ISO/IEC Mark Sherry Partner Stroma, Inc.

Transcription

1 ISO/IEC Mark Sherry Partner Stroma, Inc. 1

2 Introduction Mark Sherry IT Service Management Consultant ITIL Service Manager ITIL Expert (v3) ISO/IEC Certified dconsultant t ITIL Trainer MBA, MA, Comm. 2

3 Presentation Goals Introduce ISO/IEC Part 1 of the Standard The Processes Part 2 of the Standard ISO/IEC key messages and Top 10 tips 3

4 Insanity: y Doing the same thing over and over again and expecting different results. Albert Einstein i or Doing different things over and over and expecting to get the same result Mark Sherry 4

5 ISO/IEC 20000: WHEN? Published December 2005 Adopted from the original British Standard (BS15000) BS15000 first published in

6 ISO/IEC 20000: WHAT? First international standard for ITSM Integrated collection of management processes Aligned with ihand complementary to ITIL A common reference standard for any enterprise offering IT services Part 1: Specification shall do Part 2: Code of Practice should do 6

7 Scope This part of ISO/IEC defines the requirements for a service provider to deliver managed services of an acceptable quality for its customers. con t 7

8 Scope, con t Itmaybe used: By businesses that are going out to tender for their services; By businesses that require a consistent approach by all service providers in a supply chain; By service providers to benchmark their IT service management; Asthe basis foran independent assessment; By an organization which needs to demonstrate the ability to provide services that meet customer requirements; and, By an organization which aims to improve service through the effective application of processes to monitor and improve service quality. 8

9 Methodology for Service Management Processes Dr. Edwards Deming s Cycle of Continual Service Improvement Drivers Business Requirements Management Responsibility Results Business Results Requests for New Services PLAN CSI Customer Satisfaction Service and Process Measurement ACT Modify CSI DO Implement CSI More Effective and Efficient Processes External Requirements Security Requirements CHECK Monitor, Measure & review CSI New Changed Services Improved Employee Morale 9

10 TEN Sections Scope Terms & Definitions Planning and Implementing Service Management Requirements for a Management System Planning & Implementing New or Changed Services Service Delivery Processes Relationship Processes Control Processes Resolution Processes Release Process 10

11 Scoping Statement Who is the service provider? What services are provided? Locations? Technologies? Customers? Suppliers? Sub contractors? Management control of outsourced processes 11

12 Planning & Implementing Service Management Plan Service Management (Plan) Implement Service Management and Provide theservices (Do) Monitoring, measuring and reviewing (Check) Continual Improvement (Act) 12

13 Plan Service Management (Plan) Theplans shall, at a minimum, define: The scope of the service provider s service management; The objectives and requirements that are to be achieved by service management; The processes that are to be executed; The framework of management roles and responsibilities, i including the senior responsible owner, process owner and management of suppliers; The interfaces between service management processes and the manner in which the activities are to be coordinated; con t 13

14 Plan Service Management (Plan), con t Theplans shall, at a minimum, define: The approach to be taken in identifying, assessing and managing issues and risks to the achievement of the defined objectives; The approach for interfacing to projects that are creating or modifying services; The resources, facilities and budget necessary to achieve the defined objectives; Tools as appropriate to support the processes; and, How the quality of the service will be managed, audited and improved. 14

15 Implement Service Management & Provide the Services (Do) ( ) The service provider shall implement the service management plan to manage and deliver the services, including: Allocation of funds and budgets; Allocation of roles and responsibilities; Documenting and maintaining the policies, plans, procedures and definitions for each process or set of processes; Identification andmanagementof risks to the service; Managing teams, e.g. recruiting and developing appropriate staff and managing staff continuity; Managing facilities and budget; Managing the teams including service desk and operations; Reporting progress against the plans; and, Co ordination of service management processes. 15

16 Monitoring, Measuring & Reviewing (Check) Management shall hllconduct reviews at planned intervals to determine whether the service management requirements: Conform with the service management planand and to the requirements of this standard; and, Are effectively implemented and maintained. 16

17 Continual Improvement (Act) Policy Management of improvements Activities 17

18 Requirements for a Management System Management Responsibility Documentation Requirements Competence, Awareness and Training 18

19 Management Responsibility Management shall: Establish the service management policy, objectives and plans; Communicate the importance of meeting the service management objectives and the need for continual improvement; Ensure that customer requirements are determined and are met with the aim of improving customer satisfaction; Appoint a memberof managementresponsible for the co ordination and management of all services; con t 19

20 Management Responsibility, con t Management shall: Determine and provide resources to plan, implement, monitor, review and improve service delivery and management e.g. recruit appropriate p staff, manage staff turnover; Manage risks to the service management organization and services; and, Conduct reviews of service management, at planned intervals, to ensure continuing suitability,adequacy adequacy and effectiveness. 20

21 Documentation Requirements Service providers shall provide documents and records to ensure effective planning, operation and control of service management. This shall include: Documented service management policies and plans; Documented service level agreements; Documented processes and procedures required by this standard; and, Records required by this standard. 21

22 Competence, Awareness & Training All service management age e roles oesand responsibilities s shall be defined and maintained together with the competencies required to execute them effectively. Staff competencies and training needs shall be reviewed and managed to enable staff to perform their role effectively. Top management shall ensure that its employees are aware of the relevance and importance of their activities and how they contribute to the achievement of the service management objectives. 22

23 Planning & Implementing New or Changed Services g Objective: To ensure that new services and changes to services will be deliverable and manageable at the agreed cost and service quality. Proposals for new or changed services shall consider the cost, organizational, technical and commercial impact that could result from service delivery and management. The implementation of new or changed services, including closure of a service, shall be planned and approved through formal change management. The planning and implementation shall include adequate funding and resources to make the changes needed for service delivery and management. 23

24 ISO / IEC Scope Management system Planning and implementing service management Planning and implementing new and changed services Capacity Management Service Continuity & Availability Management Release Process Release es Managem ent Service Delivery Processes Service Level Management Service Reporting Control Processes Change Management Resolution Processes Incident Configuration Management Management Problem Management ISO/IEC Information Security Management Budgeting and Accounting Relations hip Business Processe Relations ship Supplier Managem ment 24

25 Service Delivery Processes Service Level Management Service Reporting Service Continuity i and Availability Management Budgeting and Accounting for IT Services Capacity Management Information Security Management 25

26 Relationship Processes Business Relationship Management Supplier Management 26

27 Resolution Processes Incident Management Problem Management 27

28 Control Processes Configuration Management Change Management 28

29 Release Processes Release Management 29

30 Part 2 of the Standard Same layout as part one Only difference is that you do not need to do any of part twountil aftercertification Once ISO certified, use Part 2 to show continuous improvement 30

31 Service Level Management, Part 1 Objective: To define, agree, record and manage levels of service. The full range of services to be provided together with the corresponding service level ltargets and workload characteristics shall be agreed by the parties and recorded. Each service provided shall be defined, agreed and documented in one or more service level agreements (SLAs). SLAs, together with supporting service agreements, supplier contracts and corresponding procedures, shall hllbe agreed by all relevant parties and recorded. con t 31

32 Service Level Management, Part 1, con t The SLAs shall be under the control of the change management process. The SLAs shall be maintained by regular reviews by the parties to ensure that they are up to date and remain effective over time. Service levels shall be monitoredand reported against targets, showing both current and trend information. The reasons for non conformance shall be reported and reviewed. Actions for improvement identified during this process shall be recorded and provide input into a plan for improving the service. 32

33 Service Level Management, Part 2 TheSLM process should manageand and coordinate contributors of the service levels, to include: Agreement of the service requirements and expected service workload characteristics; Agreement of service targets; Measurement and reporting of the service levels l achieved, workloads and an explanation if the agreed targets are not met; Initiation of corrective action; and, Input to a plan for improving the service. 33

34 ISO/IEC 20000: WHO? Registered Certification Body (RCB): Registered by the itsmf Have permission to operate under ISO20kscheme Grant certification on behalf of the itsmf itsmf Administers formal ISO20k certification worldwide 34

35 ISO/IEC 20000: WHY? (1) To qualify for competitions / RFPs To enter global markets To improve documentation ti To gain competitive advantage Practice what you preach Source: ISO/IEC20000: An Introduction, Van Haren 35

36 ISO/IEC 20000: WHY? (2) Reduce risk, cost and time to market Services become business led (not technology driven) Your service more likely to be chosen over noncertified competitor Certification audits educate and raise awareness for employees Services become more reliable and consistent Source: 36

37 ISO/IEC 20000: WHY? (3) Business and dcustomers s are aemore oedependent on IT services and more demanding IT service management represents the lifecycle stage that consumes approximately 80% of the total IT spend Increased momentum for establishment of industry IT service dli delivery norms Need for improved consistency in quality of service Framework for measuring andimproving Easier inter changeability of staff and service providers 37

38 ISO/IEC 20000: HOW MANY? Jan Dec Jan 2007 Dec

39 ISO/IEC 20000: WHERE? China Japan India UK South Korea Germany USA Taiwan Czech Other 10 0 Japan China India UK South Korea Germany USA Taiwan Czech Other 39

40 ISO/IEC 20000: HOW? The certification process involves seven steps: 1. Questionnaire 2. Application for assessment 3. Optional pre-audit 4. Initial audit (stage 1) 5. Certification audit (stage 2) 6. Surveillance audits 7. Re-certification audit 40

41 The Challenges Distribution Silo based Teams Reactive Culture People Tools Inconsistent & disparate toolsets Current tools not integrated or process oriented Process Differing requirements & priorities Inconsistent processes applied 41

42 ISO/IEC Key Messages Follow o process because it is how we are supposed to work not simply for ISO certification Internal audits performed by staff are valuable higher awareness and education are gained Work on the premise: If you can t prove it, don t do it 42

43 Top 10 Tips for Achieving ISO/IEC Use an integrated ITSM tool. 2. Record everything. 3. All agreed policies/processes i shall be followed. 4. Communicate, communicate, communicate. 5. Sell benefits of great job your team does. 43

44 Top 10 Tips for Achieving ISO/IEC Honesty is thebest policy. 7. If you can t prove it, you don t do it. 8. Apply intelligently. l 9. Invest in your people. 10. Make it a strategic decision. 44

45 Web Sites com/ itsmf International: is itsmf US: / itsmf Canada: 45

46 Assessing Organizational Readiness for ISO/IEC