Iso 20000 presentation
•Download as PPT, PDF•
1 like•3,222 views
ISO 20000 IT Service Management System abridged overview. It is concise and brief and focuses on the requirements in claauses 4 and 6 only.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (18)
Similar to Iso 20000 presentation
Similar to Iso 20000 presentation (20)
Recently uploaded
Recently uploaded (20)
Iso 20000 presentation
- 1. Musibau Taiwo Lasisi ISO 20000 Lead Auditor (PMP, ISO 9001 L.A,LSSBB,COBIT,ITIL) musibaulasisi@gmail.com
- 2. Reasons for Implementation Benefits Additional Benefits Clause 4.1 – 4.4 Clause 6.1 – 6.6
- 3. ISO 20000 has become a basic business requirement for an organisation in the same manner as ISO 9000 ISO 20000 provides the organisation with the means to operate more effectively and efficiently ISO 20000 provides an auditable method by which it can assess the quality and conformance of its IT Services ISO 20000 assists organisations to enforce process compliance ISO 20000 helps to significantly improve the morale of the IT department, the business and ultimately the Customer ISO 20000 provides clear evidence that the quality of IT Service Management is taken seriously 3
- 5. Provides a competitive advantage over competitors Promotes consistent and cost-effective services Easier to justify or combat outsourcing Reduces organisational risks and cost Effective Supplier Management Provides a stable framework for IT Service Management Assists with meeting Regulatory compliance requirements Ownership and Responsibility defined at all levels Creates a progressive ethos & culture Increased business and customer confidence & perception Improved quality, reputation and consistency of service 5
- 6. Top Management shall: Establish a Service Management policy, objectives and plans Communicate the importance of achieving the objectives of service management and the need for continuous improvement Ensure that customer requirements are determined and met Designate a management representative to manage the IT SMS 6
- 7. • Identify the processes or parts operated by other parties • Demonstrate responsibility and authority • Control the definition of processes and interfaces with other processes • Determining the process performance and compliance with the requirements of the process • Control the planning and prioritization of improvements • Through Suppliers Management or Service Level Management 7
- 8. The documentation should include: ◦ Service Management Policies and plans ◦ Service level agreements ◦ Documented catalog of services ◦ Documented processes, procedures and records required by ISO / IEC 20000-1 ◦ Procedures for the creation, review, approval, maintenance, disposal and control of documents and records must be established 8
- 9. The organization must: ◦ Define and maintain the roles, responsibilities and authority of SM ◦ Critically analyze and manage skills and training needs Top management shall ensure that employees are aware of: ◦ The relevance and importance of their activities ◦ How they contribute to the objectives of SM 9
- 10. 10 customercustomer serviceservice IT InfrastructureIT Infrastructure customercustomer The Service Level AgreementThe Service Level Agreement serviceservice IT InfrastructureIT Infrastructure customercustomer customercustomer Basic SLA SLA based on customer Each department / customer may have different requirements agreed Service Level agreed Service Level
- 11. Service Level Agreements basically: Communicates the IT customer needs Communicates to the customer how IT can meet those needs and at what cost Remove Misunderstandings conflicts dissatisfactions 11
- 12. Describe each service including: identity purpose Audience Details of the data source Produce reports of services meeting identified needs and customer requirements 12
- 13. The service report usually includes: Required Vs Actual service level goals Issues of non-compliance Characteristics of the workload Reports of resolution & control processes Trend Information Customer Satisfaction analysis 13
- 14. Requirements for availability and continuity of service shall be identified on the basis of: Business Plans SLAs Risk Assessments Requirements should include rights of access, response times and availability "end-to-end" system components 14
- 15. Availability and service continuity plans should be: Developed and critically analyzed annually to ensure all requirements are met in all circumstances Maintained to ensure they reflect the combined changes required by the business Re-test any major change in the business environment 15
- 16. The change management process should evaluate the impact of any change in the availability and service continuity plan availability should be measured and recorded Unplanned unavailability should be investigated and actions taken Preventive action should be taken 16
- 17. The organization must have clear policies and procedures for: Budgeting and accounting for all components Apportioning indirect costs and allocating direct costs to services to provide overall cost for each service Effective financial control and authorization 17
- 18. Costs should be budgeted in sufficient detail to enable effective financial control and decision making The service provider should: Monitor and report costs against budget Critically analyze financial forecasts Manage costs appropriately Changes in services should be budgeted approved by change management process 18
- 19. Creating, implementing and maintaining a capacity plan taking into consideration human, technical, information and financial resources: Agreeing Capacity and performance requirements. Capacity plan shall include at least: Current and forecast demand for services Timescales, thresholds and costs for upgrades to service capacity Potential impact of statutory, regulatory, contractual , organizational changes, new technologies and new techniques 19
- 20. Direction with own authority: Adopt an information security policy Communicate the policy to relevant personnel, suppliers and customers Ensure Information security risk assessments are conducted at planned intervals Ensure internal audits of information security management system and audit results reviewed for opportunity for improvements 20 SEEISO/IEC 27000series
- 21. Document, Implement and operate physical, administrative and technical information security controls in order to: Preserve confidentiality, integrity and accessibility of information assets Fulfil policy requirements Manage risks related to information security Basic arrangements involving third party access on a formal agreement defining safety requirements 21 SEEISO/IEC 27001Annex A
Editor's Notes
- In the charts above, the customer is at the top. The SLA defines the targets of the service provided (availability, response times). The service itself may be troubleshooting problems with email, the printer server, and internet access. NOTE – IT infrastructure is underpinned by operational level agreements and underpinning contracts with third parties. SLM is the process that: Provides contact point between the ISG and the customer Helps the service provider agree with customer on the levels of services to be delivered Ensures the IT group can consistently deliver services by monitoring service achievements and reporting to the customer Note: the customer is typically internal for IT.
- A SLA may contain components such as: Scope – the organization-wide installation of Microsoft Outlook Service hours – 24/7/365 Target Availability – 95% of 50 hours Reliability – the Mean time between failures Support – who to contact, when Response – respond times for each type of problem Deliverables – steps involved in delivering solution (e.g., escalation process may include definition os incident impact and priority). Change approval – who has to be made aware of changes to the SLA?