What i s ISO/IEC 2 0 0 0 0 ?

An Introduction to the International

Service Management Standard

1
 Contents
W H AT I S ISO/IEC 2 0 0 0 0 ?

2
 Contents
• Background Information
• The Service Management System
• The Service Quality Principles
• A Pragmatic Norm
• ISO/IEC 2 0 0 0 0 Contributions
• Benefits of ISO/IEC 2 0 0 0 0
• The Certification Process
• ISO/IEC 2 0 0 0 0 Publications

International Standards Organization (ISO)

is the Owner of ISO/IEC 20000

3
Background Information
H I STO RY AND CONTEXT

4
 History – Before 2 0 0 5
• ISO/IEC 2 0 0 0 0 is the offspring of the British
Standard 15000 ( B S 15000), a standard of the
British Standard Institute which originated in the
1990s.

• The B S 15000 standard was introduced to

measure the level of implementation of
ITIL®’s best practices in an organization or
its adherence to the goals of the I T I L
processes.

I T I L is the acronym for

Information Technology Infrastructure Library. Both
I T I L and the Information Technology Infrastructure
Library are registered trademarks
that are owned by
AXELOS Ltd.

5
 History – In 2 0 0 5
The Joint Technical Committee
1 / Subcommittee 7 of the ISO and IEC organizations
released in 2 0 0 5 :
• Part 1: ISO/IEC 2 0 0 0 0 - 1 : 2 0 0 5
– Specification
– The normative part of the standard
– The requirements to meet
• Part 2: ISO/IEC 2 0 0 0 0 - 2 : 2 0 0 5
– Code of Practice
– The informative part of the standard
– The recommendations to meet the requirements

6
 History – In 2011 and 2012
In 2011, a new version of the normative standard
ISO/IEC 20000-1 was released:
• ISO/IEC 20000-1:2011
– Service Management System Requirements
– A list of 256 requirements a service provider
“shall” adhere to when seeking certification

In 2012, a new version of the informative

standard ISO/IEC 2 0 0 0 0 - 2 was released:
• ISO/IEC 20000-2:2012
– Guidance on the Application of the Service
Management System
– A list of more than 8 0 0 recommendations a service
provider “should” take into consideration when desiring
to meet the 256 requirements

7
 History – Since 2 0 0 5
Since the introduction of the standard the Subcommittee
has released several additional informative parts of the
ISO/IEC 2 0 0 0 0 standard
• ISO/IEC T R 2 0 0 0 0 - 3
– Guidance on the Scope Definition and Applicability of ISO/IEC
20000-1
• ISO/IEC T R 2 0 0 0 0 - 4
– Process Reference Model
• ISO/IEC T R 2 0 0 0 0 - 5
– Exemplar Implementation Plan
• ISO/IEC T R 2 0 0 0 0 - 9
– Application of ISO/IEC 20000-1 to Cloud Services
• ISO/IEC T R 20000-10
– Concepts and Terminology T R stands for Technical Report

8
 Context – ISO/IEC 20000…
• … is a worldwide standard that
describes the implementation of an
integrated process approach for the
delivery of I T services.
• … consists of a set of minimum
requirements to audit an
organization against effective I T
Service Management.
• … promotes the adoption of an
integrated process approach to
effectively deliver managed services
to meet the business and customer
requirements.
• … promotes the coordinated
integration and implementation of the
service management processes to
provide the ongoing control, greater
efficiency and opportunities for
continual improvement.
9
ISO/IEC 2 0 0 0 0 Structure
4. Service Management System (SMS)
Management responsibility Establish the SMS
Plan the SMS (Plan)
Governance of processes operated by other parties
Implement and operate the SMS (Do)
Documentation management Monitor and review the SMS (Check)
Resource management Maintain and improve the SMS (Act)

6. Service Delivery Processes

Capacity management Service level management Information security
management
Service reporting
Service continuity & Budgeting &
availability management Accounting for services
9. Control Processes
Configuration management
Change management
Release and deployment
management
8. Resolution Processes 7. Relationship Processes
Incident and service request Business relationship
management management
Problem management Supplier
management

10
 The SMS
SERVICE MANAGEMENT
SYSTEM

11
 The SMS
• The Service Management System
(SMS) is what will be audited for
certification.
• The SMS is the framework of
processes, tools and resources (human
resources, technology resources, information
resources, and financial resources) coordinately
used to plan, execute, document and
continually improve service management
tasks in a goal-oriented, customer-
oriented and quality-oriented way.

12
 The SMS Components
Important components of the SMS are:
• Management Responsibility
• Governance of Processes Operated by Other Parties
• Documentation Management
• Resource Management
• A structured approach to establish and improve the SMS,
following the Deming Cycle
• A set of 14 Strategic, Tactical and Operational processes

13
 The SMS Deming Cycle
ISO/IEC 2 0 0 0 0 provides the requirements of
the steps involved to es tablis h and maintain the S MS .
T hes e
steps follow the Quality Circle of Deming: Plan-Do-
Check-Act:
• Plan the SMS (Plan)
• Implement and Operate the SMS (Do)
• Monitor and Review the SMS (Check)
• Maintain and Improve the SMS (Act)

14
 SMS Triggers
Answers to questions that trigger the SMS
to start functioning are:
1. What are the customer and business requirements, needs and
expectations? Management responsibility
4. Service Management System (SMS)
Establish the SMS
Plan the SMS (Plan)

2. What are the statutory and legal requirements the service provider
Governance of processes operated by other parties
Implement and operate the SMS (Do)
Documentation management Monitor and review the SMS (Check)
Resource management Maintain and improve the SMS (Act)

5. Design and Transition of new or changed services

needs to take into account? Capacity management

6. Service Delivery Processes
Service level management Information security
management
Service reporting

3. Are there requirements of other standards the service provider needs to

Service continuity & Budgeting & Accounting
availability management for services
9. Control Processes
Configuration management

abide by?
Change management
Release and deployment
management
8. Resolution Processes 7. Relationship Processes
Incident and service request Business relationship

4. Does the service provider have contractual obligations to adhere to?

management management
Problem management Supplier management

5. What are the service requirements, as a result of these

requirements and obligations as listed above?
6. What is the portfolio of services that is needed to meet these service
requirements?
7. What is the service management policy and what is the service management
plan, i.e. the service strategy, to meet these service requirements?

15
 A Working SMS
The execution of the service management Service Delivery Processes:
1. Service Level Management
2. Service Reporting
plan will be performed by the 14 ISO/IEC 3. Service Continuity and
Availability Management
2 0 0 0 0 processes. 4. Budgeting and Accounting for
Services
• Strategic Processes 5.
6.
Capacity Management
Information Security
Management
– Relationship Processes
Relationship Processes:
• Tactical Processes 7. Business Relationship
Management
8. Supplier Management
– Design and Transition of New or Resolution Processes:
Changed Services (process #14) 9. Incident and Service Request
Management
– Service Delivery Processes 10. Problem Management
Control Processes:
• Operational Processes 11. Configuration Management
12. Change Management
13. Release and Deployment
– Control Processes Management

– Resolution Processes
16
 The Purpose of the SMS
Ultimately, the SMS serves one major
purpose:
• Turning customers with needs,
expectations and requirements into
satisfied customers.
This is why the standard focuses on
effectiveness. Overtime, the focus can
shift towards efficiency by means of
continuous improvements.

17
Service Quality Principles
PERMANENCY OF SERVICE
Q UA L I T Y

18
 ISO/IEC 2 0 0 0 0 is Framework-neutral
ISO/IEC 20000 is based on many ISO/IEC 20000 relates to many other
frameworks, such as ITIL and ISO standards such as ISO 9001,
COBIT. This does not imply ISO/IEC 27001 and ISO 31000.
that an organization is ISO/IEC 20000-1 This does not imply that an
required to adopt the organization has to
best practices of meet
these frameworks the requirements of these
In order to meet related standards.
ISO/IEC 2 0 0 0 0 - 2
the standard’s These standards
requirements. merely serve as
additional
guidance.
Service Management Frameworks
(e.g. ITIL, COBIT, Six Sigma, PMBOK, PRINCE2, CMMI)
&
Quality Management and Other Supporting Standards
(e.g. ISO 9 0 0 0 and ISO 31000, ISO/IEC 27001, ISO/IEC 38500,
ISO22301, ISO 21500, ISO/IEC 15504)

19
 Service Quality Principles
• ISO/IEC 2 0 0 0 0 incorporates all of
the eight quality management
principles of ISO 9001
• Every ISO/IEC 20000-1
requirement supports one or more of
these quality principles.
• What does this mean? Implementing
the requirements of the standard will
bring a cultural and organizational
change.

20
 Importance of Principles
• Principles are Guidelines for Human
Conduct that are proven to have
Enduring Permanent Value
• Principles are deep, fundamental truths
• Principles are unarguable because
they are self-evident
• Principles have a universal
application

21
 A Pragmatic Norm
COMMON S E N S E PREVAILS

22
 Pragmatic Requirements
• Representatives of more than 20
countries, working together in the
Joint Technical Committee 1
/ Subcommittee 7 of the ISO/IEC
organizations, have contributed to the
2011 version of the standard through a
transparent and democratic voting
process
• Years of combined practical
experience has resulted in a
collection of logical, pragmatic and
clear requirements
23
 Pragmatic Norms For…
• Leadership
• Business Relationship Managers
• Supplier/Vendor Management
Managers
• Project Managers
• Business Analysts
• Human Resource Managers For
• Service Owners Any
Service
• Process Owners
Provider,
• Asset Owners Not just I T
• Talent Managers Organizations
• And more…

24
ISO/IEC 2 0 0 0 0 Contributi ons
W H E N TO CONSIDER

25
 When to Consider? (1 of 4)
• When comparing I T service providers.
ISO/IEC 2 0 0 0 0 provides uniform and
common language as well as a norm for
benchmarking
• When selecting an I T service provider. An
I T organization can express added value
when offering its services and distinguish
itself from its competition
• When an I T department/organization is
looking for ways to better understand the
needs of the customer. ISO/IEC
2 0 0 0 0 can be a norm to improve I T
governance

26
 When to Consider? (2 of 4)
• When needing guidance to determine which
best practices to focus on first when adopting
industry best practices to improve the
effectiveness and efficiency of the I T
department/organization
• When seeking increased transparency of I T
service provision costs, risks, I T budgets
and costs
• When looking for ways to implement
changes faster and more effective and when
seeking for a norm to improve efficiency and
effectiveness

27
 When to Consider? (3 of 4)
• When attempting to better align the I T
department’s/organization’s services to a third
party’s services, creating a uniform chain of
services in particular from a process
perspective
• When looking for an effective method and
uniform guidelines to outsource or offshore
through a well-aligned process interfaces and
common and consistent nomenclature. A norm
which regulates outsourcing
• When seeking a norm for reliable and
available quality I T services

28
 When to Consider? (4 of 4)
• When looking for evidence that IT’s
processes are in compliance with
international financial and security
norms, rules and regulations
• When going for a broad range of quality
improvements within the I T
department/organization, as well as
boosting IT’s professional image
• When looking for an independent and non-
biased baseline to weigh service providers
against and use it as a norm

29
Benefi ts of ISO/IEC 2 0 0 0 0
W H AT TO EXPECT?

30
 What to Expect? (1 of 2)
• To qualify for new customers; more and more
companies and organizations consider ISO/IEC
2 0 0 0 0 certification an essential requirement
for conducting business with a new vendor
• To enter global markets; the ISO/IEC 2 0 0 0 0
standards are widely recognized
• To objectively measure the level of
compliance to industry best practices
• To have better information available for
numerous purposes
• To better streamline to various process
improvements that may go on simultaneously
in an I T department

31
 What to Expect? (2 of 2)
• To provide guidance with prioritizing the best
practices to be implemented in an I T department
• To give a company or organization a
competitive edge
• To show a drive for quality services
• To objectively assess and benchmark IT’s level
of maturity
• To increase customer focus and transparency
of value provided to the business
• To establish a mentality of continual
improvement in I T

32
The Certification Process S T E P S
TO WA R D S C E R T I F I C AT I O N

33
 7 Steps to become Certified
and uphold Certification
1. Apply for an Assessment
2. Conduct an optional pre-audit
3. Conduct the Initial Audit (Stage 1)
– Documentation Review
4. Conduct the Certification Audit (Stage 2)
– Onsite Inspection
– Interviews
– Records Review
5. Conduct Surveillance Audits every 12 months
– Spot Checks
6. Conduct the Re-certification Audit every 3 years
– Stage 1
– Stage 2

34