Professional Documents
Culture Documents
Presenters
Karl Andrews Oxford University Press IT Service Desk Manager ISO 20000 Process Owner Lynda Cooper ISO/IEC 20000-1:2011 project editor ITIL Master Independent consultant and trainer
Agenda
Introduction
Questions
Note ISO/IEC 20000 will be referred to as ISO20000
Introduction to OUP
Oxford University Press is a department of the University of Oxford established in 1633.
Our mission is to further the University's objective of excellence in research, scholarship, and education by publishing worldwide.
Globally we employee almost 6000 people, with offices in 50 countries making us the largest University Press in the world.
Definition of Standard
An authoritative or recognized exemplar of correctness, perfection, or some definite degree of any quality. A definite level of excellence, attainment, wealth, or the like, or a definite degree of any quality, viewed as a prescribed object of endeavour or as the measure of what is adequate for some purpose.
PDCA methodology
Internal group
Supplier management
Managed by SLM
Managed by SLM
Internal group
Change Policy
Yes
No
be permitted using Part 1 (ISO/IEC 20000 1:2005) for a 24 month period to allow organizations the time to adapt to meet the new requirements. After 01 June 2013, only audits and re certifications using the ISO/IEC 20000 1:2011 will be accepted.
Qualifications for foundation, practitioner and auditor are now only available for the 2011 edition.
Requirements
ISO/IEC TR 20000-7 Guidance on the application of ISO/IEC 20000-1 to the cloud ISO/IEC TR 20000-11 Guidance on the relationship between ISO/IEC 20000-1 and related frameworks
ISO/IEC 27013 Guidance on the integrated implementation of ISO/IEC 20000-1 and ISO/IEC 27001 ISO/IEC TR 90006 Guideline on the application of ISO 9001 to IT service management and its integration with ISO/IEC 20000-1
Key Normative requirements standard Guidelines standard Guidelines being developed Fixed line: Supports
Further information
BSI books A guide to ISO/IEC 20000: The differences between the 2005 and the 2011 edition A managers guide to service management Introduction to the ISO/IEC 20000 series ITSMF books Planning and achieving ISO/IEC 20000 certification pocket guide http://blog.apmginternational.com/author/lyndacooper/
2005 certified
2011 certified
Initiate update project Confirm scope Identify other parties Confirm governance Update documents Implement changes Provide evidence
Confirm 2011 audit with auditor Pre-certification audit Certification audit Assumption: 2005 edition requirements are met
OUP Scope
The IT Service Management system for application and infrastructure services supporting the activities of the Oxford University Press according to the Service Catalogue of OUP Group IT Services delivered from sites in Oxford and Kettering
3. Audits 1. Pre-certification audit (evidence based) 2. Final changes 3. Certification audit 2011 edition
Raise awareness of how changes will impact working together Investigate roles of suppliers and internal groups
Timeline
Surveillance audit in August for 2005 edition
Awareness Planning
2 April/Sept
Workshops Updating documents Implementing the changes Communication
1 - March
3 Oct/Nov
Configuration
Service reporting
Business relationship
Service provider
No impact But it took several meetings to understand what was meant and to determine if there were internal groups
Customer acting as a supplier
External supplier
Internal group
There are suppliers but they do not operate any of the processes
IT and business project groups do not operate any of the processes but interface with new/changed, change, release, config. mgt
None
Ensure legal requirements are clear data protection, PCI, licensing Create information security objectives Risk management extended to cover all services and more frequent assessments Controls present but need to be documented Controls for external parties exemplary!
Surveillance audit to 2005 edition in August do not implement new items until after this audit
Lessons learned
Allow lots of time to upgrade
Use the opportunity to make improvements and step changes for weaker areas
Project outcome
All simple, medium changes made and implemented
Questions
Lynda.cooper@service20000.com Karl.andrews@oup.com