Experience from Implementation of ISO 20000

6,655 views

Published on

Practical experience from implementation of ISO 20000 that lead to successful certification.

Published in: Business, Technology
2 Comments
10 Likes
Statistics
Notes
No Downloads
Views
Total views
6,655
On SlideShare
0
From Embeds
0
Number of Embeds
76
Actions
Shares
0
Downloads
686
Comments
2
Likes
10
Embeds 0
No embeds

No notes for slide

Experience from Implementation of ISO 20000

  1. 1. Experience from implementation of ISO 20000:2005<br />Viktorija Donceva<br />Trajkovski & Partners Management Consulting<br />Ohrid, May 2009<br />
  2. 2. Contents<br /><ul><li>Introduction
  3. 3. Law regulation from the National bank of the Republic of Macedonia
  4. 4. ISO 20000:2005 standard requirements
  5. 5. Practical experience from implementation of ISO 20000:2005</li></ul>14.07.2009<br />2<br />
  6. 6. Introduction<br />14.07.2009<br />3<br />
  7. 7. What is ISO 20000?<br />First worldwide standard specifically aimed at IT Service Management<br />Describes processes for delivery of services<br />Aligned with and complementary to the process approach defined within ITIL<br />ISO/IEC 20000 consists of two parts: <br />ISO/IEC 20000-1, the formal Specification<br />ISO/IEC 20000-2, the Code of Practice<br />Formerly British Standard 15000, adopted by ISO in December, 2005<br />14.07.2009<br />4<br />
  8. 8. IT Service Management standards and best practice framework<br />14.07.2009<br />5<br />
  9. 9. ISO 20000 Structure<br /><ul><li>Introduction and overview
  10. 10. Scope, terms and definitions
  11. 11. Requirements for a management system
  12. 12. Planning and implementing ITSM
  13. 13. Planning and implementing new or changed IT services
  14. 14. Process groupings</li></ul>14.07.2009<br />6<br />
  15. 15. ISO 20000 Processes<br />14.07.2009<br />7<br />Control processes<br />Configuration management<br />Change management<br />
  16. 16. Law regulation from the National bank of the Republic of Macedonia<br />14.07.2009<br />8<br />
  17. 17. Decisions from NBRM<br />DECISION on the bank&apos;s information system security (&quot;Official Gazette of the Republic of Macedonia&quot; No. 31/2008)<br />DECISION on amending the Decision on the bank&apos;s information system security (&quot;Official Gazette of RM&quot; No. 78/08)<br />DECISION on amending the Decision on the bank&apos;s information system security (&quot;Official Gazette of RM&quot; No. 31/2009)<br />14.07.2009<br />9<br />
  18. 18. Requirements for outsourcing companies<br />Outsourcing company of the bank with main activity of managing data processing system and which based on written agreement manages and stores bank data while performing bank or financial activities.<br />The outsourcing company shall obligatorily be certified in accordance with the international standard ISO/IEC 20000.<br />14.07.2009<br />10<br />
  19. 19. ISO 20000:2005 standard requirements<br />14.07.2009<br />11<br />
  20. 20. Requirements for the management system<br />To provide a management system, including polices and a framework to enable the effective management and implementation of all IT services<br />14.07.2009<br />12<br />
  21. 21. Documents required by the standard<br />Policies<br />Service management and improvement policy, Budgeting and accounting policy, Release policy etc.<br />Plans<br />Service management plan, Service improvement plan, Capacity plan etc.<br />Processes<br />Improvement process, supplier management process, Change management process etc.<br />14.07.2009<br />13<br />
  22. 22. Documents required by the standard<br />Procedures<br />Document control, Incident management, Problem management etc.<br />Records<br />Service level agreements, Management review report, Proposal for new or changed services, Risk Assessments, Configuration management database (CMDB)etc.<br />14.07.2009<br />14<br />
  23. 23. Practical experience from implementation of ISO 20000:2005<br />14.07.2009<br />15<br />
  24. 24. Clients’ starting situation<br />Implemented QMS based on ISO 9001:2000<br />Implemented ISMS based on ISO 27001:2005<br />Implementing ITSMS based on ISO 20000:2005<br />The Scope of the IT Service Management System are all the services that the organization provides for its customers and for the internal users.<br />ITSMS Framework + ITSM processes<br />Connections and overlaps between the management systems<br />14.07.2009<br />16<br />
  25. 25. Connections and overlaps between the management systems<br />14.07.2009<br />17<br />
  26. 26. ITSMS Framework<br />Introduction<br />Service Management and Improvement Policy<br />IT Service Management System Overview<br />Management Responsibility<br />Organization for Service Management<br />ITSMS Documentation<br />Services overview<br />Planning and implementing service management<br />Planning and implementing new or changed services<br />Service Management Process Model<br />14.07.2009<br />18<br />
  27. 27. ITSMS Processes<br /><ul><li>Defined 13 processes based on ISO 20000:2005 standard
  28. 28. Service Improvement
  29. 29. Planning and implementing new or changed services
  30. 30. Service level management and reporting
  31. 31. Service continuity and availability management
  32. 32. Budgeting and accounting for IT services
  33. 33. Capacity management
  34. 34. Business Relationship management
  35. 35. Supplier management
  36. 36. Incident management
  37. 37. Problem management
  38. 38. Configuration management
  39. 39. Change management
  40. 40. Release management</li></ul>14.07.2009<br />19<br />
  41. 41. ISO 20000 key processes<br />Service Level Management<br />ISO20000-1:2005 ref. number: 6.1<br />Service Level Management Goal<br />To maintain and improve IT Service quality, through a constant cycle of agreeing, monitoring and reporting upon IT Service Achievements.<br />Service Level Management objective<br />To define, agree, record and manage levels of service<br />14.07.2009<br />20<br />
  42. 42. Service Level Management overview<br />14.07.2009<br />21<br />
  43. 43. Service catalog (1/2)<br />List of all services IT provides to Customers<br />Provides a clear explanation of the services, Customers/Users, descriptions and costs<br />Essential to any service provider business in order to define products and services<br />Managed and updated by the Business Development Department<br />14.07.2009<br />22<br />
  44. 44. Service catalog (2/2)<br />Separate catalogs for services provided to clients and internal services<br />Each service separately described through the following information:<br /><ul><li>Service name, Status of service, Description of service, Standard and additional service features, Frequency of service delivery, Service availability, Client technical requirements for using the service, Service support (description and hours), Service owner, Standard and additional Tariff costs, Service delivery level</li></ul>14.07.2009<br />23<br />
  45. 45. What goes into an SLA?<br /><ul><li>Services included/excluded
  46. 46. Service hours
  47. 47. Availability / Reliability targets
  48. 48. Throughput, transaction response times, batch turnaround times
  49. 49. Support arrangements / targets
  50. 50. Change targets
  51. 51. Security Plan
  52. 52. IT Service Continuity Plan
  53. 53. Service costs and charges
  54. 54. Reviews and reporting
  55. 55. Penalties and Incentives</li></ul>14.07.2009<br />24<br />
  56. 56. Questions?<br />Thank you for your attention!<br />14.07.2009<br />25<br />

×