3. About UL DQS Inc.
• Formed with partnership between Underwriters Laboratories Inc.
(UL) and DQS GmbH (German Registrar of Management Systems)
• DQS was founded by DGQ (German Society of Quality) and DIN
(German Institute of standardization)(German Institute of standardization)
• Global presence: 60 offices in 40 countries
• Best in class auditors: 1850 auditors worldwide
• Large customer base: 45000 certifications
4. Agenda
• ISO/IEC 20000 Basics
• Critical success factors
• Roadmap for ISO IEC 20000-1Roadmap for ISO IEC 20000 1
Q&A• Q&A
5. Standards in the ITSM Space
• ISO/IEC 20000:2011
• ISO/IEC 20000-1 Specification for
S i M tService Management
• ISO/IEC 20000-2 Code of Practice
• ITIL® - IT Infrastructure Library
ISO/IEC
20000-1
• Collection of best practices
• Managed by IT Service Management
Forum (itSMF)
20000 1
ISO/IEC
20000-2
• CMMI-SVC: Capability Maturity
Model Integrated for Services
• Collection of best practices
ITIL / CMMI-SVC
O i ti ’ Collection of best practices
• Published by Software Engineering
Institute
Organization’s
policies, procedures,
work instructions
6. Why ISO IEC 20000-1?
• Only standard that allows organizational
certification on ITSMcertification on ITSM
• Provides simple and concise roadmap for
ITSMITSM
• Provides foundation for continuous
improvement
• Pre-requisite for many government contractsq y g
7. Key Elements of a Management System
• Organizational policy
• People with defined roles responsibilities and• People with defined roles, responsibilities and
authorities
• Management processes related to:• Management processes related to:
– Planning
– Implementation and operation
– Performance measurement
– Management reviews
– Internal auditInternal audit
– Improvement
• Documentation providing auditable evidence
8. ISO IEC 20000-1:2011 Overview
Service Management System (SMS)
Management responsibility Governance of process
Establish SMS Resource management
Customers CustomersDocumentation management
Design and transition of new or changed services
Service
Service delivery processes
Service level management Service reporting
Capacity management Information security
S i ti it & il bilit B d ti & ti
Service
requirements Service
Control processes
Configuration management
Ch t
Service continuity & availability Budgeting & accounting
Change management
Release & deployment
Resolution process
Incident & service request
Relationship process
Business relationship
management
Problem management
management
Supplier management
9. ISO 20000:2011
4 34.1
5
Design and
4. Service Management System General
Requirements
6.1
Service Level
6. Service delivery process
4.2
n
4.3
Documentation
Management
4.1
Management
Responsibility
w
Design and
Transition of New
Or Changed
Service
Management
6.2
Service
Reporting
4.5
4
Governance of
Process operated
By other parties
4.4
Resource
Management
6.3
Service
Continuity &
Availability
Management
l
4.5
Establish &
Improve the
SMS
s
6.4
Budgeting &
Accounting
For IT services
7.1
Business
l i hi
7. Relationship
Processes
8.1
I id t
8. Resolution
processes
9. Control
Processes
9.1
Change
Management
6.5
Capacity
Management
6.6
Information
Relationship
Management
7.2
Supplier
Management
Incident
Management
8.2
Problem
9.2
Configuration
Management
Management
Security
Management
Management
Management
9.3
Release
Management
10. Requirements of ISO/IEC 20000-1:2011
• Section 4 – 9 (sections 1-3 are informational only)
E h “ h ll” i i• Each “shall” statement is a requirement.
“Documents required by the SMS shall be controlled”
• Standard says “WHAT” is required. Does not say
“HOW”
• “HOW” should be appropriate to the organizations
size and nature of business
11. Documentation required for an SMS (1/3)
• Required policies:
Service management policy– Service management policy
– Policy on continuous improvement
– Information security policyInformation security policy
– Change management policy
– Release policy
12. Documentation required for an SMS (2/3)
• Required procedures:
– CommunicationCommunication
– Document control
– Records control
I t l dit– Internal audit
– Service improvement
– Service delivery processes
– Relationship process
– Resolution process
– Control processesControl processes
• Service Management Manual – recommended best
practice
13. Documentation required for an SMS (3/3)
• Required plans:
– Service management planService management plan
– New service design plan
– Service transition plan
C it l– Capacity plan
– Service continuity and availability plan
– Release plan
14. Required artifacts
• Service catalogue
• Service Level Agreements• Service Level Agreements
• Supplier agreements
C fi ti M t D t b (CMDB)• Configuration Management Database (CMDB)
• Change control records
S i• Service reports
• Internal audit reports
• Management review reports
15. Critical success factors
• Selection of a service management tool
– Shall be appropriate to the business needpp p
– Home grown, COTS or open source
• Definition of service catalogue
D i ti f th i– Description of the service
– Service hours
– Service owner
– Service levels
– Service demand
• Establishing CMDB• Establishing CMDB
– Start with short list of CIs
– Establish relationships
16. Roadmap
Initiation Plan Do Check Act C
E
• Core team
formation
• Finalize scope
• Gap assessment
• Roadmap
• Project planning
• Define policies,
procedures
• Review
documents
• Plan internal
audits
• Conduct
internal audits
• Improvement
planning
• Deploy
improvement
E
R
T
I
F
• Awareness /
training
• Kick off
j p g
• Task allocation
• Tracking metrics
documents
• Implement
processes
• Monitor process
internal audits
• Corrective
action plan
improvement
plans
I
C
A
T
I
deployment
• Report progress
I
O
N
• Project team • Gap report
• Policies
• Procedures
• Audit plan
• Audit reports
• Improvement
plan
j
• Training records
p p
• Roadmap
• Procedures
•Progress reports
• Audit reports
• Action items
plan
17. Timeline
Initiation Plan Do
2~4 weeks 1 week 6~12 months
Every year
Initiation Plan Do
k
k
k
Continuous
Chec
Chec
Chec
8 weeks 10 weeks Assessment
Internal
audits
Act
RegistrationRegistration
audit Surveillance
audit