Rovers President INTERPROM ©InterProm USA Corporation – Confidential and Proprietary Information 110/19/2015
  2. 2. WHAT IS ISO/IEC 20000? Contents ©InterProm USA – Confidential and Proprietary Information 210/19/2015
  3. 3. Contents • Background Information • The Service Management System • The Service Quality Principles • A Pragmatic Norm • ISO/IEC 20000 Contributions • Benefits of ISO/IEC 20000 • The Certification Process • ISO/IEC 20000 Publications • Useful ISO/IEC 20000 Links • About the Presenter ©InterProm USA – Confidential and Proprietary Information 310/19/2015 International Standards Organization (ISO) is the Owner of ISO/IEC 20000
  4. 4. HISTORY AND CONTEXT Background Information ©InterProm USA – Confidential and Proprietary Information 410/19/2015
  5. 5. History – Before 2005 • ISO/IEC 20000 is the offspring of the British Standard 15000 (BS 15000), a standard of the British Standard Institute which originated in the 1990s. • The BS 15000 standard was introduced to measure the level of implementation of ITIL®’s best practices in an organization or its adherence to the goals of the ITIL processes. ©InterProm USA – Confidential and Proprietary Information 510/19/2015 ITIL is the acronym for Information Technology Infrastructure Library. Both ITIL and the Information Technology Infrastructure Library are registered trademarks that are owned by AXELOS Ltd.
  6. 6. History – In 2005 The Joint Technical Committee 1 / Subcommittee 7 of the ISO and IEC organizations released in 2005: • Part 1: ISO/IEC 20000-1:2005 – Specification – The normative part of the standard – The requirements to meet • Part 2: ISO/IEC 20000-2:2005 – Code of Practice – The informative part of the standard – The recommendations to meet the requirements ©InterProm USA – Confidential and Proprietary Information 610/19/2015
  7. 7. History – In 2011 and 2012 In 2011, a new version of the normative standard ISO/IEC 20000-1 was released: • ISO/IEC 20000-1:2011 – Service Management System Requirements – A list of 256 requirements a service provider “shall” adhere to when seeking certification In 2012, a new version of the informative standard ISO/IEC 20000-2 was released: • ISO/IEC 20000-2:2012 – Guidance on the Application of the Service Management System – A list of more than 800 recommendations a service provider “should” take into consideration when desiring to meet the 256 requirements ©InterProm USA – Confidential and Proprietary Information 710/19/2015
  8. 8. History – Since 2005 Since the introduction of the standard the Subcommittee has released several additional informative parts of the ISO/IEC 20000 standard • ISO/IEC TR 20000-3 – Guidance on the Scope Definition and Applicability of ISO/IEC 20000-1 • ISO/IEC TR 20000-4 – Process Reference Model • ISO/IEC TR 20000-5 – Exemplar Implementation Plan • ISO/IEC TR 20000-9 – Application of ISO/IEC 20000-1 to Cloud Services • ISO/IEC TR 20000-10 – Concepts and Terminology ©InterProm USA – Confidential and Proprietary Information 810/19/2015 TR stands for Technical Report
  9. 9. Context – ISO/IEC 20000… • … is a worldwide standard that describes the implementation of an integrated process approach for the delivery of IT services. • … consists of a set of minimum requirements to audit an organization against effective IT Service Management. ©InterProm USA – Confidential and Proprietary Information 910/19/2015 • … promotes the adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements. • … promotes the coordinated integration and implementation of the service management processes to provide the ongoing control, greater efficiency and opportunities for continual improvement.
  10. 10. ISO/IEC 20000 Structure ©InterProm USA – Confidential and Proprietary Information 1010/19/2015 4. Service Management System (SMS) Management responsibility Governance of processes operated by other parties Documentation management Resource management Establish the SMS Plan the SMS (Plan) Implement and operate the SMS (Do) Monitor and review the SMS (Check) Maintain and improve the SMS (Act) 5. Design and Transition of new or changed services 6. Service Delivery Processes Capacity management Service continuity & availability management Service level management Service reporting Information security management Budgeting & Accounting for services 9. Control Processes Configuration management Change management Release and deployment management 7. Relationship Processes8. Resolution Processes Incident and service request management Problem management Business relationship management Supplier management
  11. 11. SERVICE MANAGEMENT SYSTEM The SMS ©InterProm USA – Confidential and Proprietary Information 1110/19/2015
  12. 12. The SMS • The Service Management System (SMS) is what will be audited for certification. • The SMS is the framework of processes, tools and resources (human resources, technology resources, information resources, and financial resources) coordinately used to plan, execute, document and continually improve service management tasks in a goal-oriented, customer- oriented and quality-oriented way. ©InterProm USA – Confidential and Proprietary Information 1210/19/2015 4. Service Management System (SMS) Management responsibility Governance of processes operated by other parties Documentation management Resource management Establish the SMS Plan the SMS (Plan) Implement and operate the SMS (Do) Monitor and review the SMS (Check) Maintain and improve the SMS (Act) 5. Design and Transition of new or changed services 6. Service Delivery Processes Capacity management Service continuity & availability management Service level management Service reporting Information security management Budgeting & Accounting for services 9. Control Processes Configuration management Change management Release and deployment management 7. Relationship Processes8. Resolution Processes Incident and service request management Problem management Business relationship management Supplier management
  13. 13. The SMS Components Important components of the SMS are: • Management Responsibility • Governance of Processes Operated by Other Parties • Documentation Management • Resource Management • A structured approach to establish and improve the SMS, following the Deming Cycle • A set of 14 Strategic, Tactical and Operational processes ©InterProm USA – Confidential and Proprietary Information 1310/19/2015 4. Service Management System (SMS) Management responsibility Governance of processes operated by other parties Documentation management Resource management Establish the SMS Plan the SMS (Plan) Implement and operate the SMS (Do) Monitor and review the SMS (Check) Maintain and improve the SMS (Act) 5. Design and Transition of new or changed services 6. Service Delivery Processes Capacity management Service continuity & availability management Service level management Service reporting Information security management Budgeting & Accounting for services 9. Control Processes Configuration management Change management Release and deployment management 7. Relationship Processes8. Resolution Processes Incident and service request management Problem management Business relationship management Supplier management
  14. 14. The SMS Deming Cycle ISO/IEC 20000 provides the requirements of the steps involved to establish and maintain the SMS. These steps follow the Quality Circle of Deming: Plan-Do-Check-Act: • Plan the SMS (Plan) • Implement and Operate the SMS (Do) • Monitor and Review the SMS (Check) • Maintain and Improve the SMS (Act) ©InterProm USA – Confidential and Proprietary Information 1410/19/2015
  15. 15. SMS Triggers Answers to questions that trigger the SMS to start functioning are: 1. What are the customer and business requirements, needs and expectations? 2. What are the statutory and legal requirements the service provider needs to take into account? 3. Are there requirements of other standards the service provider needs to abide by? 4. Does the service provider have contractual obligations to adhere to? 5. What are the service requirements, as a result of these requirements and obligations as listed above? 6. What is the portfolio of services that is needed to meet these service requirements? 7. What is the service management policy and what is the service management plan, i.e. the service strategy, to meet these service requirements? ©InterProm USA – Confidential and Proprietary Information 1510/19/2015 4. Service Management System (SMS) Management responsibility Governance of processes operated by other parties Documentation management Resource management Establish the SMS Plan the SMS (Plan) Implement and operate the SMS (Do) Monitor and review the SMS (Check) Maintain and improve the SMS (Act) 5. Design and Transition of new or changed services 6. Service Delivery Processes Capacity management Service continuity & availability management Service level management Service reporting Information security management Budgeting & Accounting for services 9. Control Processes Configuration management Change management Release and deployment management 7. Relationship Processes8. Resolution Processes Incident and service request management Problem management Business relationship management Supplier management
  16. 16. A Working SMS The execution of the service management plan will be performed by the 14 ISO/IEC 20000 processes. • Strategic Processes – Relationship Processes • Tactical Processes – Design and Transition of New or Changed Services (process #14) – Service Delivery Processes • Operational Processes – Control Processes – Resolution Processes ©InterProm USA – Confidential and Proprietary Information 1610/19/2015 Service Delivery Processes: 1. Service Level Management 2. Service Reporting 3. Service Continuity and Availability Management 4. Budgeting and Accounting for Services 5. Capacity Management 6. Information Security Management Relationship Processes: 7. Business Relationship Management 8. Supplier Management Resolution Processes: 9. Incident and Service Request Management 10. Problem Management Control Processes: 11. Configuration Management 12. Change Management 13. Release and Deployment Management
  17. 17. The Purpose of the SMS Ultimately, the SMS serves one major purpose: • Turning customers with needs, expectations and requirements into satisfied customers. This is why the standard focuses on effectiveness. Overtime, the focus can shift towards efficiency by means of continuous improvements. ©InterProm USA – Confidential and Proprietary Information 1710/19/2015
  18. 18. PERMANENCY OF SERVICE QUALITY Service Quality Principles ©InterProm USA – Confidential and Proprietary Information 1810/19/2015
  19. 19. ISO/IEC 20000 is Framework-neutral ©InterProm USA – Confidential and Proprietary Information 1910/19/2015 ISO/IEC 20000-1 ISO/IEC 20000-2 Service Management Frameworks (e.g. ITIL, COBIT, Six Sigma, PMBOK, PRINCE2, CMMI) & Quality Management and Other Supporting Standards (e.g. ISO 9000 and ISO 31000, ISO/IEC 27001, ISO/IEC 38500, ISO22301, ISO 21500, ISO/IEC 15504) ISO/IEC 20000 is based on many frameworks, such as ITIL and COBIT. This does not imply that an organization is required to adopt the best practices of these frameworks In order to meet the standard’s requirements. ISO/IEC 20000 relates to many other ISO standards such as ISO 9001, ISO/IEC 27001 and ISO 31000. This does not imply that an organization has to meet the requirements of these related standards. These standards merely serve as additional guidance.
  20. 20. Service Quality Principles • ISO/IEC 20000 incorporates all of the eight quality management principles of ISO 9001 • Every ISO/IEC 20000-1 requirement supports one or more of these quality principles. • What does this mean? Implementing the requirements of the standard will bring a cultural and organizational change. ©InterProm USA – Confidential and Proprietary Information 2010/19/2015
  21. 21. Importance of Principles • Principles are Guidelines for Human Conduct that are proven to have Enduring Permanent Value • Principles are deep, fundamental truths • Principles are unarguable because they are self-evident • Principles have a universal application ©InterProm USA – Confidential and Proprietary Information 2110/19/2015
  22. 22. COMMON SENSE PREVAILS A Pragmatic Norm ©InterProm USA – Confidential and Proprietary Information 2210/19/2015
  23. 23. Pragmatic Requirements • Representatives of more than 20 countries, working together in the Joint Technical Committee 1 / Subcommittee 7 of the ISO/IEC organizations, have contributed to the 2011 version of the standard through a transparent and democratic voting process • Years of combined practical experience has resulted in a collection of logical, pragmatic and clear requirements ©InterProm USA – Confidential and Proprietary Information 2310/19/2015
  24. 24. Pragmatic Norms For… • Leadership • Business Relationship Managers • Supplier/Vendor Management Managers • Project Managers • Business Analysts • Human Resource Managers • Service Owners • Process Owners • Asset Owners • Talent Managers • And more… ©InterProm USA – Confidential and Proprietary Information 2410/19/2015 For Any Service Provider, Not just IT Organizations
  25. 25. WHEN TO CONSIDER ISO/IEC 20000 Contributions ©InterProm USA – Confidential and Proprietary Information 2510/19/2015
  26. 26. When to Consider? (1 of 4) • When comparing IT service providers. ISO/IEC 20000 provides uniform and common language as well as a norm for benchmarking • When selecting an IT service provider. An IT organization can express added value when offering its services and distinguish itself from its competition • When an IT department/organization is looking for ways to better understand the needs of the customer. ISO/IEC 20000 can be a norm to improve IT governance ©InterProm USA – Confidential and Proprietary Information 2610/19/2015
  27. 27. When to Consider? (2 of 4) • When needing guidance to determine which best practices to focus on first when adopting industry best practices to improve the effectiveness and efficiency of the IT department/organization • When seeking increased transparency of IT service provision costs, risks, IT budgets and costs • When looking for ways to implement changes faster and more effective and when seeking for a norm to improve efficiency and effectiveness ©InterProm USA – Confidential and Proprietary Information 2710/19/2015
  28. 28. When to Consider? (3 of 4) • When attempting to better align the IT department’s/organization’s services to a third party’s services, creating a uniform chain of services in particular from a process perspective • When looking for an effective method and uniform guidelines to outsource or offshore through a well-aligned process interfaces and common and consistent nomenclature. A norm which regulates outsourcing • When seeking a norm for reliable and available quality IT services ©InterProm USA – Confidential and Proprietary Information 2810/19/2015
  29. 29. When to Consider? (4 of 4) • When looking for evidence that IT’s processes are in compliance with international financial and security norms, rules and regulations • When going for a broad range of quality improvements within the IT department/organization, as well as boosting IT’s professional image • When looking for an independent and non-biased baseline to weigh service providers against and use it as a norm ©InterProm USA – Confidential and Proprietary Information 2910/19/2015
  30. 30. WHAT TO EXPECT? Benefits of ISO/IEC 20000 ©InterProm USA – Confidential and Proprietary Information 3010/19/2015
  31. 31. What to Expect? (1 of 2) • To qualify for new customers; more and more companies and organizations consider ISO/IEC 20000 certification an essential requirement for conducting business with a new vendor • To enter global markets; the ISO/IEC 20000 standards are widely recognized • To objectively measure the level of compliance to industry best practices • To have better information available for numerous purposes • To better streamline to various process improvements that may go on simultaneously in an IT department ©InterProm USA – Confidential and Proprietary Information 3110/19/2015
  32. 32. What to Expect? (2 of 2) • To provide guidance with prioritizing the best practices to be implemented in an IT department • To give a company or organization a competitive edge • To show a drive for quality services • To objectively assess and benchmark IT’s level of maturity • To increase customer focus and transparency of value provided to the business • To establish a mentality of continual improvement in IT ©InterProm USA – Confidential and Proprietary Information 3210/19/2015
  33. 33. STEPS TOWARDS CERTIFICATION The Certification Process ©InterProm USA – Confidential and Proprietary Information 3310/19/2015
  34. 34. 7 Steps to become Certified and uphold Certification 1. Complete a Questionnaire of the RCB 2. Apply for an Assessment by the RCB 3. Conduct an optional pre-audit by the RCB 4. Conduct the Initial Audit (Stage 1) – Documentation Review 5. Conduct the Certification Audit (Stage 2) – Onsite Inspection – Interviews – Records Review 6. Conduct Surveillance Audits every 12 months – Spot Checks 7. Conduct the Re-certification Audit every 3 years – Stage 1 – Stage 2 ©InterProm USA – Confidential and Proprietary Information 3410/19/2015
  35. 35. READING MATERIAL ISO/IEC 20000 Publications ©InterProm USA – Confidential and Proprietary Information 3510/19/2015
  36. 36. ISO/IEC 20000 Publication • ISO/IEC 20000-1:2011 – A Pocket Guide • Publisher: Van Haren Publishing • ISBN-13: 978-9087537265 • Author: Mart Rovers • Price: USD$25 • This Pocket Guide provides a concise explanation of the nature, content and aim of ISO/IEC 20000-1: 2011 and a short summary of ISO/IEC 20000-2:2012. ©InterProm USA – Confidential and Proprietary Information 3610/19/2015
  37. 37. LEARN MORE… Useful ISO/IEC 20000 Links ©InterProm USA – Confidential and Proprietary Information 3710/19/2015
  38. 38. ISO/IEC 20000 Links • ISO Organization: http://www.iso.org • ISO Standard: http://www.iso.org/iso/home/store/catalogue_ics.htm • http://webstore.ansi.org/ • ISO/IEC 20000 Certification Training: http://www.interpromusa.com/training-services/iso-iec- 20000-certification-training/ • ISO/IEC 20000 Books: http://www.interpromusa.com/resources/ • ISO/IEC 20000 Certified Firms: http://www.isoiec20000certification.com/ • ISO/IEC 20000 RCBs: http://www.isoiec20000certification.com/ ©InterProm USA – Confidential and Proprietary Information 3810/19/2015
  39. 39. MART ROVERS About the Presenter ©InterProm USA – Confidential and Proprietary Information 3910/19/2015
  40. 40. About Mart Rovers • Mart Rovers is the President of INTEPROM. He has over 30 years of experience in IT and has been consulting and training in IT Service Management (ITSM), Information Security Management (ISM), IT Governance and Business Continuity Management since 1992. • He has led numerous organizations towards becoming ISO/IEC 20000, ISO/IEC 27001, and ISO 22301 certified. • He is a frequent speaker at international events and is the author of the ISO/IEC 20000 – A Pocket Guide • Mart received his MBA degree in Information Analytics and holds BS degrees in Mathematics, Statistics and in Marketing. ©InterProm USA – Confidential and Proprietary Information 4010/19/2015

×