experiencefromimplementationofiso20000final-090714020327-phpapp02

7/29/2019 experiencefromimplementationofiso20000final-090714020327-phpapp02

1/25

Viktorija Donceva

Trajkovski & Partners Management Consulting

Ohrid, May 2009


2/25

Ifyoud

ontwantt

ohelp

yourself,no

one

can

Introduction

Law regulation from the National bank of the

Republic of Macedonia

ISO 20000:2005 standard requirements

Practical experience from implementation of

ISO 20000:2005

07.09.2013 2


3/25

Ifyoud

ontwantt

ohelp

yourself,no

one

can

07.09.2013 3


4/25

Ifyoud

ontwantt

ohelp

yourself,no

one

can

First worldwide standard specifically aimed

at IT Service Management

Describes processes for delivery of services

Aligned with and complementary to the

process approach defined within ITIL

ISO/IEC 20000 consists of two parts:

ISO/IEC 20000-1, the formal Specification

ISO/IEC 20000-2, the Code of Practice

Formerly British Standard 15000, adopted by

ISO in December, 2005

07.09.2013 4


5/25

Ifyoud

ontwantt

ohelp

yourself,no

one

can

07.09.2013 5


6/25

Ifyoud

ontwantt

ohelp

yourself,no

one

can

Introduction and overview

Scope, terms and definitions

Requirements for a management system

Planning and implementing ITSM

Planning and implementing new or changed

IT services

Process groupings

07.09.2013 6


7/25

Ifyoud

ontwantt

ohelp

yourself,no

one

can

07.09.2013 7

Overall management system

Planning and implementing service management

Planning and implementing new/changed services

Service delivery processes

Capacity management

Service continuity and

availabilitymanagement

Service level

management

Service reporting

Information security

management

Budgeting andaccounting for IT

services

Release processesRelease management

Resolution processesIncident management

Problem management

Relationship

processesBusiness relationship

management

Supplier management

Control processesConfiguration management

Change management


8/25

Ifyoudontwantt

ohelp

yourself,no

one

can

07.09.2013 8


9/25

Ifyoudontwantt

ohelp

yourself,no

one

can

DECISION on the bank's information system

security ("Official Gazette of the Republic of

Macedonia" No. 31/2008)

DECISION on amending the Decision on thebank's information system security ("Official

Gazette of RM" No. 78/08)

DECISION on amending the Decision on the

bank's information system security ("Official

Gazette of RM" No. 31/2009)

07.09.2013 9


10/25

Ifyoudontwanttohelp

yourself,no

one

can

Outsourcing company of the bank with main

activity of managing data processing system

and which based on written agreement

manages and stores bank data while

performing bank or financial activities.

The outsourcing company shall obligatorily

be certified in accordance with theinternational standard ISO/IEC 20000.

07.09.2013 10


11/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

07.09.2013 11


12/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

To provide a management system,

including polices and a frameworkto enable the effective

management and implementation

of all IT services

07.09.2013 12


13/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

Policies

Service management and improvement policy,

Budgeting and accounting policy, Release policy

etc.

Plans Service management plan, Service improvement

plan, Capacity plan etc.

Processes

Improvement process, supplier management

process, Change management process etc.

07.09.2013 13


14/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

Procedures

Document control, Incident management,

Problem management etc.

Records

Service level agreements, Management review

report, Proposal for new or changed services,

Risk Assessments, Configuration managementdatabase (CMDB)etc.

07.09.2013 14


15/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

07.09.2013 15


16/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

Implemented QMS based on ISO 9001:2000

Implemented ISMS based on ISO 27001:2005

Implementing ITSMS based on ISO 20000:2005

The Scope of the IT Service Management Systemare all the services that the organization

provides for its customers and for the internal

users.

ITSMS Framework + ITSM processesConnections and overlaps between the

management systems

07.09.2013 16


17/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

ISO/IEC 20000-1:2005 ISO 9001:2008 ISO/IEC 27001:2005

1 Scope 1 1

2 Terms & definitions 3 3

3 Requirements for a

management system4 4, A.6.1

4 Planning and implementingservice management

7.1 A.6

5 Planning and implementing

new or changed services7.2 A.10.3, A.12.1

6 Service delivery process 7.2

7 Relationship processes 7.2.3/4.1 4.1, 4.2, A.10.8

8 Resolution processes 8.5 A.10.10

9 Control processes 7.5.1 A.12.2

10 Release management 7.3

07.09.2013 17


18/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

1. Introduction

2. Service Management and Improvement Policy

3. IT Service Management System Overview

4. Management Responsibility

5. Organization for Service Management6. ITSMS Documentation

7. Services overview

8. Planning and implementing service

management9. Planning and implementing new or changed

services

10. Service Management Process Model

07.09.2013 18


19/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

Defined 13 processes based on ISO 20000:2005standard

Service Improvement Planning and implementing new or changed

services Service level management and reporting

Service continuity and availability management Budgeting and accounting for IT services Capacity management Business Relationship management Supplier management

Incident management Problem management Configuration management Change management Release management

07.09.2013 19


20/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

Service Level Management

ISO20000-1:2005 ref. number: 6.1

Service Level Management Goal

To maintain and improve IT Service quality,

through a constant cycle of agreeing,

monitoring and reporting upon IT Service

Achievements. Service Level Management objective

To define, agree, record and manage levels of

service

07.09.2013 20


21/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

07.09.2013 21


22/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

List of all services IT provides to Customers

Provides a clear explanation of the services,

Customers/Users, descriptions and costs

Essential to any service provider business inorder to define products and services

Managed and updated by the Business

Development Department

07.09.2013 22


23/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

Separate catalogs for services provided to

clients and internal services

Each service separately described through

the following information:

Service name, Status of service, Description of

service, Standard and additional service

features, Frequency of service delivery, Service

availability, Client technical requirements for

using the service, Service support (descriptionand hours), Service owner, Standard and

additional Tariff costs, Service delivery level

07.09.2013 23


24/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

Services included/excluded

Service hours

Availability / Reliability targets

Throughput, transaction response times, batch

turnaround times

Support arrangements / targets

Change targets

Security Plan

IT Service Continuity Plan Service costs and charges

Reviews and reporting

Penalties and Incentives

07.09.2013 24


25/25

Ifyoudontwanttohelp

yourse

lf,no

one

can

Questions?

Thank you for your

attention!

experiencefromimplementationofiso20000final-090714020327-phpapp02

Documents

Transcript of experiencefromimplementationofiso20000final-090714020327-phpapp02