Revising ISO/IEC 20000
to fit the future of
service management
Name: Lynda Cooper Date: November 24th
Agenda• Brief overview of ISO20000
• Changes
• Why and How
• What
• Your views and how you can influence the changes
Lynda Cooper• Project editor ISO/IEC 20000-1, Chair of BSI committee, UK representative to ISO
committee
• APMG - Deputy chief examiner ISO20000, Member of ISO27001 exam panel
• EXIN - Auditor for ISO20000, ISO27001, ITIL, Agile
• BSI Training and Quint – trainer in ISO20000 and ISO27001
• UKAS assessor for ISO20000 and ISO27001 (assess the certification bodies)
• ITIL Master, assessor for ITIL Master for APMG and Exin
• Independent consultant
BRIEF OVERVIEW OF ISO20000
ISO/IEC 20000What is it?
• A standard that includes the design, transition, delivery and improvement of services that fulfil service requirements and provide value for both the customer and the service provider
• A management system standard (like ISO9001) that can be used to assess for compliance
What it is not:• A product or tool standard
• A service standard
• A maturity model
Scope of ISO20000• The management of Information, Communication and Technology Enabled Services
• Examples
• IT services
• Infrastructure management
• Application management
• Desktop support
• etc.
• Telecoms
• Media
• Cloud services
• Business process outsourcing• …………………………….
ISO/IEC 20000 Series • ISO/IEC 20000 consists of multiple parts:
• ISO/IEC 20000-1: 2011: Service management system requirements
• ISO/IEC 20000-2: 2012 : Guidance on the application of SMS
• ISO/IEC 20000-3: 2012 : Guidance on scope definition and applicability
• ISO/IEC 20000-5: 2013: Exemplar implementation plan for ISO/IEC 20000-1
• ISO/IEC 20000-9:2015: The application of ISO/IEC 20000-1 to cloud services
• Part 10 concepts and vocabulary
• Part 11 – mapping to ITIL (ready for publication)
• Part 12 – mapping to CMMi-SVC (in development – due out late 2016)
• ISO/IEC 27013, ISO/IEC 90006 – Integration guidelines
Further information• BSI books
• A managers guide to service management
• Introduction to the ISO/IEC 20000 series
• APMG web site ISO20000 blogs
http://blog.apmg–international.com/author/lynda–cooper/
• Many LinkedIn forums
• Qualifications – APMG, BCS, Exin, Peoplecert
CHANGES TO ISO20000 – WHY? HOW?
Why - Drivers for revision• All standards reviewed every 5 years
• remove, keep as is or revise
• All management system standards are moving to new common high level structure with
common requirements
• known as Annex SL
• Changes in services market
• Lessons learned, feedback on current standard
• Other standards have been revised and changes need to be made to retain alignment
• 9001 and 27001 primarily
How - Approach• Principles of the ISO20000 series agreed
• Study group on revision
• National body comments
• Survey
How - Timeline• ISO processes are slow. They need to take into account
the views of all countries and gain consensus on the
updates made. Standards cannot change too frequently
as it would be difficult for the users of the standards.
Start revision
2015
Publish Part 1 2018
Publish other parts 2018 - 20
CHANGES TO ISO20000-1 - DEFINITE
Structure of ISO/IEC 20000-1
Current contents Part 11. Scope
2. Normative references
3. Terms and definitions
4. Service management system general requirements
5. Design and transition of new or changed services
6. Service delivery processes
7. Relationship processes
8. Resolution processes
9. Control processes
Future contents Part 11. Scope
2. Normative references
3. Terms and definitions
4. Context of the service provider
5. Leadership
6. Planning
7. Support of the SMS
8. Operation of the SMS and the services
9. Performance evaluation
10. Improvement
Current Part 1 mapped to new structure
• 4 – SMS general requirements• requirements of current clause 4 are superceded by or will be added into standard
structure clauses 4 - 10
• 5 – Design and transition
• 6 – Service delivery
• 7 - Relationship
• 8 - Resolution
• 9 - Control
Will be added into standard structure clause 8 -Operation
Changes to current clause 4
• Organisational context
• Risk based approach – more than currently in ISO20000-1, preventive action gone
• Objectives – at top level and also at relevant functions/levels
• More requirements for monitoring, measurement, analysis and evaluation
• PDCA is not emphasised now although implicit – other methods of continual improvement can be used
PLAN
4.
5.
6.
7.
DO
8. CHECK
9. ACT
10.
Terms and definitions
New terms from Annex SL• Policy
• Objective
• Competence
• Performance
• Outsource
• Monitoring
• Measurement
• Audit
• Conformity
Potential additions• User
• Value
• Asset
CHANGES TO ISO20000NOTE – NOTHING IS FINALISED
What, not how• Budgeting and accounting to be less prescriptive
• Simplify the requirements around governance of processes operated by other
parties, add in provision of service components by other parties
• Reduce the number of procedures and concentrate on the actual
requirements instead
• The detail if removed from part 1 will go to part 2 so will not be lost
Maximum 20 pages of requirements• Avoid duplication
• risk management approach in one place only - SM plan and not info sec
process
• Evaluation of other parties in one place – not both DTNCS and supplier
management
• Combine common items together
• requirements scattered throughout the standard to control changes to
documents using change management to be put into one place
• requirements scattered throughout the standard to do impact
assessment of RFCs to be put into change management
Simplify/clarify the difficult areas
• DTNCS/clause 5 requirements and the relationship with
change management
• Internal audit, info sec audit, configuration audit - clarify
• Review of service in SLM and BRM – clarify differences
12/2/2015 Service 20000 Ltd 2015 23
Future lookingRemove some requirements which are not working well for commodity services. For example:
• List of contents of contracts, to allow for standard contracts with large product suppliers and cloud providers
• Agree definitions of major incident, service complaint, emergency change/release with customers – remove agree
• Agree service catalogue with customers – many service providers have a standard catalogue of services which the customer chooses from, remove agree
Customer perspective• More on understanding value of the services to various
parties
• Clear distinction between customers and users
• Possible new part in the future on guidance for customers
on what to expect from an ISO20000 certified service
provider
Integration with 9001 and 27001• Common structure and many common requirements
• Alignment with 27001 for information security process
• ensure that 20000-1 is not implying that there needs to be
an ISMS within the SMS. This will simplify the information
security requirements in 20000-1
• Review the revised 9001 edition due out Sept 2015 and
check for any changes needed in 20000-1
Structural changes
• Separate out joint processes• Service continuity and availability
• Incident and service request
• Service catalogue and Service level management
• Plan/design/develop new or changed services and
transition of new or changed services
Suggested additions• Add processes or requirements in other clauses/processes
• Plan the service (incorporating aspects of portfolio mgt)
• Knowledge management (as in 9001)
• Asset management
• Requirements management
• Understanding value
• Governance
• Service integration
SIAM• Can suppliers working in a SIAM environment gain certification
to ISO20000?
• What about the SIAM lead who is only doing SLM, BRM and supplier mgt?
• What about the towers of supplier activity?
• Scenarios to be added to part 3
• Study group at ISO level looking into governance and service management of services provided with multiple suppliers
YOUR VIEWS AND HOW YOU CAN BE
INVOLVED
What do you think and why?• What needs to stay the same?
• What needs to change?
• Does anything need to be deleted?
• Does anything need to be added?
How you can get involved• Send your input to the ITSMF representative to the BSI
committee on service management
• Mark Lillycrop
• This can then be input to the UK BSI committee and, if
agreed, can go forward for consideration at international
level
• Join the BSI committee – we are looking for more
knowledgeable and active members
Thank you