ITIL and ISO/IEC 20000

1
Introduction and Agenda
• What is IT Service Management?
• What is ITIL and what are the benefits?
• What is ISO 20000?
• Structure and contents of ISO 20000
• ISO 20000 Certification scheme
• ISO 20000 Eligibility
• How does an organisation achieve Certification?
• Alignment of ITIL and ISO 20000
• Reasons for Implementation
• Benefits of Implementing the ISO 20000 Standard
• Where to go from here
• Summary
• Questions

2
IT Service Management

3
What is IT Service Management?

IT Service Management is a top-down, business

driven approach to the management of IT that
specifically addresses the strategic business value
generated by the IT organisation and the need to
deliver a high quality IT service.

IT Service Management is designed to focus on the

people, processes and technology issues that IT
organisations face.

4
Why is Service Management required?

• Organisations are increasingly dependent

on IT service provision
• Higher visibility
• More exacting user demands
• Increased complexity of the infrastructure
• Charging for IT services
• Competition for customers

5
What do customers want?
• IT Services designed to meet Business
requirements
• Cost efficient and effective services
• Value for money
• A consistent service
• To be treated with respect and courtesy
• Improved relationships
• Expectations met or exceeded
• To gain competitive edge over rivals
• Increased Market share
• Communication

6
Moments of Truth – Jan Carlzon
From his book - Moments of Truth

• Every customer interaction is a moment of truth

• Every moment of truth is an opportunity to make
a favourable impression on your customer
• Look for the moments of truth in your business
• If you are not making a favourable impression
what kind of an impression are you making?
• Know every point of interaction
• Convey the correct message at each transaction

7
Realisation of Benefits

itSMF survey - 70% achieving “tangible and measurable” benefits

Gartner - 85% resolution at FPOC
- cost per call down 30%
- 50% reduction in new product cycle

IDC survey - 79% reduction in downtime and other factors

- total savings per user c $800 p.a.
- ROI up 1300%

Barclays - Downtime reduced from 60 to 15 mins

Proctor - $100 million p.a. savings!
and Gamble

8
ITIL

9
IT Infrastructure Library - ITIL

• Is “best practice” in IT Service

Management, developed by OGC and
supported by publications, qualifications
and an international user group
• Assist organisations to develop a
framework for IT Service Management
• Worldwide, most widely used best practice
for IT Service Management
• Consists of a series of Core books giving
guidance on the provision of quality IT
services
10
Quality processes
Planning to Implement IT Service Management
T
T Service Management h
h e
e Service
The Support ICT T
B Business Infrarstructure e
u Perspective Management c
s h
i n
n Security o
e Service Management l
s Delivery o
s g
y
Application Management

Suppliers

Non-prescriptive guidance
Vendor/technology independent
Focused on process and people
“Adopt and Adapt”
11
 ITIL - The Four P’s

What to do Culture
How Organisation
Where Competence
People
When

Process Products

Managed Systems
Partners Networks
services
Tools

Enables development and delivery of high quality IT services

12
Developing effective Quality ITSM solutions

What is the Vision and

Vision? Business
objectives

Where are
we now? Assessments

How do we keep
the momentum Where do we Measurable
going? want to be? Targets

How do we get Process

where we Improvement
want to be?

How do we
know we have Metrics
arrived?
13
ITIL Processes & Function

ITIL Processes

Service Support Service Delivery

Incident Management Service Level Management

Problem Management Availability Management

Change Management Capacity Management

Release Management IT Service Continuity Management

Financial Management for IT

Configuration Management
Services

ITIL Functions

Service Desk

14
Benefits of ITIL

• Continuous improvement in the quality of IT service

provision
• Reduced long term costs in the development and
delivery of IT services
• Reduced risk of not being able to meet business
objectives
• Better communication between IT and the business
• Greater productivity and best use of skills
• Ability to absorb a high rate of change
• IT staff are provided with best practice guidance
• Compliance to procedures that are auditable
15
ISO/IEC 20000

16
What is ISO 20000
ISO 20000 can be summarised as:

• A standard to promote the adoption of an integrated

process approach for the effective delivery of
managed services to meet business and customer
requirements

• A set of “controls” against which an organisation can

be assessed for effective IT Service Management
processes

• The ISO 20000 standard defines the requirements for

an organisation to deliver managed services of an
acceptable quality for its customers
17
Structure and Contents of
ISO/IEC 20000

18
Structure of ISO 20000
The Standard is divided into two distinct parts:

• Part 1 provides the requirements for IT service

management to gain certification

• This is relevant to those responsible for initiating,

implementing or maintaining IT service
management in their organization

• Senior Management are responsible and

accountable for ensuring all requirements of Part
One are met if Certification is sought

19
Structure of ISO 20000
• Part 2 - Code of Practice for Service Management

• Provides guidance to internal auditors and assists

service providers planning service improvements or
preparing for audits against ISO 20000

20
Structure of ISO 20000
• Part 3 - Scope & Applicability

• Advice on scoping for service management

• Planning & improvements
• Scope statements for Certification audits
• Suggestions on applicability include adding
Communications or the even wider technology
enabled services
• Not yet formally agreed. Agreement on content
within 12 – 18 months of the Work group which
met in May 2006
21
Contents of ISO 20000
• Introduction and overview
• Scope, terms and definitions
• Requirements for a management system
• Planning and implementing service management
• Planning and implementing new or changed
services
• Service delivery processes
• Relationship processes
• Resolution processes
• Control processes
• Release processes
22
ISO 20000 Processes
Management Responsibility, Documentation
Management Systems Requirements, Competences, Awareness & Training

Plan, Implement, Monitor, Improve

Planning & Implementation (Plan…. Do…. Check….. Act……)

Planning New Services Planning & Implementing New or Changed Services

Service Delivery Processes

Capacity Management Information Security
Service Level Management
Service Continuity & Management
Service Reporting
Availability Management Budgeting & Accounting for
IT Services

Control Processes
Configuration Management
Change Management

Release Processes Resolution Processes Relationship Processes

Business Relationship
Incident Management
Release Management Management
Problem Management
Supplier Management
23
 ISO/IEC 20000
Certification Scheme

24
The scope of Certification

• ISO 20000 is aimed at organisations providing a

Service Management operation, whether internal or
external

• Certification is NOT (in itself) appropriate for an

organisation which provides best practice advice

• Certification is NOT possible for products such as

Service Management tools

• The role of Consultancy organisations is to give

advice in preparation for an independent audit
25
Registered Certification Bodies (RCBs)
• itSMF will approve Registered Certification Bodies
(RCBs) and grant a licence to use the itSMF logo

• RCBs are totally independent from any consultancy

and their auditors have been specifically trained in
IT Service Management

• Adding value to the organisation being audited and

maintaining the quality of the certification

• Process areas already certified from other

standards (eg ISO 9000, ISO 27001) are not
usually required to be re-audited – as long as the
scope is the same 26
Registered Certification Bodies (RCB)
• BSI Management Systems (United Kingdom)
• BVQI Ltd (offices worldwide) (United Kingdom)
• CIS-Certification and Information Security Services GmbH
• DNV Certification Ltd (United Kingdom)
• DQS GmbH (Germany)
• Japan Quality Assurance Organization
• KEMA Quality BV (Netherlands)
• KPMG Audit Plc (United Kingdom)
• KPMG Quality Registrar (India)
• LRQA Ltd (United Kingdom)
• PSB Certification Pte Ltd
• SGS Hong Kong Ltd
• SGS United Kingdom Ltd
• SQS (Switzerland)
• STQC (India)
• TUV Management Service GmbH (Germany)
• TUV Nord Cert GmbH
• Underwriters Laboratories Inc 27
ISO 20000 Relationships
itSMF

Concordat Concordat Own Own

ISO 20000 Use ISO 20000

OGC BSI Scheme Qualification
Regulations Scheme
MoU
Concordat Use Use
Own Own Register Use
Accreditation
RCB Examination Accreditation
ITIL ISO 20000 Services
Use Organisations Panel Panel
Accredit (e.g. UKAS)

MoU Accredit
Certify
Department
Course
of Trade &
Providers
Certify Employ Industry Train

Internal
Organisations Auditors Consultants
Auditors

Concordat - Agreement Assist Advise

MoU - Memorandum of Understanding 28

Eligibility for
Certification

29
Eligibility criteria
• An organisation must be able to demonstrate it has
management control of each of the ISO 20000
processes

• Management control of a process consists of:

– knowledge and control of the inputs
– knowledge, use and interpretation of the outputs
– definition and measurement of metrics
– demonstration of objective evidence of
accountability for process functionality
– definition, measurement and review of process
improvements
30
Certification Process

• Agreement on terms of reference and scope

• Agreement on dates, time-scales, locations, etc

• Possible off-site assessment of process

documentation

• On-site audit of staff and process compliance

• Presentation of the audit findings

• Certification
31
 Achieving
ISO/IEC 20000 Certification

32
Understand what’s involved
• Assess what has to be done and obtain senior management buy-in
• Develop a vision and plan
• Get access to ITIL and ISO 20000 documentation:
– ISO 20000 Part 1 - Specification
– ISO 20000 Part 2 – Code of Practice
– BIP 0005 – A Managers guide to service management
– BIP 0015 – IT service management – self assessment workbook

• Consider other relevant standards:

– ISO 27001 – Information security Management
– ISO 9000 – Quality management systems
– ISO 10007 – Guidelines for configuration management
– ISO 15504 - Information Technology Process Assessment
– ISO 90003 - Guidelines for the application of ISO 9000: 2000 to
computer software

• Fully understand content and its implication on you and your

organisation
• Talk to others similar organisations, consultants, training providers,
forums and user groups
33
Realising and articulating the benefits
• A stable framework for IT Service Management
• IT Service provision aligned with Business Strategy
• Ownership and Responsibility defined at all levels
• Increased confidence and perception of the business and
customer
• Improved quality, reputation and consistency of service
• Competitive advantage over competitors
• Consistent and cost-effective services
• Reduced organisational risks and cost
• Effective Supplier Management
• Commitment that services will be delivered to accepted best
practice

34
 Main steps to certification
• Adopt a Registered Certification Body (RCB)
• Confirm the scope of the audit
• Make sure you know what’s involved
• Carry out initial assessments to determine readiness
• Develop an overall plan and get commitment
• Carry out detailed reviews and assessments
• Create and manage a SIP (Plan, Do, Check, Act)
• Implement improvements
• Book a formal audit

35
The certification audit

Typically comprises:

• Agree terms of reference and scope

• Off-site assessment of process documentation
• On-site audit of staff and process compliance
• Presentation of the audit findings

• and hopefully………….

presentation of the ISO/IEC 20000 Certificate

36
Post Certification Process

• Certification is valid for three years

• Annual surveillance audits are required

• Internal audits are recommended

• Full re-audit will be carried out on the third

anniversary of Certification being awarded

37
Alignment with ITIL

38
ITIL Service Support Processes & Functions

ISO 20000 ITIL

Incident Management
Resolution Processes
Problem Management

Change Management
Control Processes
Configuration Management

Release Process Release Management

No formal Process Service Desk

39
ITIL Service Delivery Processes
ISO 20000 ITIL

Service Level Management

Service Reporting
Service Level Management
Business Relationship Management

Supplier Management

IT Service Continuity Management

Service Continuity & Availability
Management
Availability Management

Budgeting & Accounting for IT Financial Management for IT

Services Services

Capacity Management Capacity Management

Information Security Management No formal Process

40
Alignment of ISO 20000 and ITIL
• Driven either through choice, or by customer
demand, ITIL has been adopted by many
organisations as a proven methodology for
managing their IT services

• Many organisations and in particular the Public

Sector, see ITIL as a necessary requirement to
conduct business

• ITIL however is not a standard, and therefore the

alignment between ITIL and ISO 20000 allows an
organisation to be effectively measured

41
Alignment of ISO 20000 and ITIL

• ISO 20000 Certification provides proof through

audit that best practice has been deployed
through an independent, external, evaluation by
an approved audit organisation

• Customer demand for ISO 20000 Certification is

fast becoming another business requirement for
organisations to remain competitive

• ISO 20000 is aligned with ITIL

42
Inter Relationships
ISO 20000 Part 1: - Specification for Service
Management
ISO 20000 Part 2: - Code of Practice for
Service Management
BIP 0005: - A Managers Guide
BIP 0015: Self Assessment Workbook

BIP 0015
ISO 20000
Objective to Achieve
Part 1

ISO 20000
Code of Practice
Part 2

BIP 0005 Management Overview

ITIL Process Definition

Self
Assessment

Internal Processes & Procedures Deploy Solution

43
 Gartner
• “The release of the British Standard for IT Service
Management (BS 15000) marks the first step
toward the delivery of IT services becoming much
more consistent across organisational and
national borders”

• “All improvement efforts in Service Management

should be done with ITIL and BS 15000 as a
frame of reference and baseline”

Adopted internationally as ISO 20000 in

December 2005
44
 Reasons for
Implementation

45
Reasons for Implementation
• ISO 20000 has become a basic business
requirement for an organisation in the same
manner as ISO 9000

• ISO 20000 provides the organisation with the

means to operate more effectively and efficiently

• ISO 20000 provides an auditable method by which

it can assess the quality and conformance of its IT
Services

46
Reasons for Implementation
• ISO 20000 assists organisations to enforce process
compliance

• ISO 20000 helps to significantly improve the

morale of the IT department, the business and
ultimately the Customer

• ISO 20000 provides clear evidence that the quality

of IT Service Management is taken seriously

47
Benefits of ISO/IEC 20000

48
Benefits
• Provides a stable framework for IT Service
Management
• IT Service provision is aligned with Business
Strategy
• Assists with meeting legislative compliance
requirements
• Ownership and Responsibility defined at all levels
• Creates a progressive ethos & culture
• Increased business and customer confidence &
perception
• Improved quality, reputation and consistency of
service
• Impartial external method of assessment
• Assessments recognised internationally 49
Benefits
• Assessment is important for process improvement
• Provides a competitive advantage over competitors
• Promotes consistent and cost-effective services
• Provides a benchmark with best practices
• Easier to justify or combat outsourcing
• Creates a framework for service improvements
• Reduces organisational risks and cost
• Effective Supplier Management
• Commitment that services will be delivered to
accepted best practice

50
Where to go from Here

51
Where to go from Here
• Prepare for certification through Consultancy Services
– Assessment, implementation of processes, mentoring and guidance

• Undertake various forms of training:

– ISO 20000 Consultants Certificate:

• Aimed at experienced IT Service Management practitioners whose roles

and responsibilities include preparing organisations for the adoption of
ISO 20000.

– ISO 20000 Auditors Certificate:

• Aimed at experienced internal or external auditors who have at least 3

years’ general IT auditing experience and are either certified ISO 9000,
ISO 27001 or TickIT auditors or are certified internal auditors

– Service Management

• ITIL Foundation, Practitioner, Managers

• Planning To Implement
• Experiential Learning & Awareness

• Select an approved Registered Certified Body 52

Useful Websites
• www.isoiec20000certification.com
• www.itsmf.com
• www.iosm.com
• www.ogc.gov.uk
• www.itil.co.uk
• www.get-best-practice.biz

53
Summary

54
Summary
• Business requirement and customer satisfaction are primary
considerations
• Information Services are a vital and core part of the business
• Organisational culture is important and has to be right
• We need to think end-to-end service
• Service Management isn’t optional
• Quality process-driven approaches and professional staff
really deliver value
• Professional qualifications and certifications are becoming
increasingly important
• ITIL and ISO 20000 provide a solid framework for developing
an appropriate solution

Almost all quality improvement comes via simplification of design, manufacturing...

layout, processes, and procedures. Tom Peters

55
Questions

56