Implementation of ISO/IEC 20000 Standard in IBM Rational Method Composer

Tom´ as ˇ Frais

Brno, autumn 2009

Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source.

Advisor: RNDr. Jan Pavloviˇ c, Ph.D. ii

I thank RNDr. Jan Pavloviˇ c, Ph.D. for kind supervision of my work.


The thesis is devoted to the study of the information technology service management (ITSM) discipline and the international standard for IT service provision – ISO/IEC 20000. The paper describes ITSM and quality of service problems in general and summarizes existing solutions and frameworks. The main part of the work is development of a process model based on ISO/IEC 20000 in IBM Rational Method Composer. Possible usage of this model and its potential extension are discussed including an illustrating example.


ISO/IEC 20000, ITSM, IBM Rational Method Composer, quality of service, process model


. . . . . . . . . .3 Designing a delivery process . . . . . . .2. . . . . . . . . . . . .2. 2. . . . . . . . . . . . . . . . . . Bibliography . . . . . . . . . . . . . . . . . . .3. . . . . 2 Problem analysis . . . . . . . .2 Structure of ISO/IEC 20000 and defined processes . . . . .1 General ITSM introduction . . 3. .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . 2. . . . . . . . . . .4 Issues of ISO/IEC 20000 implementing in an organization . . . . . . . . . . . . . . . . . . . . . .1 Problems encountered . . . . . . . . . . .1 IBM Rational Method Composer and its concepts . . . . . . . . . . . . . . . . . . . . . . . . . 4. . . . . . 3. Appendix A – Contents of the attached CD . . . . . . . . . . . . .2 ISO/IEC 20000 model . . .1. . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 Key ITSM framework characteristics .1 Importance of process tools . . . . . . . . . . . . .1 Structure of the thesis . . . . . . . .5 PRojects IN Controlled Environments (PRINCE2) . . . . . . . . . . .2 ISO/IEC 20000-2 model . . . . . . 2. . . Appendix B – Work Breakdown Structures of the ISO/IEC 20000 process model . . . . . . . . . . . .1. . .3. . . . . . . . . . . . . . . . . . 3. . . . . . . . . 3 Solution – ISO/IEC 20000 process model . . . . . . . . . . . . . . 4. . . . . . . . . . . 2. . . . . .2. . . 2. . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . 2. . . . . . . . . . . . . . . . . . . .2. . . . . . . . . . . . . . .1. . . . . . . . . . . 2. . . . . . . . . . . .1 Extending tasks and creating a new one . . . . . . . . . . . . . . . . . . . . .1 Technologies used for ISO/IEC 20000 modelling . 1.3 Microsoft Operations Framework (MOF) . . .3. .2 ITSM frameworks . . . . . . . . . . . . . . . . . . . 4. . . . . . . .2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Capability Maturity Model Integration (CMMI) . . . . . . . .3. . . . .3 ISO/IEC 20000 and ITIL relation .2 Control Objectives for Information and related Technology (COBIT) 2. . . . . . . . . . . . . . . . 2 2 3 3 4 4 4 6 7 8 8 9 9 10 10 13 13 15 15 15 21 22 22 24 27 27 28 29 32 32 34 36 37 1 . . . .2. . . . . . . . . . . .1 ISO/IEC 20000-1 model . 4 Sample utilization – Process incident . . . .2 Establishing new roles . . . . . . . . . . . .2 IBM Rational Team Concert and Jazz Team Server . . . . . . .1 Benefits of ISO/IEC 20000 adoption . . . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . . . 2. . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . 1 . .Contents Introduction . . . . . . . . . . . 2. 5. . . . . . . . 3. . . . . 5 Conclusion . . . . . . . . . . . . . . . 2. . .1 Information technology infrastructure library (ITIL) . . .3 ISO/IEC 20000 and its structure . . . . . . . .

Another possible usage is to form a baseline for process design in accordance with ISO/IEC 20000. especially IT Infrastructure Library (ITIL) and ISO/IEC 20000. 2 . The main part of the work is development of a process model based on ISO/IEC 20000 in IBM Rational Method Composer. differences between these two are also discussed. The third chapter covers IBM software platforms for process designing and implementation – IBM Method Composer and IBM Team Concert.Chapter 1 Introduction The thesis is dedicated to a study of a domain of information technology service management (ITSM). The planned application of the model is to illustrate the structure of the standard and emphasize major concepts and elements. The second chapter analyses the problem of information technology service management and corresponding issues of quality assurance. Some of the major process frameworks are presented.1 Structure of the thesis The first chapter comprises the introduction to the thesis and its structure. which I had while elaborating the thesis. The model of ISO/IEC 20000 processes is also described in detail with a discussion of its possible utilizations and extensions. The fourth chapter illustrates one of ways of the potential model usage by extending a small part of it as it could be used in real process environment. 1. The primary concern is controlling quality of provided services – service assurance – intended mainly for greater customer satisfaction. The paper is aimed at one particular ITSM methodology – the international standard for IT service provision ISO/IEC 20000. This chapter is used as a proof of concept of my modelling approach and the implementation of ISO/IEC 20000 processes. which is a discipline for governing IT service provision to a customer. The final fifth chapter summarizes the work done with a list of interesting issues. including solutions I used.

changing circumstances and new business requirements as well as continuously evaluating its processes and performance in order to identify and implement opportunities for improvement. or ”the particular skills that someone has and can offer to others” (Cambridge Advanced Learner’s Dictionary). Main benefits gained by the Quality Assurance practice of IT services can be: • • • • Improving customer’s satisfaction. e.” [1] The primary reason for managing IT services is a need for controlling their quality. Unless this 3 • . It needs changes in service provider’s business culture and consequently overall employee’s conception of service provision needs to be customer-centered. business process restructuralization.1 General ITSM introduction ITSM stands for ”Information Technology Service Management” and represents an integrated approach to govern IT service provision. but not one that involves producing goods” (Longman Dictionary of Contemporary English). In real scenarios. ”a particular type of help or work that is provided by a business to customers. A quite interesting and embracive definition of ITSM is ”IT Service Management is the planned and controlled utilization of IT assets (including systems. Abstractly said. Better understanding of internal operations because of better monitoring and reporting. Reducing resources consumption. However. a proper implementation of ITSM principles and QMS (Quality Management Systems) for IT services is difficult because of following reasons: • A shared understanding between a service provider and customer of what ”quality” means is necessary.g. Aligning IT strategy with general business strategy. I would mention a definition of the term ”service”. administering hardware to more business-aligned ones.g. a service is a portion of work performed by a service provider on behalf of a service consumer. infrastructure and tools). IT services types can vary from typical ones like developing a piece of software. e. a set of so-called key performance indicators (KPIs) is established. There are many of them.Chapter 2 Problem analysis 2. First of all. people and processes to support the operational needs of the business as efficiently as possible whilst ensuring that the organisation has the ability to quickly and effectively react to unplanned events.

each book covered one consistent topic of interest. 2.1 Importance of process tools To use a full potential of quality assurance practices and quality management systems. independence on platform and public domain availability. process improvement and also very important post-change reporting.ibm. Therefore a company needs a flexible and scalable process environment to be able to utilize quality assurance practices. • The key for quality control is a concept of process improvement. it is necessary to apply an integrated organization-wide solution. An optimized solution could use a process execution platform to enable quality monitoring. The initial ITIL’s versions were structured into separate books.2. Most of them are dedicated only to the domain of IT services. ITIL therefore offered a framework. at the present time fully integrated into Office of Government Commerce (OCG).2. This requirement implies that a computer aided approach is vital to achieve essential sustainability and reduction of time and resource consumption.com/developerworks/webservices/library/ar-soaitil/itil 1. I omitted ISO/IEC 20000 here completely.2 ITSM frameworks In this section I list major ITSM frameworks and methodologies. 2. The key ITIL characteristics are [16]: process management. as it is described throughout next section.1 Information technology infrastructure library (ITIL) Information technology infrastructure library (ITIL) is a collection of best practices developed in the 1980s by British government’s Central Computer and Telecommunications Agency (CCTA).1. • 2. The following diagram1 shows a structure of ITIL V2 books: 1. http://www. but I also mention some approaches.gif 4 . The main reason for its creation was growing dependence of companies on information technologies and also a shift of IT perspective from just application development to more complex portfolio of services. A central knowledge base and an information repository is required. Benefits of this dynamical process infrastructure preferred to a static form of only documented practices are analogous to the usage of Web 2. a customer-oriented approach. unambiguous terminology. however they can also be used for service management and quality assurance – namely Capability Maturity Model Integration (CMMI) and PRojects IN Controlled Environments (PRINCE2). which are more general.0 technologies instead of a collection of static documents. a QMS is considered only as a ”burden” and employees try to evade it. P ROBLEM ANALYSIS happens in a company. on which IT organizations could base their processes.

ITIL V3 now covers also topics like service design instead of concentrating simply on service provision. Moreover. An illustration2 of the ITIL V3 service lifecycle: The five ITIL V3 core books are (designated by names of service lifecycle phases)[2]: Service Strategy covers an alignment of business with IT and transforms each phase of the service lifecycle into benefits for a customer.pdf 5 . P ROBLEM ANALYSIS The core two books are Service Delivery and Service Support.2. One additional ITIL V2 book exists – ITIL Small-Scale Implementation – which is guidance for smaller IT organizations or divisions. taken from http://www. Actual version of ITIL is ITIL V3 released in 2007. 2. which discuss typical ITSM problems.com/USA/Communities/attachments/BMC BPWP ITIL Version 3 BSM. unlike previous versions which were more grouped by separate processes. It is structured based on a service lifecycle.bmc.

This includes a range of models. and implementing it within the company’s current business processes. Define the IT Processes.2 Control Objectives for Information and related Technology (COBIT) The Control Objectives for Information and related Technology (COBIT) is a set of best practices for ITSM created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) in 1996. It embraces many of the disciplines defined within the previous version of ITIL. Acquire and Maintain Technology Infrastructure. Install and Accredit Solutions and Changes. [11] Service Operation explains the activities required to enable day to day operational ”excellence”. Communicate Management Aims and Direction. Service are better and more clearly described in an appropriate level of detail. Manage Quality. It covers areas such as the execution of the applications within the IT system and its results. [11] Continual Service Improvement embraces service quality in the context of continual improvement. These support processes include security issues and training. acquiring the technology. reliability and cost of the services are managed better.2. [4] 6 . Determine Technological Direction. Enable Operation and Use. Manage IT Human Resources. the support processes that enable the effective and efficient execution of these IT systems. [4] COBIT is divided into four domains [4]: Plan and Organize – contains following processes: Define a Strategic IT Plan and Direction. Organization and Relationships.2. [11] Some of ITIL benefits mentioned in [16]: • • • Services are more customer-focused and agreements about service quality improve the relationship. and also deals with the service retirement scenario. as well as. Procure IT Resources. [11] Service Transition describes the long term change and release management concepts and practices. availability. including outsourcing and insourcing. [4] It contains following processes: Identify Automated Solutions. Manage Changes. Define the Information Architecture. offering guidance on transition into a business environment. Manage the IT Investment. This domain also addresses the development of a maintenance plan that a company should adopt in order to prolong the life of an IT system and its components. Deliver and Support – focuses on the delivery aspects of the information technology. Acquire and Implement – covers identifying IT requirements. and architectures for the design of IT service solutions. The quality. Acquire and Maintain Application Software. 2. documents. Assess and Manage IT Risks. P ROBLEM ANALYSIS Service Design provides guidance on the development and maintenance of information technology policies. Manage Projects.

Monitor and Evaluate Internal Control. Manage the Physical Environment. Manage Thirdparty Services.2. Manage Operations. Ensure Regulatory Compliance.2. 2. Ensure Systems Security. [4] It contains following processes: Monitor and Evaluate IT Processes.3 Microsoft Operations Framework (MOF) Microsoft Operation Framework (MOF) is another framework designed specifically for the ITSM domain. Provide IT Governance. Manage the Configuration. Identify and Allocate Costs. Monitoring also covers the issue of an independent assessment of the effectiveness of IT system in its ability to meet business objectives and the company’s control processes by internal and external auditors. 7 . Manage Problems. Manage Service Desk and Incidents. Manage Data. Manage Performance and Capacity.0 was created in 2008 to provide guidance across the entire IT lifecycle [14]. Monitor and Evaluate – deals with a company’s strategy in assessing the needs of the company and whether or not the current IT system still meets the objectives for which it was designed and the controls necessary to comply with regulatory requirements. Ensure Continuous Service. P ROBLEM ANALYSIS It contains following processes: Define and Manage Service Levels. Educate and Train Users. MOF 4.

Thus. released in February 2009.2. set process improvement goals and priorities. and delivery.jpg 8 . Operate and one governing Manage layer. Deliver. For each area.2. [15] 2.4 Capability Maturity Model Integration (CMMI) Capability Maturity Model Integration (CMMI) is a process improvement approach that provides organizations with the essential elements of effective processes that ultimately improve their performance. It helps integrate traditionally separate organizational functions. CMMI can be used to guide process improvement across a project. is appliable to IT services as another option to the ITSMspecific methodologies. there is a collection of best practices called model.wikimedia.5 PRojects IN Controlled Environments (PRINCE2) PRINCE2 is a scalable project management method developed by the British Office of Government Commerce (the same organization that created ITIL). product and service acquisition. The table taken from Wikipedia. [3] The following table shows five maturity levels3 : CMMI is usable in three different areas [3]: • • • product and service development. service establishment.org/wikipedia/commons/d/d7/Capability Maturity Model.2. or an entire organization. a division. provide guidance for quality processes. 2. P ROBLEM ANALYSIS MOF represents a service lifecycle as three phases Plan. and provide a point of reference for appraising current processes. management. PRINCE2 is a general method 3. at: http://upload. the CMMI for Services.

It was released in December 2005 jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). [19] Therefore it could be possible. there are several attributes of each framework or methodology that should be considered: • • • a certification body or auditor availability. for example. PRINCE2 could be solely used as a base for succesful ITSM solution. Additionally.6 Key ITSM framework characteristics While comparing. a scale of a framework and / or a size of a service provider’s organization. P ROBLEM ANALYSIS with broad scope of usages.2.3 ISO/IEC 20000 and its structure The ISO/IEC 20000 standard is the international standard for IT service management domain. The cited source also states that the real benefit is in taking the framework as a baseline. because there is no advantage in implementing something regarded as ”standard” [1]. regionally. a springboard. Moreover. The processes within the technique and relations among them can be illustrated by the following diagram [19]: Being an adjustable. on which a service provider can further cultivate and evolve its process environment and corresponding service quality. I would like to mention an idea. trying to adopt or choosing which framework to use as a base for process development in an organization. e. to use ITIL as a core ITSM solution and PRINCE2 to manage more complex service deliveries. the new version of PRINCE2 – ”PRINCE2:2009 Refresh” – was designed to better integrate itself with other methodologies Office of Government Commerce. notably ITIL.g. 2. 2. ISO/IEC 20000 9 . a fact. if a given framework is specific only to ITSM or is determined to be widely used – and therefore it could be necessary to adjust it more to an IT related domain. flexible and scalable method.2. that ”gaining a competitive advantage” should not be considered as a benefit gained by adopting some ITSM framework.

responses and reports. to account accurately for resources spend by the IT services provision.3. making it an essential document for auditors. obtaining the ISO/IEC 20000 certification by an auditor demonstrating the service provider’s will and commitment to addressing service quality problems. the large public commission (no. . more customer-oriented IT.. .g. as well as for the service provider’s organization internal needs. that the standard contains. 2. service delivery processes are managed and modified with regard to customers’ inputs. The certification can also be the formal prerequisite for gaining a significant customer or winning a public selection procedure4 . ”a service provider shall.e.2. ” or ”there shall be a process. P ROBLEM ANALYSIS is the successor of the British Standard BS 15000. which must be fulfilled by a service provider to comply with the standard. many of the processes take into account the overall business strategy of the service provider. ISO/IEC 20000-1 is of course the main part against which a service provider is certified. a definition what a given process should encompass). E. ISO/IEC 20000 consists of two parts: The first part (denoted as ISO/IEC 20000-1: Specification) is mostly a description of a set of processes and requirements imposed on them (i.1 Benefits of ISO/IEC 20000 adoption There are several possible benefits gained by adopting the ISO/IEC 20000 standard: • • • • • embracing the ITSM domain knowledge and best practices. 114071-9038) to deliver Information system of basic registers for the Czech Ministry of internal affairs also requires that the contractor is ISO/IEC 20000 certified. ISO/IEC 20000-2: Code of Practice further extends processes defined in the specification by presenting additional recommendations based on best practices and the contemporary 4..g. which was developed in the year 2000 to reflect the ITIL methodology and its knowledge and experience. The standard can be used equally in both ways.. .g. better alignment of business and IT strategy. This part is mostly written in a form of rules and responsibilities (e. 2. ISO/IEC 20000 is divided into two parts: ISO/IEC 20000-1: Specification is in fact a set of requirements. ISO/IEC 20000 is usable for providing IT services both for the explicit external customers. [22] 10 . or for more efficient planning of future service demands.2 Structure of ISO/IEC 20000 and defined processes As stated above. A service provider adopts ISO/IEC 20000-1 by creating processes satisfying these obligations and meeting other requirements like the necessity of the integral management system encompassing all service management processes as stated in the chapter 3 (Requirements for a management system) [23]. ”). better monitoring capabilities used. e.3. . The second part (ISO/IEC 20000-2: Code of Practice) expands each process from the first part with additional recommendations based on contemporary ITSM experience.

1.jpg. therefore I summarize here the general arrangement by introducing each chapter and its purpose. 11 . Scope – a short overview of the standard’s purpose. For clarity reasons I also include a tree schema presenting all processes defined in the standard (13 total.com/articles/images/pdca. . P ROBLEM ANALYSIS knowledge and experience of the ITSM industry. 6. The schema taken from http://www.bizmanualz. This part is not considered ”mandatory” in the context of auditing and achieving ISO/IEC 20000 certifications. numbers in parentheses represent the chapter and clause in which they are described). These three aspects are considered to be a core for a service management system creating an integral process framework. rather suggestive – it offers guidance and assistance in managing services using ISO/IEC 20000 processes. . ISO/IEC 20000-2 adds ”For that process.2. Terms and definitions – a list of rigidly defined technical words and phrases used throughout the text. 3. 4. . Planning and implementing service management – introduces a concept of service management process lifecycle based on an iterative methodology known as Plan-Do-CheckAct. 2. ”.5 Both parts have almost identical structure in topics being described (with different content based on the perspective and the scope of each part). Requirements for a management system – contains specification of documentation. duties of service managers and a section regarding staffing for service roles. it is also vital to consider or implement. The following diagram6 illustrates the cycle: 5. The relation between these two parts can be rather elementally demonstrated on the following example: Whereas ISO/IEC 20000-1 states ”There shall be a process doing. . ”.

Service delivery process – a set of six processes with a quite operational character overseeing the service provision. Check – service monitoring. 7. 6. 8.4 Budgeting and accounting for IT services – plans and monitors resource usage spent on the service provision.6 Information security management – manages security of IT services including resolution of security incidents.2 Supplier management – manages a partnership with service provider’s suppliers – both direct and indirect – by rigidly defining service terms that a supplier provides. Planning and implementing new or changed services – describes the importance of an integrated approach to managing changes to services or establishing new ones and depicts a way. There are following processes specified: 6. how to achieve it. 6. Do – service implementation and delivery. reporting and analyzing.2 Service reporting – creates service reports.1 Service level management – manages a definition. Act – service improvement. sometimes referred to as KPIs – Key Performance Indicators 12 . 6. Resolution processes – two closely connected processes solving defects. 5.2. P ROBLEM ANALYSIS The methodology applied on the service management domain represents: • • • • Plan – service planning. 6. An investigation of customer’s business needs is a necessity. technical errors or mistakes while providing services: 7. 6. Note: Charging for services is not mandatory..e. 7.1 Business relationship management – manages an optimal partnership and cooperation between a service provider and its customers – service consumers. Relationship processes – two processes dealing with business partners of a service provider: 7.3 Service continuity and availability management – guarantees that a service is operable as stated in a SLA (Service Level Agreement). characteristics7 describing quality of a service at one moment in time). an agreement with a customer and monitoring of a service level (i.5 Capacity management – guarantees enough resources for the service provision. 6.

A whitepaper [6] and a website [5] summarize differences between ITIL V3 and ISO/IEC 20000. However. please consult the referred materials. 10.2. A service provider must use the structure that is most appropriate. Charging is not applicable for some organizations so cannot be included in a specification.3. Release process – there is only one process in the tenth and final chapter: 10.1 Configuration management – provides an unified access to information about service provider’s properties – both material and immaterial (for example patents). 9. ISO/IEC 20000-1 includes requirements for budgeting and accounting. 2.2 Change management – grants a controlled methods for requesting changes in an organization’s assets or infrastructure and approving them. ITIL includes advice on charging. 2. Control processes – two processes. Some of the key differences mentioned are: • ISO/IEC 20000 contains requirements for management responsibilities (in chapter 3).4 Issues of ISO/IEC 20000 implementing in an organization There are several problems in implementing ISO/IEC 20000 in a company. P ROBLEM ANALYSIS 8. 9. many of the ITSM topics exist in both documents.1 Release management process – a process dealing with a release (a set of related changes grouped together and implemented at once). conceptual and process ones. which work as an integral approach for service provider’s assets management: 9. that ISO/IEC 20000 (primarily its first part) is a set of mandatory requirements. [5] Specialist advice is available for small organizations. there are several differences between these two. [5] For a complete list of all differences. whereas ITIL is a collection of advices and best practices. The main conceptual difference is a fact. The most important are: 13 • • • . ISO/IEC 20000 requirements are completely independent of organisational structure or size. [5] ISO/IEC 20000 has a more rigidly defined approach to business relationship and supplier management. ITIL does not. 8.3 Problem Management – examines and reacts to sources and causes of incidents.3 ISO/IEC 20000 and ITIL relation Since ISO/IEC 20000 was designed to be closely aligned with ITIL.3. where all requirements are compulsory. ITIL includes advice and options for some aspects of organizational structure.2 Incident Management – deals with an incident – an event reducing quality of a service or breaking its functions completely – and tries to mitigate its effects attempting to do as little disruption of customer’s business as possible.

there is no official material like Planning To Implement Service Management is for ITIL.2. There is no distinction in the terms of service provider’s size. 14 . security events and so on. It is rather a list of requirements (part 1) and a list of process-related recommendations and advices (part 2). The standard is quite new (released in December 2005) and therefore there are no many case studies and experience with its implementation. [7]. P ROBLEM ANALYSIS • The standard itself does not contain any information or guidance how to implement it. Change management – ”Without change management as a first step. 4. some third party books exist. The suggested sequence is as follows: 1. However. in which order to implement processes. nothing like the SmallScale Implementation for ITIL V2.” Configuration management Incident management Problem management 2. 3. which could be used as a guideline for scheduling ISO/IEC 20000 and deciding. Unfortunately. This example demonstrates. your ITIL implementation effort may result in the automation of the ability to apologize for downtime.g. that guidances for implementing ISO/IEC 20000 (and other ITSM solutions) based on experience can be found and used. e. • • A quite interesting material [21] exists on a topic of prioritization of ITSM processes.

in which classes are general and reusable. The primary reason for including this in my thesis is to give a reader a quick overview of basic RMC concepts and ability to use the ISO/IEC 20000 model not only in the form of exported HTML document. However. For the whole picture of RMC. The following schema illustrates it with a subsequent description of each element. commonly abbreviated as RMC.1 Technologies used for ISO/IEC 20000 modelling 3. 3. please refer to [9] or the web site regarding all RMC characteristics at: www-01. a process designer can instruct RMC to automatically propagate all modifications to all instances1 . E.ibm.1. option ”Default synchronization from method content” 2.com/software/awdtools/rmc/ The essential concept in Method Composer is the idea of distinction between reusable process assets (called Method content elements) and implementation of these assets specific for one process. he or she defines a general method content element ”software tester” and then uses a reference to this element in a delivery process. On the other hand. Rational Method Composer is a complex featurerich process designing platform. whereas instances (objects) are their concrete representations.g. but also in the ”source” form in RMC. if the general process element changes.Chapter 3 Solution – ISO/IEC 20000 process model This chapter describes one approach to ITSM problems discussed in the previous chapter – using a ISO/IEC 20000 standard and its model as a framework for IT service provision in an organization. I depict here only a small subset of its aspects. if a process designer wants to work with a role ”software tester”. the section regarding the model in detail follows. which were relevant to working out my thesis.. which is vital for reusing the model and customizing or expanding it for needs of any specific organization.1 IBM Rational Method Composer and its concepts In this section I describe a tool used for the main part of my work – IBM Rational Method Composer. 15 . The first part of this chapter is dedicated to the technologies used for the modelling. It is essential to understand the structure of elements used in RMC. This reference now acts as an instance of the original ”software tester” and all changes to this role in the scope of the delivery process are only local. This approach is in a certain way similar to the object-oriented programming paradigm. 2 1.

Method Plug-in – a high-level container used for grouping related method content elements and processes.. E.3. I define two method plug-ins in my model. Configuration – a logical element specific only to publishing documents by RMC. which is structured into a hierarchy of smaller Content Packages. E. S OLUTION – ISO/IEC 20000 PROCESS MODEL Method Library – a top-level container for all elements regarding one project or process domain. I use configurations iso20000-1 representing only first part of the standard (i. iso20000-1 and iso20000-2 as collections of contents and processes of each part of the standard.g. Method Content – a container used for related general method content elements.. Process – a container for both capability patterns and delivery processes described bellow. which is a whole standard published together using both method plug-ins.e. specification) and iso20000. 16 . A method configuration defines which corresponding parts of a method library should be published as a single document (like HTML or PDF).g.

. which is a set of related RMC elements that are a base for configurating (in the meaning defined above) and exporting a process model (views are visually presented as tabs on the left of published HTML model web pages improving understandability and structuralization of the model). . a state in which a service is restored to the agreed service level is an outcome of the task Resolve incident effect in the incident management process. Work products are of several types: • • An Artifact is typically a tangible concrete item or object. A capability pattern can act as a template or a framework for more than one process enabling the principle of reusability.3. that is general and abstract enough to be used separately in another processes. E. Standard Category – a set of logical containers grouping individual method content elements of one type into one predefined group (mainly for overview purposes). tasks. a set of documents can be grouped into deliverable documentation.g. A Deliverable is a set of artifacts related to each other. This grouping is as follows: • • • • A set of Tasks is a Discipline. E. a single document. An Outcome is a state created by execution of a process or a task.. and responsibilities.. E. I define method content elements of individual ISO/IEC 20000 processes (like Service level management) as separate packages in my model. Delivery Process – a flow of actions (tasks in RMC) executed by some roles using work products as an input and an output with an optional support in a form of some guidance (defined below). Custom Category – a group of content elements which can be defined by a process designer usually used for lucidity and reporting reasons. A set of Work Product is a Domain or a Work Product Kind (more presentation oriented [9]). Work Product – generally an input or an output of a task. One specific and quite important type of a predefined custom category is a View.. A set of Roles is a Role Set.g. usually grouped together to be delivered to internal or external party. S OLUTION – ISO/IEC 20000 PROCESS MODEL Capability Pattern – a part of a delivery process. Related capability patterns can be grouped together into Process Packages (not shown in the schema). competencies.. Content Package – a fine-grained level container used for grouping corresponding roles.g.g. E. [9] Task – a description of a unit of work assigned to a role that provides a meaningful result. I define a PDCA capability pattern. . which represents a widely used iterative Plan-Do-Check-Act methodology [17] defined not only in the ISO/IEC 20000 standard. [9] A task is usually divided into Steps – atomic amounts of work. 17 • .g. Related delivery processes can be grouped together into Process Packages (not shown in the schema). artifacts. A set of Tool Mentors is a Tool. E. Role – a definition of a set of related skills.

There are many types of a guidance element. Guidelines most commonly apply to tasks and work products. [9] • • • • Method content variability Method content variability is an another concept in IBM Rational Method Composer used mainly for reusability purposes.3 3. [9] A Report is a predefined template of a result that is generated on the basis of other work products as an output from some form of tool automation. but can also define new ones or override the existing ones from the base. about a modelled domain as a whole or functions as a guideline for better understanding and using the model. sections. tasks. In [9] there is the following example: The generic Review Record artifact can be used as a base for a more special version of the review record using the Extends variability. This method content variability type is the most similar one to the inheritance defined in object-oriented programming paradigm.3. packages. [9] A Practice presents a proven way or strategy of doing work to achieve a goal that has a positive impact on a work product or process quality. A Template specifies the structure of a work product by providing a predefined table of contents. as well as descriptions how the sections and packages are supposed to be used and completed. The base appears in the published Web site but the contributing element does not. [9] Replaces – A replacing element replaces parts of the base element. 18 . Concepts normally address more general topics than Guidelines and span across several work products. [9] A Concept outlines key ideas or basic principles underlying a topic central to the method. S OLUTION – ISO/IEC 20000 PROCESS MODEL Guidance – an RMC element that adds some supplementary or additional information about one particular element. and/or headings. add or expand only characteristics specific to the new element. [9] Extends – Both the base element and its extension coexist in the published material. or activities. a standardized format. Using method content variability a process designer creates an element with an inherited content and relationship with another elements derived from an existing element and then is able to modify. There are several types of method content variability (each defining a special relationship among a base element and its derivates) in Method Composer. The extension inherits all attributes and relations of the base. Term definitions can be used to build up a glossary of terms usable as supporting material to exported documents. namely: Contributes – A contributing element adds to the base element. The replacer appears in the published Web site but the base element does not. [9] A Term Definition defines a (usually technical) word or a phrase used in a description of a content element or a content element name itself. I would list some important ones that are also used in my ISO/IEC 20000 model: • • A Guideline provides an additional detail on how to handle a particular content element.

Each following property is applicable for every element with an exception of Event Driven. 19 . tasks. i. which were overridden in the extending element. .e. Multiple Occurrences – An element with multiple occurrences property set is allowed to be initialized more than once in a delivery process lifecycle.g. Ongoing and Repeatable. Each of the process elements above has a set of boolean properties which add another characteristics of the process element. A Task Descriptor is a term used for a concrete realization (instance) of a task (general content element) in a process. Elaboration and expanded Construction phases with many activities nested at several abstraction levels and at the lowest level. [9] In the screenshot. Optional – An optional element can be skipped while executing a process. Event-Driven – An event-driven element starts depending on a state of other process elements or on an external event. The most important diagram types are (some graphical examples5 included for illustration): Work Breakdown Structure (WBS) – A work breakdown structure is a hierarchical breakdown of work. it is continuous.3. 4. IBM Rational Method Composer uses a set of diagrams for process designing. leaving the other intact. E. Screenshots taken from the Rational Unified Process (RUP) methodology packaged within IBM Rational Method Composer default installation. which can be assigned only to Task Descriptors or Activities: Planned – A planned process element is exported to Rational Team Concert. . S OLUTION – ISO/IEC 20000 PROCESS MODEL Extends and Replaces – This variability type changes only the characteristics in the base. I use mostly the Extends variability type in my ISO/IEC 20000 model to present and map the relations between the elements required in the specification of ISO/IEC 20000-1 and the consequent recommendations and extensions of these elements described in ISO/IEC 200002. and steps. Subsystem Design. there is a small portion of the Rational Unified Process WBS. such as activities. Repeatable – A repeatable process element can iterate in a process instead of been executed only once. Process elements and their properties Process elements in Rational Method Composer are building blocks of a process at different levels of abstraction. 5.. a reader can see the Inception. These diagrams are interconnected and synchronized. defining a process. adding a task performed by a specific role and using some artifacts to Work Breakdown Structure results into an update of Team Allocation schema and Work Product Usage table. However. meaning that a change in one diagram automatically propagates to the others. Generally speaking. Ongoing – An ongoing process element does not have a predefined start or an end of execution. there is the following hierarchy of process elements: Step → Task Descriptor 4 → Activity → Iteration → Phase → Process. in the element description there should be a condition to do that. there are task descriptors like UseCase Design.

S OLUTION – ISO/IEC 20000 PROCESS MODEL Team Allocation – An extended WBS with specific performers (roles) explicitly presented in a schema. an activity. 20 . a phase or an iteration. Work Product Usage – An extended WBS with all work products explicitly presented as an input or an output of a process element. [9] The example illustrates the activity diagram of the Develop Components activity of the Construction phase in the RUP.3. Activity Diagram – Activity diagrams show the workflow of child process elements of a process.

I didn’t export it into the environment of IBM Rational Team Concert. which is a scalable. . Although I created a model of ISO/IEC 20000 processes.3. reporting. build. extensible team-collaboration platform that integrates tasks across the software lifecycle. its monitoring and coordination among employees. dashboards. This connection is vital. IBM Rational Team Concert and Method Composer integration IBM Rational Method Composer and IBM Rational Team Concert can be integrated together to allow processes designed in RMC to be exported into IBM Rational Team Concert and Jazz Server process platform. because it allows the very execution of implemented processes.1 (Problems encountered). because the model itself reflecting the standard is too general to be used directly in a process execution platform. external. centralized into one tool and accessible for all associated employees enabling cooperation with the option of integration with another (already implemented in a company) tools used for successful information service provision. because it enables management of process execution.1 – which are not the newest ones. Initially it would be necessary to customize and extend the model in process design software (IBM RMC) in accordance with: • • • existing processes in an organization the business strategy of the organization the size of the IT division and the character of its customers (internal vs. Its platform is therefore a central aspect of succesful ITSM solution as it makes possible monitoring. 21 . S OLUTION – ISO/IEC 20000 PROCESS MODEL 3. IBM Rational Team Concert is essential software and a piece of process management infrastructure. The platform also provides useful building blocks and frameworks that facilitate the development of new products and tools. .1.2 IBM Rational Team Concert and Jazz Team Server IBM Rational Team Concert is a collaborative software development environment enabling developers to collaborate together using integrated planning (with full support for Scrum). ) Such implementation extension of the ISO/IEC 20000 model could be afterwards exported and executed as a set of service management processes in a specific organization. One drawback of this software integration is that it is still considered ”beta” feature and also requires exact versions of the software [8] – IBM Rational Method Composer 7. section 5. [12] In the context of ITSM and particularly my ISO/IEC 20000 process model. work items. [20] IBM Rational Team Concert is built around the Jazz platform. reports and process support.5ifix1 and IBM Rational Team Concert Client 1. A discussion about the issue of ISO/IEC 20000 being too general and of course not ready for ”immediate execution of the shelf” can be also found in the concluding chapter 5. customizing and extending all service quality related processes in the organization.0. source control.

6. which I think should suit a reader best.. please refer to the section regarding IBM Rational Method Composer 22 . and I used a more general and complex introduction to the standard in the tab ISO/IEC 20000 Overview than there is in the chapter 1 (Scope). Do with a task descriptor Implement Service Management Plans.cz/th/140448/fi m. which can be found on the attached CD or at http://is. a reference to a webpage regarding benefits of an ISO/IEC 20000 adoption. Both models description structure is based on their exported HTML versions. Service Management Process is a delivery process at a high level of abstraction based on the capability pattern with the following phases: 1. specifically on the tabs on the left side of HTML pages6 . ISO/IEC 20000 – a model of both parts of the standard containing the previous model and adding ISO/IEC 20000-2 specific elements.2 ISO/IEC 20000 model In this section I describe my ISO/IEC 20000 process model developed in IBM Rational Method Composer. Manage Trainings and Communicate the Importance of Service Management. I created two separate models: • • ISO/IEC 20000-1: Specification – designed after the first part of the standard and described in following subsection ISO/IEC 20000-1 model. The list of all tabs in the ISO/IEC 20000-1: Specification model with a summarizing description follows: ISO/IEC 20000 Overview tab – contains an introduction to the standard. These tabs represent Configuration Views – for more information. which could be also helpful for following my description. Management System (Specification) tab – presents a Management role.2. I put work breakdown structures of delivery processes of the complete ISO/IEC 20000 model in the Appendix B. a link to a Wikipedia article about ITSM and a description of the structure of the model. Plan.muni. 2. Planning and Implementing Service Management (Specification) tab – illustrates the PDCA (Plan-Do-Check-Act) methodology modelled as a capability pattern with a loop.3. I suggest that a reader follow my explanation by simultaneously browsing the HTML version. S OLUTION – ISO/IEC 20000 PROCESS MODEL 3. a set of artifacts) Documents forming core service management documentation.e. The appended parts are discussed in subsection ISO/IEC 20000-2 model. 3. Additionally. a deliverable (i. and a Manage staff delivery process with 3 task descriptors: Define Roles. because there is no interesting structure in the chapter to be modelled. I chose a description from the perspective of the exported HTML version of the model. Skills.1 ISO/IEC 20000-1 model The structure of ISO/IEC 20000-1 model naturally reflects the chapters of the first part of the standard with small exceptions: I omitted the chapter 2 (Terms and definitions).

Manage Information Access. Service Delivery (Specification) tab – contains six delivery processes: • Service Level Management consists of three task descriptors Manage Agreements. Terminate Service. Manage Capacity. 23 . S OLUTION – ISO/IEC 20000 PROCESS MODEL 3. Assign Costs. Respond to Business Change. and Process Financial Predictions. Changed or New Services (Specification) tab – introduces a Change Management Process addressing modifications of service in the current service environment. 4. • Resolution (Specification) tab – encompasses two closely related delivery processes: • Incident Management contains Resolve Incident Effect. Manage Information Security Risks. Budgeting and Accounting for IT Services contains five task descriptors: Budget and Account. Supplier Management contains the following task descriptors: Manage SLAs. and Monitor Availability. Service Reporting has only one task descriptor Produce Service Report. Check with task descriptors Monitor Service Management Processes. adding new services as well as terminating current ones. Fulfill Information Security Policy Requirements. Manage Reviews and Plan Audit. Implement Changed or New Service. Communicate Incident Resolution State. and Review Changed or New Service. Monitor Costs. The delivery process contains a task descriptor Manage Resources for the Change Management and for each or new service provides three task descriptors: Accept Changed or New Service. Test Service Continuity Plans. Control Finances. Process Complain. Information Security Management introduces the following seven task descriptors: Accept and Propagate Information Security Policy. Manage Security Control Documentation. Manage Supplier Documentation. Manage Incident Procedures. Manage Major Incident task descriptors. Manage Service Continuity and Availability Plans. Manage Capacity Requirements. Manage Contracts. Capacity Management has three task descriptors: Capacity Management. Manage Access to Systems. Manage Security Incident Procedures. Service Continuity and Availability Management comprises following task descriptors: Identify Service Continuity and Availability Requirements. Hold Meeting. Monitor Service Levels and Manage SLAs operating with a significant work product – Service Level Agreement.3. Manage Contract Violation. Review Service Continuity and Availability Plans. Act with a task descriptor Manage Service Improvements. and Review Security Incidents. • • • • • Relationship (Specification) tab – is a set of two delivery processes: • Business Relationship Management contains task descriptors: Document Customers and Stakeholders. Monitor Supplier Efficiency. Manage Service Quality Feedback.

Preserve Integrity. Manage Preventive Actions. Update Configuration Items and Change Records. Process Release. Manage Release Reversal Methodology.3. S OLUTION – ISO/IEC 20000 PROCESS MODEL • Problem Management contains the following task descriptors: Manage Problem Procedures. The reason for this approach was that creating isolated ISO/IEC 20000-2 model is not possible.2 ISO/IEC 20000-2 model I developed the complete ISO/IEC 20000 model as a superset of the ISO/IEC 20000-1 model.2. Reviewing and Plan Internal Audit. because the baseline remains the same as in the previous model. Define Configuration Item Structure. 7. Manage Emergency Release Methodology. Manage Configuration Audit Procedures. Measuring. Monitor Problem Resolution. Manage Test Environment. Plan Release. and for the purpose of referencing I also add the previously defined tabs. there are two tabs for each chapter of the standard in the complete model – one for the specification (based on ISO/IEC 20000-1) and the other combining ISO/IEC 20000-1 and ISO/IEC 20000-2 (forming a specified minimum enriched with the Code of Practice). In this section I therefore describe only the new content elements added from ISO/IEC 20000-2. Reminding Note: There are Work Breakdown Structures of most delivery processes in Appendix B of this paper. Planning and Implementing Service Management (Code of Practice) tab – was expanded by adding Service Management Plan and corresponding tasks Plan Service Management. Manage Versioning Procedures. So I conceptually define the ISO/IEC 20000-2 model as an extension 7 of ISO/IEC 20000-1. As a result. Provide Staff Records. 3. and Measure Staff Management Effectivity. Create Accounting Interface. • Release (Specification) tab – defines only one delivery process: • Release Management contains the following task descriptors: Establish Release Policy. Control (Specification) tab – has two processes: • Configuration Management uses a central Configuration Management Database and contains task descriptors: Plan Change and Configuration. Manage Change Request. Manage CMDB. Communicate to Incident Management. and tasks Plan and Implement Monitoring. Process Change Request. Implement Change and Analyze Change Records. I use the Extends Method Content Variability type abundantly. 24 . and Analyze Release Records. The tabs specific to ISO/IEC 20000-2 are: Management System (Code of Practice) tab – I added a Senior Owner role functioning through ISO/IEC 20000-2 as a responsible role. The Manage Staff delivery process was expanded by the following task descriptors: Manage Recruitment. as well as work products Service Management Policy and Service Management Continual Improvement Methodology. because elements in ISO/IEC 20000-2 reference strongly to ISO/IEC 20000-1 and many are based on them. Manage Emergency Methodology. Define Configuration Item Term. Manage Backups. Change Management contains task descriptors: Manage Reversal Methodology.

Knowledge Base and a new role Major Incident Manager. Provide Information About Customers. Problem Management added following task descriptors: Manage Problem Escalation. and Manage Information Security Risks was extended and now references ISO/IEC 20000-2. Communicate With Relevant Parties were added. and new task descriptors React To Changes. Service Delivery (Code of Practice) tab – contains following processes: • Service Level Management was enriched by a work product Service Level Catalogue. Service Continuity and Availability Management was enlarged by task descriptors Propagate Continuity Measures and Review Planned System Changes. Change Management adds the Change Management Scope concept and Propagate Change Schedule and Close and Review Change task descriptors. and information about the Service Report was extended. Manage Incident and Problem Closure and Manage Problem Reviews. Budgeting and Accounting for IT Services I added a new Financial Management Policy artifact and a React To Budget Deviation event-driven task descriptor.3. Service Reporting I added a reference to new Service Reporting Policy. Capacity Management The task descriptor Manage Capacity now produces a Capacity Utilization Log. S OLUTION – ISO/IEC 20000 PROCESS MODEL Changed or New Services (Code of Practice) tab – I introduced a new task descriptor Plan Changed or New Service to the Change Management Process. Two task descriptors were appended to the delivery process – Assure Customer’s Business Continuity and Manage Knowledge Base. as well as a Contract Management Guideline. Workaround Concept. • Resolution (Code of Practice) tab – has two processes: • Incident Management introduces a new Establishing Resolution Priorities Practice. Supplier Management was enriched by a new task descriptor Manage Multiple Suppliers. • • • • • Relationship (Code of Practice) tab – with two processes: • Business Relationship Management The task descriptors Analyze Customer Complains Records and Measure Customer Satisfaction were added. • Control (Code of Practice) tab – with two processes: • Configuration Management extends the Configuration Item Record artifact and includes task descriptors Manage Configuration Control Security and Manage Configuration Items Identification. Information Security Management was complemented by a new concept Information Security Controls Practice and a task descriptor Manage Information Assets. Service Level Agreement was extended. 25 • . The Manage Major Incident was extended to reflect the new role.

Manage Release Documentation. S OLUTION – ISO/IEC 20000 PROCESS MODEL Release (Code of Practice) tab – with only one process: • Release Management introduces a new Release Policy and adds the following task descriptors to the delivery process: Verify and Accept Release. its primary purpose is to be an introductory material as it does not fully cover some topics like work products used by tasks or interdependency of delivery processes. Verify Developed and Acquired Software. Manage Release Installation and Analyze Post Release Incidents. Note: The description of the model is not exhaustive.3. 26 . It should be supportive and allow a reader to browse and study the standard with a help of the model.

27 . which is of course one of many possible solutions. where also the published HTML version was exported. 3. Compare the current service level with the agreed level. Analyze the current service level. I chose the following order of proceeding of this sample model creation: 1. business needs. I developed a new method plug-in incident management example. acting as a container for content and process elements of this extension. I especially added some work products as an input or an output of the tasks.Chapter 4 Sample utilization – Process incident In this chapter I demonstrate how my ISO/IEC 20000 model can be used as a base or a framework for process development in an organization. I created delivery process with an activity diagram illustrating the workflow. an existing process environment and many other circumstances and an overall situation of the company. and also defined their steps.1 Extending tasks and creating a new one There are several tasks in the ISO/IEC 20000 model that I used as the foundation of the Process incident delivery process. I created a new supportive task outside of the scope of ISO/IEC 20000. I established new roles to perform these tasks. The summary of changes I made to the individual tasks: • assure customers business continuity – I defined following steps of this task: 1. 2. I illustrate this on the sample implementation of one process of the incident management domain (of the resolution processes as defined in ISO/IEC 20000) – the Process incident delivery process – implemented in a specific way. The detailed description of extensions and changes performed in the example follows in the consequent sections of this chapter. The example uses IBM Rational Method Composer to further extend and particularize the incident management process model beyond the form dictated by ISO/IEC 20000. alongside existing ones iso20000-1 and iso20000-2. 4. the process developed for a real organization would be a heavily dependant on its size. I expanded them using the Extends method content variability option existing in Method Composer. I extended incident management tasks defined in ISO/IEC 20000. customers. Also a new configuration incident management example configuration was created solely for publication purposes. 2. The plug-in can be found together with the other Method Composer model ”sources” on the attached CD. 4.

configuration item record as an optional input. because the major incident manager is supposed to resolve the situation agilely. An IT specialist – a primary performer of the tasks resolve incident effect. 3. 4. Update the knowledge base. Monitor changes to the current service level. Analyze the current service level. and configuration item record and configuration item change record as an output to propagate all changes of the hardware and software infrastructure to the configuration management database and creating a record about them. 28 . • • communicate incident resolution state – I left this task in the form defined in the ISO/IEC 20000. Perform technical changes to the infrastructure. 2. I created a new task – accept incident – a starting point of the Process incident delivery process collecting data about an incident from the customer and creating an initial incident record. S AMPLE UTILIZATION – P ROCESS INCIDENT 3. Also I added knowledge base. 5. and configuration item record. configuration item record and current service levels as an input. Create records about technical changes to the infrastructure. configuration item record as an optional input.2 Establishing new roles I created two new roles (as an extension of the general role Service provider): • • A help desk operator. configuration item change record and knowledge base as an output of the task. 5. Create records about technical changes to the infrastructure. configuration item record and configuration item change record as an output. configuration item record as an optional input. assure customers business continuity and manage major incident. and knowledge base. • resolve incident effect – I defined following steps: 1. Also I added service level agreement and current service levels state information as an input. Consult the knowledge base. 4. I did not specify any steps to this task. I used the following assignment of roles to tasks: • • • A help desk operator – a primary performer of the accept incident and communicate incident resolution state tasks. An IT specialist. manage major incident – I added knowledge base as an input. 4. Together with extending the tasks existing in ISO/IEC 20000 model. A customer – an additional performer of the accept incident task.4. Perform technical changes to the infrastructure.

An major incident manager – a primary performer of the manage major incidents as predefined in the ISO/IEC 20000 model. I set the Planned property for all task descriptors to enable an export of all processes into the IBM Rational Team Concert process environment. 4. Work Breakdown Structure showing task descriptors. 29 . S AMPLE UTILIZATION – P ROCESS INCIDENT • • An incident manager – an extension to Service provider and an additional performer of all tasks in the meaning of a supervising role. The final WBS1 (exported from IBM Rational Method Composer) of the process is: 1.4.g. E.. I designed the Process incident delivery process by creating task descriptors referencing the tasks and considering. which appropriate properties to set. roles and work products.3 Designing a delivery process Having all the necessary tasks prepared.

4. S AMPLE UTILIZATION – P ROCESS INCIDENT Afterwards. I created the following activity diagram for the delivery process: 30 .

it does not propagate the incident to higher levels of support). 31 . The lower diamond merges both paths. The main purpose of this demonstration is to illustrate the way how the ISO/IEC 20000 model can be applied and further expanded.g. The ”real” delivery processes based on the model would certainly be more complex. to the Jazz Team Server introduced in previous chapters).. The two horizontal bars are so-called fork and join elements – representing a split of the workflow allowing the parallel execution.g. The diamond is a ”if-condition” decision – the workflow course depends on the condition.. The final sample incident management process model is at a such level of detail. Arrows represent a control flow sequence. The basic elements of the schema are five task descriptors. Note: The presented delivery process is quite simple (e. The two circles stand for start and termination of the process. The main benefit of using the ISO/IEC 20000 model as a framework for process development specific to needs of some company is the fact that the resulting process is inherently complying with the standard and therefore contains the experience and knowledge of the standard and is also certifiable against it. whether the incident is considered major or not. S AMPLE UTILIZATION – P ROCESS INCIDENT The activity diagram shows the workflow. the single one is the start and the double circle is the end. that it can be exported from IBM Rational Method Composer and applied or integrated in some process execution platforms (e.4.

that fulfills the requirements. Therefore I developed a minimal process model. 5. requirements cannot be properly described in RMC. There is a problem developing a process model that is general and based on ISO/IEC 20000. ” (a requirement). that. which is in fact a set of requirements posed on processes. the main intent of the thesis was to develop a process model reflecting best practices contained in ISO/IEC 20000. that. A resulting process collection would inherently contain knowledge and experience of ISO/IEC 20000 and could be deployed onto some processing platform for direct execution. ”. This means that the model is 32 • . • The second usage was also demonstrated on a sample practical implementation of one process of the incident management domain serving as a proof of concept of my submitted model.1 Problems encountered In the end. The model itself can be further extended and customized for organization’s needs in Method Composer. . because there are many processes without performing role specified and there is no ”workflow” or an activity diagram. . It could be used as a supplemental material during an analysis or a study of ISO/IEC 20000. . The resulting process model has two primary usages: • The published version in HTML is suitable for reading and browsing. The paper introduced a general concept of ITSM and corresponding quality assurance (QA) in a service domain with examples of existing ITSM frameworks. The change is more conceptual than factual – instead of stating ”There should be a process. The IBM Rational Method Composer – a process design software – was chosen as an appropriate tool.Chapter 5 Conclusion The thesis studied the first international standard for IT service management (ITSM) – ISO/IEC 20000. My assignment was to create a model of ISO/IEC 20000. The implication of this is that many of the processes in my model are not ”real” processes in the general sense. I would like to list some interesting problems I had working out the thesis. especially related to my ISO/IEC 20000 model: • IBM Rational Method Composer is a tool suitable for designing processes. because the standard itself does not define or contain many service management roles. lacks an exact order in which tasks should be performed and so on. I describe ”a process. It shows the structure and depicts important concepts and elements of the standard. . The importance of using dynamic processing platform instead of a collection of static method documentation for a succesful QA solution was emphasised. However. Based on this fact.

IBM Rational Team Concert). rather it should be conceived as a process framework. 33 . • The general problem with modelling anything is that a modeller has to determine and choose an appropriate level of abstraction. that needs a customization based on service provider’s conditions. C ONCLUSION not suitable for direct exportation to some process execution environment (e..g. I tried to use a such level that fits the initial purpose of the thesis – to create a model showing the structure and main concepts of the standard ISO/IEC 20000.5. on which the model represents the reality.

co. version 7. Implementing ISO/IEC 20000 Certification: The Roadmap.net/projects/jazz-foundation/. The Stationery Office.1. [3] Capability Maturity Model Integration (CMMI) website. ITIL V3 and ISO/IEC 20000. Dugmore and S.com/developerworks/edu/dw-r-methods-team-concert. http://jazz. [14] Microsoft operations framework website. http://www.org/wiki/COBIT. 24 December 2008.com/Knowledge-Centre/GuestWriter/ITIL/?DI=571307. 2008. [11] Official ITIL website. How to document your team’s processes for IBM Rational Team Concert using IBM Rational Method Composer. IBM Rational Method Composer Help. [5] J. 18 March 2009. [7] Van Haren. [13] Komentovany norem ISO 20000. Dugmore and A. Carnegie Mellon. http://en.best-managementpractice. Art of Service.com/gempdf/ITIL and ISO 20000 March08. [8] Peter Haumer.sei. [16] Office of Government Commerce. 2008.5. [15] Wikipedia article about Microsoft Operations Framework.wikipedia. Effective IT Service Management.itil.edu/cmmi/. [12] Jazz Team Server website. 34 .Bibliography [1] R. [10] IBM Corporation. 10 January 2010. 10 January 2010. IBM developerWorks. 2008. 2007. 2007.best-management-practice. Introduction to ITIL. Springer.uk/. studijn´ ı materi´ al k pˇ redmˇ etu FI:PA088 ´ vyklad ´ Syst´ emy integrovan´ eho managementu.microsoft. http://en.com/en-us/solutionaccelerators/dd320379. version 1.aspx. IBM Rational Team Concert Help. implement and enforce ITIL V3’s best practices. 10 January 2010.org/wiki/Microsoft Operations Framework. 25 July 2009.cmu. Holt.pdf. http://technet. Taylor.wikipedia. http://www.0. Software Engineering Institute. [9] IBM Corporation. 10 January 2010.0. Van Haren Publishing. [4] Wikipedia article about COBIT. 2008. 2008. http://www. [6] J. [2] How to develop. ISO/IEC 20000 and ITIL – The Difference Explained. 12 November 2008. Addy. http://www. http://www.ibm.html.

18 September 2009. http://en. Ministerstvo vnitra CR. Management sluˇ zeb – C´ ˇ ˇ [24] Cesk y cn´ ı institut.net/projects/rational-team-concert/. Office of Government Commerce.ogc.wikipedia. 10 January 2010.aspx. 15 December 2009. 2006. implementace-informacniho-systemu. [22] Zad´ avac´ ı dokumentace veˇ rejn´ e zak´ azky 114071-9038 – Informaˇ cn´ ı syst´ em veˇ rejnych ´ ˚ registru. http://searchdatacenter. http://www. Informaˇ cn´ ı technologie – ´ normalizaˇ ˇ ast 2: Soubor postupu. http://www. 10 January 2010. UK. CSN ISO/IEC 20000-2. CSN ISO/IEC 20000-1.techtarget. ˇ ˇ [23] Cesk y cn´ ı institut.org/wiki/PRINCE. [21] George Spafford.asp. [19] Wikipedia article about PRINCE.wikipedia.html. 13 July 2009.289483.B IBLIOGRAPHY [17] Wikipedia article about PDCA methodology. ˚ Management sluˇ zeb – C´ 35 . Making the case for ITSM in a down economy.mvcr.00.cz/soubor/informacni-system-zakladnich-registruˇ 31 August 2009.uk/methods prince 2 overview.org/wiki/PDCA. [20] Rational Team Concert website. Informaˇ cn´ ı technologie – ´ normalizaˇ ˇ ast 1: Specifikace. 2007. [18] Official PRINCE2 website.gov. http://jazz.com/tip/0. http://en.sid80 gci1360887.

Note: The files can be also obtained at: http://is. incident management example html.cz/th/140448/fi m 36 . dp src.zip – An example of the model usage discussed in the chapter 4 published as HTML. iso20000-1 html. iso20000 html.pdf – A PDF version of this report.zip – A method library for IBM Rational Method Composer containing the ISO/IEC 20000 process model (including example from the chapter 4).Appendix A – Contents of the attached CD The following files are included on the CD attached to the paper version of this thesis: • • • • • • RMC sources.zip – The entire model based on ISO/IEC 20000 published as HTML. dp.muni.zip – LaTeX sources (including images) used for publishing the thesis.zip – The first part of the model based on ISO/IEC 20000-1 published as HTML.

Appendix B – Work Breakdown Structures of the ISO/IEC 20000 process model 37 .