Overcoming Challenges Through Standardization: ISO/IEC 20000 and ISO/IEC 27001 discusses how standardizing IT service management through ISO/IEC 20000 and information security through ISO/IEC 27001 can help organizations overcome challenges and improve business benefits. ISO/IEC 20000 provides a framework for IT service management, while ISO/IEC 27001 establishes policies and objectives for information security management. Certification to these standards results in more efficient operations, better decision making, increased competitiveness, and regulatory compliance. The document outlines steps organizations can take to implement the certifications, including planning, assessment, design, implementation, and external auditing.

1. Overcoming Challenges Through
Standardization: ISO/IEC 20000 and
ISO/IEC 27001
A.T.M. Didarul Hoq Chowdhury
Grameenphone IT Ltd. , Bangladesh
GPIT Ltd.

2. GPIT Ltd.
•Caused by a core switch
failure within RIM's
infrastructure.
•Although the system is
designed to failover to a back-
up switch, the failover did not
function as previously tested.
•A large backlog of data was
generated
•knocked out e-mail, BBM, and
Web service for more than 10
million customers in Europe,
the Middle East, Africa, and
parts of South America.

3. GPIT Ltd.
The report Gordon Hextall refers to recorded
the following:
“This has brought savings for the NHS of £192
million and will continue to save the service
almost £95 million each year as old networks
are replaced.
In addition to generating cash savings, N3 is
bringing benefits for the other frontline
applications which simply could not function
without it.”
N3 is the high-speed broadband
backbone network linking the
entire NHS in England, and
additional sites in Scotland. It
currently provides in excess of
30,000 connections serving 1.3
million employees through 63
points of presence across England
and Scotland.

4. GPIT Ltd.
Malware have been
targeting insider
information from
10,000 senior
executives who use
the compromised
Directors Desk app.

5. GPIT Ltd.

6. Changing Role of IT in last two Decades
GPIT Ltd.

7. GPIT Ltd.

8. GPIT Ltd.

9. f
GPIT Ltd.
Change is
Inevitable.
Adaptability
is optional.
Bruce Wilkinson

10. GPIT Ltd.

11. Management System
• System to establish policy and objectives and
to achieve those objectives.
11Internal

12. • A management system, including policies and framework to
enable the effective management and implementation of all
IT services.
• It is a natural progressive life cycle approach, Focused on
Value generation, business outcomes.
• It is Applicable across verticals and size , It is Non prescriptive
hence easy to tailor and adopt.
12Internal
IT Service Management System

14. GPIT Ltd.

15. The Business Benefits of ISO/IEC 20000
The business benefits were clearly visible in terms of the following:
• Optimum team sizing for various IT functions and considerable improvement in
operational and tactical efficiency to realize service delivery goals.
• The entire exercise is greatly contributing to meeting Go-To-Market growth
strategy aimed at the highly competitive B2B segment.
• Better decision-making
• More competitiveness and cost efficiency in delivering services
• Make quality predictable and repeatable
GPIT Ltd.

17. • The overall management system ,based on a
business risk approach ,to establish,
implement, operate, monitor, review, maintain
and improve information security.
17Internal
Information Security Management System

18. ISO/IEC 27001: Information Security
Management System (ISMS)
GPIT Ltd.

19. The Business Benefits of ISO/IEC 27001
• A structured process approach, to identify your own individual
information security issues, presently at risk in your company.
• An ISMS Certification brings confidence, that there is a
systematic approach in place to manage security, assuring
Confidentiality, Integrity and Availability of Information.
• Only security standard with global acceptance.
• Helps to meet regulatory compliance.
GPIT Ltd.

20. Transformation through IT Service
Management (ISO/IEC 20000)
GPIT Ltd.
The organization “was” The organization “Now”
Technology Focus Process Focus
Fire fighting Preventive
Reactive Proactive
Users Customers
Centralized, Done in house Distributed, sourced
Isolated, silos Integrated, enterprise-wide
One off Repeatable, accountable
Ad hoc Informal processes Formal practices
IT internal perspective Business perspective
Operation Focused Service Focused

21. PRINCIPLES of Managed Service
GPIT Ltd.
Say What
You Do –
Procedures
“Document”
Do What You
Say –
Implement
“Record”
Prove It -
Audits
Improve It –
Continuous
Improvement

22. Steps for Implementing the Certifications
• External CertificationPhase - 5
• Implementation and Pre AuditPhase - 4
• Design and DevelopmentPhase - 3
• Awareness and AssessmentPhase - 2
• Planning and Kick offPhase - 1
GPIT Ltd.

23. –Leadership by top management
–Project driven improvements (PMI, PRINCE)
–Service Culture
–Team work
–Customer orientation
–Make or buy
–ISO/IEC 20000/ 27001
Achieving High Quality Services
GPIT Ltd.

24. Gartner's Report
GPIT Ltd.

25. GPIT Ltd.

26. GPIT Ltd.

27. GPIT Ltd.

29. Questions?
GPIT Ltd.

30. Thank you…
GPIT Ltd.