1. Business is evolving, you should too.
What is ISO20000?
Ben Kalland, Tieturi
Helsinki, Tampere, Turku, Tukholma, Göteborg | www.tieturi.fi
2. Agenda
• What is ISO/20000 and why should I care?
• History and future
• Relationship to ITIL and other standards
• Certification, who, how much, why and when
• ISO20000 processes – difference to ITIL
• How to proceed from here
3. ITIL is a library of best practice
Service Strategy
•
strategic analysis, planning, positioning
• Service Design
translates plans to designs and specifications
• Service Transition
ensures design will deliver and can be
operated
• Service Operation
manage a service throughout production life
• Continual Service Improvement
measure performance for maximum benefit
4. ITIL
• ITIL knowledge can be certified for individuals
• Foundation
• Practitioner
• Service Manager – ITIL Expert
• An organisation cannot be ITIL certified
• Anyone can claim they have adopted ITIL
5. ISO/IEC 20000
• Worldwide standard for IT Service Management
• International certification against standard
• Proof that best practices are implemented
• ITIL not requirement
• Not as deep as ITIL – minimum requirement
• ITIL is a set of guidance – ISO is requirements
• Easier to achieve if ITIL based approach
• 200 + requirements to be able to demonstrate compliance
• Based on BS15000, 400 minor adjustments
• Certification for Quality Management (not i.e. tools)
9. Can you answer these questions?
• What are the current and future requirements of the
business
• What happens if you have a major disaster
• What level of service do you provide
• What level of risks and liability do you have
• What is the current level of failures and how much does it
cost the business
• If your business customer base doubles, what does it
mean for IT and how much does it cost and when is it
ready
• Goal of SM: align with business, low cost, high quality
10. Note!
ISO/IEC 20000 certifies the quality management
system and processes SUPPORTING the products or
services provided.
It does NOT certify the products or services
themselves.
12. Requirements
• Part 1 provides the requirements for IT service
management to gain certification
• This is relevant to those responsible for initiating,
implementing or maintaining IT service management in
their organization
• Senior Management are responsible and accountable for
ensuring all requirements of Part One are met if
Certification is sought
• Compulsory requirements – shall
• Basis for independent auditing
• Example: “All incidents shall be recorded”
13. Guidance
• Part 2 - Code of Practice for Service Management
• Provides guidance to internal auditors and assists service
providers planning service improvements or preparing for
audits against ISO 20000
• Guidance – should
• Explanations, not compulsory
• Ex: “The process for a major incident should include a
review”
14. Scope
• Part 3 - Scope & Applicability
• Advice on scoping for service management
• Planning & improvements
• Scope statements for certification audits
• Suggestions on applicability include adding
communications or wider technology enabled services
• Not yet formally agreed.
15. Who is certified? Examples
• 50% private, 50% public
• 50% internal, 50% external service providers
• CSC Nordic, Denmark
• Fujitsu Services, Finland
• Siemens Business Services, Germany
• Flughafen Munchen, Germany
• T-Systems ITC Services, Spain
• Salzburg AG, Austria
• EDS, Netherlands
• ING Services Centre Budapest, Hungary
16. Who is certified? 349 organizations in March 2009
• UK 52
• Japan 50
• India 41
• South Korea 35
• China 34
• Germany 20
…
• Denmark 2
• Finland 1
• Sweden, Norway - none
17. Eligibility
• An organisation must be able to demonstrate it has management control of
each of the ISO 20000 processes
• All requirements must be met
• If a process or function is outsourced, the organisation must retain
management control
• Control of input, policy setting
• Use and knowledge of output
• Define metrics and continuous improvement
• Management control of a process consists of:
• knowledge and control of the inputs
• knowledge, use and interpretation of the outputs
• definition and measurement of metrics
• demonstration of objective evidence of accountability for process
functionality
• definition, measurement and review of process improvements
21. How to proceed
• Prepare for certification through Consultancy Services
• Assessment, implementation of processes, mentoring and guidance
• Undertake various forms of training:
• ISO 20000 Foundation
• Aimed at individuals familiar with ITIL, who participate in developing processes
or preparing for audition
• ISO 20000 Consultants Certifiacte
• Aimed at experienced IT Service Management practitioners whose roles and
responsibilities include preparing organisations for the adoption of ISO 20000.
• ISO 20000 Auditors Certificate:
• Aimed at experienced internal or external auditors who have at least 3 years’
general IT auditing experience and are either certified ISO 9000, ISO 27001 or
TickIT auditors or are certified internal auditors
• Service Management
• ITIL Foundation, Practitioner, Managers
• Planning To Implement
• Experiential Learning & Awareness
• Select an approved Registered Certified Body
22. Audits
• RCB
• Needed documentation
• Evidence of intention: process designs, SLA’s, plans, contracts, ...
• Inputs, specifications
• Records of achievement or activities performed: statistical data,
minutes of meetings, RFC’s, ...
• Outputs
• Surveillance audits – at least annually
• Full re-audits – every three year
• Internal audits – ”at planned intervals”
23. More information?
Ben Kalland
ITIL Expert, ISO 20000 Foundation certified consultant
Accredited ITIL trainer
ben.kalland@tieturi.fi
Tieturi Oy, HTC Santa Maria
Tammasaarenkatu 5
00180 HELSINKI
www.tieturi.fi/itil