Revising ISO/IEC 20000

to fit the future of

service management

Name: Lynda Cooper Date: November 24th

Agenda• Brief overview of ISO20000

• Changes

• Why and How

• What

• Your views and how you can influence the changes

Lynda Cooper• Project editor ISO/IEC 20000-1, Chair of BSI committee, UK representative to ISO

committee

• APMG - Deputy chief examiner ISO20000, Member of ISO27001 exam panel

• EXIN - Auditor for ISO20000, ISO27001, ITIL, Agile

• BSI Training and Quint – trainer in ISO20000 and ISO27001

• UKAS assessor for ISO20000 and ISO27001 (assess the certification bodies)

• ITIL Master, assessor for ITIL Master for APMG and Exin

• Independent consultant

BRIEF OVERVIEW OF ISO20000

ISO/IEC 20000What is it?

• A standard that includes the design, transition, delivery and improvement of services that fulfil service requirements and provide value for both the customer and the service provider

• A management system standard (like ISO9001) that can be used to assess for compliance

What it is not:• A product or tool standard

• A service standard

• A maturity model

Scope of ISO20000• The management of Information, Communication and Technology Enabled Services

• Examples

• IT services

• Infrastructure management

• Application management

• Desktop support

• etc.

• Telecoms

• Media

• Cloud services

• Business process outsourcing• …………………………….

ISO/IEC 20000 Series • ISO/IEC 20000 consists of multiple parts:

• ISO/IEC 20000-1: 2011: Service management system requirements

• ISO/IEC 20000-2: 2012 : Guidance on the application of SMS

• ISO/IEC 20000-3: 2012 : Guidance on scope definition and applicability

• ISO/IEC 20000-5: 2013: Exemplar implementation plan for ISO/IEC 20000-1

• ISO/IEC 20000-9:2015: The application of ISO/IEC 20000-1 to cloud services

• Part 10 concepts and vocabulary

• Part 11 – mapping to ITIL (ready for publication)

• Part 12 – mapping to CMMi-SVC (in development – due out late 2016)

• ISO/IEC 27013, ISO/IEC 90006 – Integration guidelines

Further information• BSI books

• A managers guide to service management

• Introduction to the ISO/IEC 20000 series

• APMG web site ISO20000 blogs

http://blog.apmg–international.com/author/lynda–cooper/

• Many LinkedIn forums

• Qualifications – APMG, BCS, Exin, Peoplecert

CHANGES TO ISO20000 – WHY? HOW?

Why - Drivers for revision• All standards reviewed every 5 years

• remove, keep as is or revise

• All management system standards are moving to new common high level structure with

common requirements

• known as Annex SL

• Changes in services market

• Lessons learned, feedback on current standard

• Other standards have been revised and changes need to be made to retain alignment

• 9001 and 27001 primarily

How - Approach• Principles of the ISO20000 series agreed

• Study group on revision

• National body comments

• Survey

How - Timeline• ISO processes are slow. They need to take into account

the views of all countries and gain consensus on the

updates made. Standards cannot change too frequently

as it would be difficult for the users of the standards.

Start revision

2015

Publish Part 1 2018

Publish other parts 2018 - 20

CHANGES TO ISO20000-1 - DEFINITE

Structure of ISO/IEC 20000-1

Current contents Part 11. Scope

2. Normative references

3. Terms and definitions

4. Service management system general requirements

5. Design and transition of new or changed services

6. Service delivery processes

7. Relationship processes

8. Resolution processes

9. Control processes

Future contents Part 11. Scope

2. Normative references

3. Terms and definitions

4. Context of the service provider

5. Leadership

6. Planning

7. Support of the SMS

8. Operation of the SMS and the services

9. Performance evaluation

10. Improvement

Current Part 1 mapped to new structure

• 4 – SMS general requirements• requirements of current clause 4 are superceded by or will be added into standard

structure clauses 4 - 10

• 5 – Design and transition

• 6 – Service delivery

• 7 - Relationship

• 8 - Resolution

• 9 - Control

Will be added into standard structure clause 8 -Operation

Changes to current clause 4

• Organisational context

• Risk based approach – more than currently in ISO20000-1, preventive action gone

• Objectives – at top level and also at relevant functions/levels

• More requirements for monitoring, measurement, analysis and evaluation

• PDCA is not emphasised now although implicit – other methods of continual improvement can be used

PLAN

4.

5.

6.

7.

DO

8. CHECK

9. ACT

10.

Terms and definitions

New terms from Annex SL• Policy

• Objective

• Competence

• Performance

• Outsource

• Monitoring

• Measurement

• Audit

• Conformity

Potential additions• User

• Value

• Asset

CHANGES TO ISO20000NOTE – NOTHING IS FINALISED

What, not how• Budgeting and accounting to be less prescriptive

• Simplify the requirements around governance of processes operated by other

parties, add in provision of service components by other parties

• Reduce the number of procedures and concentrate on the actual

requirements instead

• The detail if removed from part 1 will go to part 2 so will not be lost

Maximum 20 pages of requirements• Avoid duplication

• risk management approach in one place only - SM plan and not info sec

process

• Evaluation of other parties in one place – not both DTNCS and supplier

management

• Combine common items together

• requirements scattered throughout the standard to control changes to

documents using change management to be put into one place

• requirements scattered throughout the standard to do impact

assessment of RFCs to be put into change management

Simplify/clarify the difficult areas

• DTNCS/clause 5 requirements and the relationship with

change management

• Internal audit, info sec audit, configuration audit - clarify

• Review of service in SLM and BRM – clarify differences

12/2/2015 Service 20000 Ltd 2015 23

Future lookingRemove some requirements which are not working well for commodity services. For example:

• List of contents of contracts, to allow for standard contracts with large product suppliers and cloud providers

• Agree definitions of major incident, service complaint, emergency change/release with customers – remove agree

• Agree service catalogue with customers – many service providers have a standard catalogue of services which the customer chooses from, remove agree

Customer perspective• More on understanding value of the services to various

parties

• Clear distinction between customers and users

• Possible new part in the future on guidance for customers

on what to expect from an ISO20000 certified service

provider

Integration with 9001 and 27001• Common structure and many common requirements

• Alignment with 27001 for information security process

• ensure that 20000-1 is not implying that there needs to be

an ISMS within the SMS. This will simplify the information

security requirements in 20000-1

• Review the revised 9001 edition due out Sept 2015 and

check for any changes needed in 20000-1

Structural changes

• Separate out joint processes• Service continuity and availability

• Incident and service request

• Service catalogue and Service level management

• Plan/design/develop new or changed services and

transition of new or changed services

Suggested additions• Add processes or requirements in other clauses/processes

• Plan the service (incorporating aspects of portfolio mgt)

• Knowledge management (as in 9001)

• Asset management

• Requirements management

• Understanding value

• Governance

• Service integration

SIAM• Can suppliers working in a SIAM environment gain certification

to ISO20000?

• What about the SIAM lead who is only doing SLM, BRM and supplier mgt?

• What about the towers of supplier activity?

• Scenarios to be added to part 3

• Study group at ISO level looking into governance and service management of services provided with multiple suppliers

YOUR VIEWS AND HOW YOU CAN BE

INVOLVED

What do you think and why?• What needs to stay the same?

• What needs to change?

• Does anything need to be deleted?

• Does anything need to be added?

How you can get involved• Send your input to the ITSMF representative to the BSI

committee on service management

• Mark Lillycrop

• This can then be input to the UK BSI committee and, if

agreed, can go forward for consideration at international

level

• Join the BSI committee – we are looking for more

knowledgeable and active members

LYNDA.COOPER@SERVICE20000.COM

Thank you