ISO & ITIL Best Practices in IT Service and Quality Management Systems

Michael F. Meuser

 Todays Discussion
Brief History of the International Organization for Standardization Differences between ISO 9000:2000 and ISO 9000:1994 Focus on the interrelationships of ISO and ITIL Quality Management Systems Overview of how to combine ISO and ITIL compliance efforts into a working solution which provides your customer and your company with the best practices in IT Service and Quality Management Systems Using both ISO and ITIL for continuous improvement in the goal of Total Quality Management

Todays Goal -Make our discussion today valuable in that it relates to your company or organization and you understand the value of implementing ISO and ITIL Quality Management Systems

International Organization for Standardization

How ISO really started

International standardization began in the electro technical field: the International Electro Technical Commission (IEC) was created in 1906. Pioneering work in other fields was carried out by the International Federation of the National Standardizing Associations (ISA) which was set up in 1926. The emphasis within ISA was very heavy on mechanical engineering. ISA's activities ceased in 1942 due to the Second World War. Following a meeting in London in 1946, delegates from 25 countries decided to create a new international organization "the object of which would be to facilitate the international coordination and unification of industrial standards". The new organization, ISO, began to function officially on 23 February 1947. The first ISO standard was published in 1951 with the title, "Standard reference temperature for industrial length measurement".

International Organization for Standardization

ISO is not an acronym for the International Organization for Standardization, Shouldn't the acronym be "IOS"? Yes, if it were an acronym which it is not. In fact, "ISO" is a word, derived from the Greek isos, meaning "equal. Remember the isosceles triangles from school, meaning equal sided or "isometric" of equal measure or dimensions. ISO is valid in English, French and Russian, the three official languages of ISO.

The ISO 9000 series of Quality Standards are recognized internationally as shown below: BS ENISO 9000 - Britain and UK AS/NZS 9000 - Australia/New Zealand ANSI/ASQC/Q9000 - USA MS ISO9000 - Malaysia JISZ 9900 - Japan

Whats in it for Me?

Why should my company either update our existing ISO program to 9000:2000 or why should my company take the time and expense of adopting the ISO philosophies and establishing a quality program The ISO 9000 series provides the company with a quality system that: 1. 2. 3. 4. 5. 6. Standardizes, organizes and controls operations Provides for consistent dissemination of information Improves various aspects of the business based use of statistical data and analysis Acceptance of the system as a standard for ensuring quality in a global market Enhances customer responsiveness to products and service Encourages improvement

A Little Story
This is a story about four people named Everybody, Somebody, Anybody, and Nobody. There was an important job to be done and Everybody was sure that Somebody would do it. Anybody could have done it, but Nobody did it. Somebody got angry about that, because it was Everybody's job. Everybody thought Anybody could do it, but Nobody realized that Everybody wouldn't do it. It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done!
ISO requires "the responsibility, authority, and the interrelation of all personnel . . . shall be defined and documented" to prevent this from ever happening.

The results of a very recent Quality Systems Update from Deloitte & Touche confirmed the most important external benefits of an ISO compliant system: 83% reported improved management control 70% claimed real improvements in customer service 64% said ISO 9000 improved their ability to bid for contracts 48% increased their market share More than 280,000 ISO 9000 certifications are in force today. You can learn more at the ISO website:

www.iso.ch

Differences ISO 9001:1994 and

ISO 9001:2000

ISO 9000:1994
4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10 Management Responsibility Quality System Contract Review Design Control Document and Data Control Purchasing Control of Customer Supplied Products Product Identification and Traceability Process Control Inspection and Testing 4.11 4.12 4.13 4.14 4.15 4.16 4.17 4.18 4.19 4.20 Control of Inspect, Measuring and Test Equip Inspection and Test Status Control of Nonconforming Product Corrective and Preventative Action Handling, Storage, Pack, Preserv & Delivery Control of Quality Records Internal Quality Audits Training Servicing Statistical Techniques

ISO 9000:2000
ISO 9000 - describes fundamentals of quality management systems and specifies the terminology for quality management systems. ISO 9001 - specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide products that meets product and applicable regulatory requirements and aims to enhance customer satisfaction. ISO 9004 - provides guidelines that consider both the effectiveness and efficiency of the quality management system. The aim of this standard is to improvement the performance of the organization and satisfaction of customers and other interested parties.

ISO 9000:2000 DIFFERENCES

The new standards consist of three basic documents: ISO 9000 - Fundamentals and vocabulary ISO 9001 - Requirements ISO 9004 - Guidance for performance improvement The old ISO 9002 and 9003 standard numbers will no longer be used.

The 20 elements that form the structure of the current ISO 9000:1994 series standards are folded into a new structure with four main sections:
1. 2. 3. 4. Management responsibility Resource management Product and/or service realization Measurement, analysis and improvement

These four sections describe the four phases of a fundamental concept for the new standards referred to as the Process Model.

Interrelationships of ISO and ITIL

There are several areas within the ITIL Best Practices that interact with ISO 9000:2000
Configuration Management
The main objective of Configuration Management is to control the environment for which it was built. This would include: (when applicable) - process control, identification of product or service, traceability of product or service, documentation control, inspection and testing status, etc.

Incident Management
This practice serves as continuous tracking of: - performance to specified requirements - control of nonconforming product SW/HW, services and quality records

There are several areas within the ITIL Best Practices that interact with ISO 9000:2000 (cont.)
Problem Management
Plays a major role in the control of nonconforming products and corrective actions. Process contributes to design changes needed to have configuration items changed to a desired status and assure proper implementation.

Change Management
Very similar to problem management yet it plays a central role in process control functions and various other ITIL processes.

Software Control and Distribution

The relationship with this ITIL element is mostly in the Inspection and Test areas. It is also very apparent with its involvement in the handling, storage and delivery processes.

There are several areas within the ITIL Best Practices that interact with ISO 9000:2000 (cont.)
Availability Management
This ITIL component generates and gives rise to a higher quality of Service Level Management.

Capacity Management
Has a major contribution to the ISO 9004 stipulations in that it specifies the requirements of service needs and is defined in terms of characteristics which effect service performance.

Cost Management
The Cost Management process contributes to the ISO 9001requirements in the aspects of contract review and design inputs, outputs and changes. This ITIL process also goes beyond ISO 9000:2000 in relating to the Cost of Quality which is found in the prerequisites of the Malcolm Baldridge Award.

Contingency Planning
Many aspects of Contingency Planning relate to ISO in contract review, design control, document control, purchasing and most importantly internal quality auditing.

There are several areas within the ITIL Best Practices that interact with ISO 9000:2000
Conclusion:
If (not if but when) your company is to become ISO certified and you have these ITIL Best Practices established, this will facilitate the process many times over.

If your company is already ISO certified and are considering ITIL Best Practices, you already have a major advantage in the steps to ITIL compliance.
It is expected that in 2003 and 2004 the ITIL process framework will officially be recognized as a main contributor to become ISO-9000 certified for ITs Service Management activities. So do not waste your time and efforts in reinventing the wheel. Use the already established frameworks of ISO 9000:2000 and ITIL Best Practices.

Combining
ISO and ITIL Compliance Efforts

#1
Senior Management to embrace and understand the value of ISO and ITIL working together
Appoint champions in each of your company departments Train/certify management, champions and all involved staff Include ISO and ITIL implementation progress on the agenda of every team meeting Make ISO and ITIL part of your Corporate policy and life

Organizing yourselves shall ensure that the quality of your design, products and IT services are coordinated in all of your different functions and that you control these activities. The collection of these controlled activities is what is called a Quality Management System.

This system must meet the objectives as set forth by the Senior Management of your company, who determine Quality Policies and guide the Quality System.
The Quality System and Quality Policy is aimed at the reduction, elimination, and most importantly, the prevention of quality deficiencies. Quality deficiencies, no matter what functions are addressed, effect the bottom line which is the profitability of your company.

Which way do we go???

International Organization for Standardization Information Technology Infrastructure Library Total Quality Management

The Final and Logical Answer Is!

Take these standards, systems and processes and place them in the direction your company will most benefit from

TOTAL QUALITY MANAGEMENT

Total Quality Management

(TQM)
Both a philosophy and a set of guiding principles that represent the foundation of a continuously improving organization. TQM is the application of quantitative methods and human resources applied to improve the material(s) and services supplied to the customer. It insures that the customer requirements are met, now and in the future. ---or--TQM ( Total Quality Management ) is doing the right things right the first time and your customers evaluation shall define metrics for performance improvement.

The Basic Principles of Total Quality Management are:

1) Document what you do

2) Do what you document

3) Maintain and Continuously Improve It!!!

Why does your company need Total Quality Management? .........cause it leads to daily continuous improvement and...
Change in Philosophy Change in Focus Emphasizing that all employees need to be involved in solving problems. Resolving problems at the point they occur rather than just prior to installation, design/product release or start of assignment. Not just applying a band aid but actually solving the problem at the root cause. Reducing problems in the system through the use of statistical techniques that indicate consistency, predictability and the repeatability of the process.

Use of Statistics -

Change in Responsibility - Rather than as separate units, representatives of Customer Relations, Design, Engineering, Purchasing, Accounting, Marketing and Quality Assurance act together to discover the cause of the problem, not just the symptoms or the results that the problem leaves. Involve personnel early in the launch of the project. On-going Improvements - Having a process orientation where we follow a process from beginning to end, (often crossing departmental boundaries), will increase our process knowledge and lead to continuous improvement throughout your company.

Total Quality Management

ISO 9001 - ITIL Quality Management

Company Quality Program

Company Quality Systems

President Corporate Objective Sets Quality Policy (including strategic quality goals and strategic quality direction)
Quality Policy and Strategy

Strategic Objectives

Performance and Result Reporting

Company-Wide Performance Measures

Executive Steering Committee Assures improvement in quality performance . Establishes CCG's quality system framework

Authorization of Company-Wide Quality Programs and Training

Quality Policy Quality Framework

Company-Wide Quality Support Programs that support the management and improvement of products, services and process quality: Methods Technologies Assessment practices Education
Feedback of Best Practices

Total Quality Management Strategy

CCG Directors/Managers Apply quality methods, testing, integration technologies to manage and improve the organization's ability to : Anticipate market and needs Produce products and services which met or exceed customer expectations Achieve business objectives Manage and improve the effectiveness of key processes within Caspian

Business and Organization Groups

Performance Results

Set quality objectives Set quality performance objectives Set customer satisfaction goals

Assessment and Consulting Skills, Methods, Tools and Technology support

Quality Objective and Performance goals Quality System Implementation Guidelines

Business Objectives

Market and Customer Needs

Questions?
Michael F. Meuser Advanced Best Practices State of California CalSTRS 916.229.0736 mmeuser@innercite.com