1 ITIL and ISO/IEC 20000 Mr. Steve Pratt. 2 Introduction and Agenda What is IT Service Management?...
-
Upload
baldwin-nelson -
Category
Documents
-
view
219 -
download
0
Transcript of 1 ITIL and ISO/IEC 20000 Mr. Steve Pratt. 2 Introduction and Agenda What is IT Service Management?...
1
ITIL and ISO/IEC 20000
Mr. Steve Pratt
2
Introduction and Agenda• What is IT Service Management?
• What is ITIL and what are the benefits?
• What is ISO 20000?
• Structure and contents of ISO 20000
• ISO 20000 Certification scheme
• ISO 20000 Eligibility
• How does an organisation achieve Certification?
• Alignment of ITIL and ISO 20000
• Reasons for Implementation
• Benefits of Implementing the ISO 20000 Standard
• Where to go from here
• Summary
• Questions
3
IT Service Management
4
What is IT Service Management?
IT Service Management is a top-down, business driven approach to the management of IT that specifically addresses the strategic business value generated by the IT organisation and the need to deliver a high quality IT service.
IT Service Management is designed to focus on the people, processes and technology issues that IT organisations face.
5
Why is Service Management required?
• Organisations are increasingly dependent on IT service provision
• Higher visibility
• More exacting user demands
• Increased complexity of the infrastructure
• Charging for IT services
• Competition for customers
6
What do customers want?
• IT Services designed to meet Business requirements
• Cost efficient and effective services• Value for money• A consistent service• To be treated with respect and courtesy• Improved relationships• Expectations met or exceeded• To gain competitive edge over rivals• Increased Market share• Communication
7
From his book - Moments of Truth
• Every customer interaction is a moment of truth• Every moment of truth is an opportunity to make
a favourable impression on your customer• Look for the moments of truth in your business• If you are not making a favourable impression
what kind of an impression are you making? • Know every point of interaction• Convey the correct message at each transaction
Moments of Truth – Jan Carlzon
8
Realisation of Benefits
IDC survey - 79% reduction in downtime and other factors- total savings per user c $800 p.a.- ROI up 1300%
Gartner - 85% resolution at FPOC- cost per call down 30%- 50% reduction in new product cycle
Barclays - Downtime reduced from 60 to 15 mins
Proctor - $100 million p.a. savings!
and Gamble
itSMF survey - 70% achieving “tangible and measurable” benefits
9
ITIL
10
IT Infrastructure Library - ITIL
• Is “best practice” in IT Service Management, developed by OGC and supported by publications, qualifications and an international user group
• Assist organisations to develop a framework for IT Service Management
• Worldwide, most widely used best practice for IT Service Management
• Consists of a series of Core books giving guidance on the provision of quality IT services
11
Quality processes
Non-prescriptive guidance
Vendor/technology independent
Focused on process and people“Adopt and Adapt”
Planning to Implement IT Service Management
Application Management
The
Business
The
Technology
Service Management
ServiceSupport
ServiceDelivery
SecurityManagement
ICTInfrarstructureManagement
TheBusiness
Perspective
Suppliers
12
ITIL - The Four P’s
Enables development and delivery of high quality IT services
PartnersPartnersPartners
ProductsProductsProductsProcessProcess
PeoplePeoplePeople
CultureOrganisationCompetence
CultureOrganisationCompetence
What to doHow
WhereWhen
What to doHow
WhereWhen
Managedservices
SystemsNetworks
Tools
SystemsNetworks
Tools
13
Vision and Business
objectives
Assessments
Process Improvement
Metrics
Where do we want to be?
What is the Vision?
How do we know we have
arrived?
How do we get where we
want to be?
Where are we now?
Measurable Targets
How do we keep the momentum
going?
Developing effective Quality ITSM solutions
14
ITIL Processes & Function
Service Support Service Delivery
ITIL Processes
Service Desk
Incident Management
Problem Management
Change Management
Release Management
Configuration Management
Service Level Management
Availability Management
Capacity Management
IT Service Continuity Management
Financial Management for ITServices
ITIL Functions
15
• Continuous improvement in the quality of IT service provision
• Reduced long term costs in the development and delivery of IT services
• Reduced risk of not being able to meet business objectives
• Better communication between IT and the business• Greater productivity and best use of skills • Ability to absorb a high rate of change• IT staff are provided with best practice guidance• Compliance to procedures that are auditable
Benefits of ITIL
16
ISO/IEC 20000
17
What is ISO 20000
ISO 20000 can be summarised as:
• A standard to promote the adoption of an integrated process approach for the effective delivery of managed services to meet business and customer requirements
• A set of “controls” against which an organisation can be assessed for effective IT Service Management processes
• The ISO 20000 standard defines the requirements for an organisation to deliver managed services of an acceptable quality for its customers
18
Structure and Contents of ISO/IEC 20000
19
Structure of ISO 20000The Standard is divided into two distinct parts:
• Part 1 provides the requirements for IT service management to gain certification
• This is relevant to those responsible for initiating, implementing or maintaining IT service management in their organization
• Senior Management are responsible and accountable for ensuring all requirements of Part One are met if Certification is sought
20
Structure of ISO 20000
• Part 2 - Code of Practice for Service Management
• Provides guidance to internal auditors and assists service providers planning service improvements or preparing for audits against ISO 20000
21
Structure of ISO 20000• Part 3 - Scope & Applicability
• Advice on scoping for service management• Planning & improvements• Scope statements for Certification audits• Suggestions on applicability include adding
Communications or the even wider technology enabled services
• Not yet formally agreed. Agreement on content within 12 – 18 months of the Work group which met in May 2006
22
• Introduction and overview• Scope, terms and definitions• Requirements for a management system• Planning and implementing service management• Planning and implementing new or changed
services• Service delivery processes• Relationship processes• Resolution processes• Control processes• Release processes
Contents of ISO 20000
23
ISO 20000 Processes
Service Delivery ProcessesCapacity ManagementService Continuity &Availability Management
Planning & Implementation
Planning New Services
Management Systems Management Responsibility, DocumentationRequirements, Competences, Awareness & Training
Plan, Implement, Monitor, Improve(Plan…. Do…. Check….. Act……)
Planning & Implementing New or Changed Services
Service Level ManagementService Reporting
Information SecurityManagementBudgeting & Accounting forIT Services
Control ProcessesConfiguration Management
Change Management
Release Processes Relationship ProcessesResolution Processes
Release ManagementIncident ManagementProblem Management
Business RelationshipManagementSupplier Management
24
ISO/IEC 20000
Certification Scheme
25
• ISO 20000 is aimed at organisations providing a Service Management operation, whether internal or external
• Certification is NOT (in itself) appropriate for an organisation which provides best practice advice
• Certification is NOT possible for products such as Service Management tools
• The role of Consultancy organisations is to give advice in preparation for an independent audit
The scope of Certification
26
• itSMF will approve Registered Certification Bodies (RCBs) and grant a licence to use the itSMF logo
• RCBs are totally independent from any consultancy and their auditors have been specifically trained in IT Service Management
• Adding value to the organisation being audited and maintaining the quality of the certification
• Process areas already certified from other standards (eg ISO 9000, ISO 27001) are not usually required to be re-audited – as long as the scope is the same
Registered Certification Bodies (RCBs)
27
• BSI Management Systems (United Kingdom) • BVQI Ltd (offices worldwide) (United Kingdom) • CIS-Certification and Information Security Services GmbH • DNV Certification Ltd (United Kingdom) • DQS GmbH (Germany) • Japan Quality Assurance Organization • KEMA Quality BV (Netherlands) • KPMG Audit Plc (United Kingdom) • KPMG Quality Registrar (India) • LRQA Ltd (United Kingdom) • PSB Certification Pte Ltd • SGS Hong Kong Ltd • SGS United Kingdom Ltd • SQS (Switzerland) • STQC (India) • TUV Management Service GmbH (Germany) • TUV Nord Cert GmbH • Underwriters Laboratories Inc
Registered Certification Bodies (RCB)
28
ISO 20000 Relationships
OGC
RCBOrganisations
BSI
Organisations
Concordat Concordat
Concordat
ISO 20000
ISO 20000Scheme
Regulations
ISO 20000Qualification
Scheme
Own Own Use
Use
AccreditationServices
(e.g. UKAS)
Departmentof Trade &
Industry
MoU
MoU
Accredit
Certify
Register
Use
ExaminationPanel
AccreditationPanel
UseUse
AuditorsInternalAuditors
CourseProviders
Consultants
Accredit
Train
Certify
AdviseAssist
Employ
ITIL
Own Own
itSMF
Concordat - AgreementMoU - Memorandum of Understanding
29
Eligibility for Certification
30
• An organisation must be able to demonstrate it has management control of each of the ISO 20000 processes
• Management control of a process consists of:– knowledge and control of the inputs– knowledge, use and interpretation of the outputs– definition and measurement of metrics– demonstration of objective evidence of
accountability for process functionality– definition, measurement and review of process
improvements
Eligibility criteria
31
Certification Process
• Agreement on terms of reference and scope
• Agreement on dates, time-scales, locations, etc
• Possible off-site assessment of process documentation
• On-site audit of staff and process compliance
• Presentation of the audit findings
• Certification
32
Achieving
ISO/IEC 20000 Certification
33
• Assess what has to be done and obtain senior management buy-in• Develop a vision and plan• Get access to ITIL and ISO 20000 documentation:
– ISO 20000 Part 1 - Specification– ISO 20000 Part 2 – Code of Practice– BIP 0005 – A Managers guide to service management– BIP 0015 – IT service management – self assessment
workbook
• Consider other relevant standards:
– ISO 27001 – Information security Management– ISO 9000 – Quality management systems– ISO 10007 – Guidelines for configuration management– ISO 15504 - Information Technology Process Assessment– ISO 90003 - Guidelines for the application of ISO 9000: 2000 to
computer software
• Fully understand content and its implication on you and your organisation
• Talk to others similar organisations, consultants, training providers, forums and user groups
Understand what’s involved
34
• A stable framework for IT Service Management• IT Service provision aligned with Business Strategy• Ownership and Responsibility defined at all levels• Increased confidence and perception of the business and
customer• Improved quality, reputation and consistency of service• Competitive advantage over competitors• Consistent and cost-effective services• Reduced organisational risks and cost• Effective Supplier Management• Commitment that services will be delivered to accepted best
practice
Realising and articulating the benefits
35
• Adopt a Registered Certification Body (RCB)
• Confirm the scope of the audit
• Make sure you know what’s involved
• Carry out initial assessments to determine readiness
• Develop an overall plan and get commitment
• Carry out detailed reviews and assessments
• Create and manage a SIP (Plan, Do, Check, Act)
• Implement improvements
• Book a formal audit
Main steps to certification
36
Typically comprises:
• Agree terms of reference and scope• Off-site assessment of process documentation• On-site audit of staff and process compliance• Presentation of the audit findings
• and hopefully………….
presentation of the ISO/IEC 20000 Certificate
The certification audit
37
Post Certification Process
• Certification is valid for three years
• Annual surveillance audits are required
• Internal audits are recommended
• Full re-audit will be carried out on the third anniversary of Certification being awarded
38
Alignment with ITIL
39
ITIL Service Support Processes & Functions
Service Desk
Incident Management
Problem Management
Change Management
Release Management
Configuration Management
ISO 20000 ITIL
No formal Process
Resolution Processes
Control Processes
Release Process
40
ITIL Service Delivery Processes
No formal ProcessInformation Security Management
Capacity Management Capacity Management
Financial Management for ITServices
Budgeting & Accounting for ITServices
Availability Management
Service Continuity & AvailabilityManagement
IT Service Continuity Management
Service Level Management
Service Level Management
Service Reporting
Business Relationship Management
Supplier Management
ISO 20000 ITIL
41
Alignment of ISO 20000 and ITIL
• Driven either through choice, or by customer demand, ITIL has been adopted by many organisations as a proven methodology for managing their IT services
• Many organisations and in particular the Public Sector, see ITIL as a necessary requirement to conduct business
• ITIL however is not a standard, and therefore the alignment between ITIL and ISO 20000 allows an organisation to be effectively measured
42
• ISO 20000 Certification provides proof through audit that best practice has been deployed through an independent, external, evaluation by an approved audit organisation
• Customer demand for ISO 20000 Certification is fast becoming another business requirement for organisations to remain competitive
• ISO 20000 is aligned with ITIL
Alignment of ISO 20000 and ITIL
43
Inter Relationships
ISO 20000Part 1
ISO 20000Part 2
BIP 0005
ITIL
Internal Processes & Procedures Deploy Solution
Process Definition
Management Overview
Code of Practice
Objective to Achieve
ISO 20000 Part 1: - Specification for ServiceManagementISO 20000 Part 2: - Code of Practice forService ManagementBIP 0005: - A Managers GuideBIP 0015: Self Assessment Workbook
SelfAssessment
BIP 0015
44
• “The release of the British Standard for IT Service Management (BS 15000) marks the first step toward the delivery of IT services becoming much more consistent across organisational and national borders”
• “All improvement efforts in Service Management should be done with ITIL and BS 15000 as a frame of reference and baseline”
Gartner
Adopted internationally as ISO 20000 in December 2005
45
Reasons for Implementation
46
Reasons for Implementation
• ISO 20000 has become a basic business requirement for an organisation in the same manner as ISO 9000
• ISO 20000 provides the organisation with the means to operate more effectively and efficiently
• ISO 20000 provides an auditable method by which it can assess the quality and conformance of its IT Services
47
Reasons for Implementation
• ISO 20000 assists organisations to enforce process compliance
• ISO 20000 helps to significantly improve the morale of the IT department, the business and ultimately the Customer
• ISO 20000 provides clear evidence that the quality of IT Service Management is taken seriously
48
Benefits of ISO/IEC 20000
49
Benefits• Provides a stable framework for IT Service
Management• IT Service provision is aligned with Business
Strategy• Assists with meeting legislative compliance
requirements• Ownership and Responsibility defined at all levels• Creates a progressive ethos & culture• Increased business and customer confidence &
perception• Improved quality, reputation and consistency of
service• Impartial external method of assessment • Assessments recognised internationally
50
Benefits
• Assessment is important for process improvement• Provides a competitive advantage over competitors• Promotes consistent and cost-effective services• Provides a benchmark with best practices • Easier to justify or combat outsourcing• Creates a framework for service improvements• Reduces organisational risks and cost• Effective Supplier Management• Commitment that services will be delivered to
accepted best practice
51
Where to go from Here
52
• Prepare for certification through Consultancy Services– Assessment, implementation of processes, mentoring and guidance
• Undertake various forms of training:
– ISO 20000 Consultants Certificate:
• Aimed at experienced IT Service Management practitioners whose roles and responsibilities include preparing organisations for the adoption of ISO 20000.
– ISO 20000 Auditors Certificate:
• Aimed at experienced internal or external auditors who have at least 3 years’ general IT auditing experience and are either certified ISO 9000, ISO 27001 or TickIT auditors or are certified internal auditors
– Service Management
• ITIL Foundation, Practitioner, Managers• Planning To Implement• Experiential Learning & Awareness
• Select an approved Registered Certified Body
Where to go from Here
53
Useful Websites
• www.isoiec20000certification.com• www.itsmf.com
• www.iosm.com
• www.ogc.gov.uk
• www.itil.co.uk
• www.get-best-practice.biz
54
Summary
55
• Business requirement and customer satisfaction are primary considerations
• Information Services are a vital and core part of the business• Organisational culture is important and has to be right • We need to think end-to-end service• Service Management isn’t optional• Quality process-driven approaches and professional staff
really deliver value • Professional qualifications and certifications are becoming
increasingly important• ITIL and ISO 20000 provide a solid framework for developing
an appropriate solution
Summary
Almost all quality improvement comes via simplification of design, manufacturing... layout, processes, and procedures. Tom Peters
56
Questionswww.afiniti.co.uk