HYPERLINK \L “_TOC242691789” 1 Introduction PAGEREF _TOC242691789 \H 9 HYPERLINK \L “_TOC242691790” 1.1 What is IT Service Management? PAGEREF _TOC242691790 \H 9 HYPERLINK \L “_TOC242691791” 1.2 The Four Perspectives (Attributes) of ITSM PAGEREF _TOC242691791 \H 11 HYPERLINK \L “_TOC242691792” 1.3 What is ISO/IEC 20000? PAGEREF _TOC242691792 \H 12 HYPERLINK \l “_Toc242691793” 1.3.1 History of ISO/IEC 20000 PAGEREF _Toc242691793 \h 13 HYPERLINK \l “_Toc242691794” 1.3.2 The Future of ISO/IEC 20000 PAGEREF _Toc242691794 \h 13 HYPERLINK \l “_Toc242691795” 1.3.3 The ISO/IEC 20000 Standard PAGEREF _Toc242691795 \h 14 HYPERLINK \l “_Toc242691796” 1.3.4 Auditing & Certification PAGEREF _Toc242691796 \h 14 HYPERLINK \l “_Toc242691797” 1.3.5 Benefits of ISO/IEC 20000 PAGEREF _Toc242691797 \h 17 HYPERLINK \L “_TOC242691798” 1.4 Associated Frameworks PAGEREF _TOC242691798 \H 19 HYPERLINK \l “_Toc242691799” 1.4.1 ITIL® PAGEREF _Toc242691799 \h 19 HYPERLINK \l “_Toc242691800” 1.4.2 CobiT PAGEREF _Toc242691800 \h 21 HYPERLINK \l “_Toc242691801” 1.4.3 MoF PAGEREF _Toc242691801 \h 21 HYPERLINK \l “_Toc242691802” 1.4.4 Six Sigma PAGEREF _Toc242691802 \h 21 HYPERLINK \l “_Toc242691803” 1.4.5 CMMi PAGEREF _Toc242691803 \h 22 HYPERLINK \L “_TOC242691804” 1.5 Other ISO Standards PAGEREF _TOC242691804 \H 22 HYPERLINK \l “_Toc242691805” 1.5.1 ISO 9000 PAGEREF _Toc242691805 \h 22 HYPERLINK \l “_Toc242691806” 1.5.2 ISO 15504 PAGEREF _Toc242691806 \h 23 HYPERLINK \l “_Toc242691807” 1.5.3 ISO 27001 PAGEREF _Toc242691807 \h 23 HYPERLINK \l “_Toc242691808” 1.5.4 ISO 17799 PAGEREF _Toc242691808 \h 23 HYPERLINK \L “_TOC242691809” 1.6 Roles & Responsibilities within ISO/IEC 20000 PAGEREF _TOC242691809 \H 24 HYPERLINK \L “_TOC242691810” 1.7 Business and IT Alignment PAGEREF _TOC242691810 \H 26 HYPERLINK \L “_TOC242691811” 1.8 ISO/IEC 20000 Processes PAGEREF _TOC242691811 \H 28 HYPERLINK \L “_TOC242691812” 1.9 Introduction Review Questions PAGEREF _TOC242691812 \H 30 HYPERLINK \L “_TOC242691813” 2 Scoping PAGEREF _TOC242691813 \H 32 HYPERLINK \L “_TOC242691814” 3 Common Terminology PAGEREF _TOC242691814 \H 35 — HYPERLINK \l “_Toc242691884” 9.1.2 Interfaces with Other Processes PAGEREF _Toc242691884 \h 139 HYPERLINK \l “_Toc242691885” 9.1.3 Release Management Review Questions PAGEREF _Toc242691885 \h 141 HYPERLINK \L “_TOC242691886” 10 Management of ISO/IEC 20000 PAGEREF _TOC242691886 \H 143 HYPERLINK \l “_Toc242691887” 10.1.1 Management responsibility PAGEREF _Toc242691887 \h 143 HYPERLINK \l “_Toc242691888” 10.1.2 Documentation Requirements PAGEREF _Toc242691888 \h 145 HYPERLINK \l “_Toc242691889” 10.1.3 Competence, Awareness & Training PAGEREF _Toc242691889 \h 145 HYPERLINK \l “_Toc242691890” 10.1.4 ISO/IEC 20000 Management Review Questions PAGEREF _Toc242691890 \h 147 HYPERLINK \L “_TOC242691891” 11 Answers to Review Questions PAGEREF _TOC242691891 \H 150 HYPERLINK \L “_TOC242691892” 12 Certification PAGEREF _TOC242691892 \H 153 HYPERLINK \L “_TOC242691893” 12.1 ISO/IEC 20000 Certification Pathways PAGEREF _TOC242691893 \H 153 HYPERLINK \L “_TOC242691894” 12.2 ITIL® Certification Pathways PAGEREF _TOC242691894 \H 154 HYPERLINK \L “_TOC242691895” 13 ISO/IEC 20000 Foundation Exam Tips PAGEREF _TOC242691895 \H 155 HYPERLINK \L “_TOC242691896” 14 References PAGEREF _TOC242691896 \H 157 HYPERLINK \L “_TOC242691897” 15 Index PAGEREF _TOC242691897 \H 159 Introduction What is IT Service Management? IT Service Management is the management of all processes that co-operate to ensure the quality of live services, according to the levels of service agreed with the customer.
It addresses the initiation, design, organization, control, provision, support and improvement of IT services, tailored to the needs of the customer organization. The term IT Service Management (ITSM) is used in many ways by different management frameworks and organizations seeking governance and increased maturity of their IT organization.
Standard elements for most definitions of ITSM include: Description of the processes required to deliver and support IT Services for customers The purpose primarily being to deliver and support the products or technology needed by the business to meet key organizational objectives or goals Definition of roles and responsibilities for the people involved including IT staff, customers and other stakeholders involved The management of external suppliers (partners) involved in the delivery and support of the technology and products being delivered and supported by IT. — In 2002, a second part of the standard was added, called BS15000 – 2.
A formal certification scheme was also introduced. In 2005, ISO/IEC 20000 was first published, based almost entirely on BS15000.
This standard comprises two documents, ISO/IEC 20000 – 1 and ISO/IEC 20000 – 2. In 2007, ISO/IEC 20000 was accepted in Australia as ISO/IEC 20000: 2007.
The two versions of the ISO/IEC 20000 standard are available concurrently. The Future of ISO/IEC 20000 This is a relatively new standard; however it is widely expected to have a significant impact on the future of IT service management.
This is due to the following reasons: ISO/IEC 20000 supports established methods EG
ITIL®, CobiT and Six Sigma. IT Service Management certification is increasingly in demand. The standard itself undergoes review to ensure it meets current expectations. ISO/IEC 20000 is an internationally recognized scheme and will inevitably act as a driver for organizations to differentiate themselves in the market. The ISO/IEC 20000 Standard In terms of IT Service Management, there is an ever-increasing demand to improve services through the use of emerging technologies.
Standards provide a common and consistent platform for organizations to work from. There are two components to the ISO/IEC 20000 Standard. Part 1 = SHALL In order to achieve certification, ALL specifications from this part of the standard must be complied with.
The ‘shalls’ have been outlined in this book for each of the service management processes. Part 2 = SHOULD This part of the standard is based on ‘best practice’.
When you are audited, it is recommended that your IT Service Management processes are performed in this way.
However, certification can be achieved without demonstrating all practices from Part 2 of the standard.
References to the standard will be made throughout this book for further information on ISO/IEC 20000 requirements and best practices. — It will provide enablers to visibly support the business strategy, with opportunities to improve the efficiency of services in all areas, impacting on costs and service An operational benefit is to clearly demonstrate service reliability and consistency, which in any environment is critical to business survival and potential growth Certification audits are continual and should be treated as a mechanism for educating and raising awareness of employees Certification can also reduce the amount of supplier audits thereby reducing costs Finally, the use of qualified and independent auditors can be used as a benchmark. Please refer to module 3 in the online learning program for further information on the quality components of service management. Associated Frameworks There are several sources of practical guidance to ITSM.
Among them are standards like ISO/IEC 20000 and maturity models such as CMMi, but there are many other useful standards, best practices and frameworks available, such as ITIL® and governance frameworks such as CobiT®. ITIL® ITIL® stands for the Information Technology Infrastructure Library.
The core publications of the ITIL® Version 3 framework consist of Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement.
Each provides the guidance necessary for an integrated approach, and addresses capabilities having direct impact on a service provider’s performance.
The structure of the core is in the form of a lifecycle.
It is both iterative and multidimensional.
It ensures organizations are set up to leverage capabilities in one area for learning and improvements in others.
The core is expected to provide structure, stability and strength to service management capabilities with durable principles, methods and tools.
This serves to protect investments and provide the necessary basis for measurement, learning and improvement. As The Art of Service is an ITIL® education and certification provider, some of the concepts in this book will be based on the ITIL® framework, however it is important to note that, while the framework provides useful guidance toward certification, ITIL® it is not a requirement of the ISO/IEC 20000 standard. There is often confusion about the differences between ITIL® and ISO/IEC 20000.
Below is a brief summary of some of these differences: ITIL® ISO/IEC 20000 Method / Practice Standard Descriptive Processes Prescriptive (Part 1) It’s about processes and activities It’s about management control Doesn’t say how to manage the processes Separate section about Management system requirements Service Lifecycle focus Process control focus CobiT The CobiT framework provides a uniform structure to understand, implement and evaluate IT capabilities, performance and risks, with the primary goal of satisfying business requirements.
The current version of CobiT, edition 4.1, includes 34 High Level Control Objectives, 13 of which are grouped under the ‘deliver and support domain’, which maps closely to ITIL®’s Service Operation phase.
CobiT is primarily aimed at auditors; so it has an emphasis on what should be audited and how, rather than including detailed guidance for those who are operating the processes that will be audited; but it has a lot of valid material which organizations may find useful.
CobiT and ITIL® are not competitive, nor are they mutually exclusive, but can be used in conjunction as part of an organization’s overall managerial and governance framework. MoF MoF is incorporated within the Microsoft Enterprise Service Model that enables an organization to meet changing business demands and rapid technological change.
Microsoft Enterprise Services provide innovative solutions built on proven practices for people, processes and technology for each stage of the IT lifecycle including planning, preparing, building and operating.
MoF’s prescriptive guidance in operating Microsoft technologies compliments ITIL®’s descriptive guidance and each are based on industry best practice.
MoF draws extensive IT experience from Microsoft, partners and customers. Six Sigma From a process perspective, the statistical representation of Six Sigma describes, in quantitative form, how a process is performing.
It is a statistical measure of variation and a methodology for improving key processes.
Six Sigma works on the foundation that everything we do can be considered as a process, or part of a process, and that every process can be characterized by average performance and variation.
Processes are performing optimally when the result of the process is at the expected value. CMMi CMMi describes the organizational maturity level, on a scale from Level 1 to Level 5.
As ISO/IEC 20000 emphasizes the definition, description and design of processes, developing and implementing a quality system which complies with their requirements, using a maturity model can enable the organization to reach and maintain the system to a pre-defined level of maturity. Other ISO Standards ISO/IEC 20000 demonstrates a relationship with a number of ISO industry standards.
These include: ISO 9000 — People, Products, Process, Purpose True or False. The standard is comprised of three components. T F Which of the following statements is true? In order to achieve ISO/IEC 20000 certification, ITIL® practices must be implemented in the organization. CMMi is a statistical measure of variation and a methodology for improving key processes. ISO 17799 is related to information security measures. There are four phases in the ITIL® framework. Once certification is achieved, how long is it before an organization must be re-certified? 1 Year 2 Years 3 Years 4 Years Scoping The scope of the certified service must be described in a scope statement.
A service provider can receive certification for a) part or all services that it delivers or b) a specific country or customer.
The scope statement validates the certification for a specific situation.
The typical structure of a scoping statement is: — Below is a press release based on the attainment of ISO/IEC 20000 for the company, Lockwood & Wilcox.
While the article refers to many different components of the business and ISO/IEC 20000 certification, the scoping statement is short and specific. Lockwood & Wilcox Attains ISO/IEC 20000 and 27001 Certifications for Managed Services and Data Centers Company Also Renews ISO 14001 Certification, a Key Milestone in Securing a Leadership Position in the Managed Hosting and Storage and Hosted Messaging Services Provider Space Lockwood & Wilcox, a leading provider of the new world of communications, announced today that it has successfully attained the International Organization for Standardization (ISO) 20000-1:2005 and 27001:2005 certifications for its Global Managed Services Operations in the areas of Managed Hosting, Managed Storage Services and Hosted Messaging Services. The company’s data centers in India have attained the ISO 27001 and renewed the ISO 14001 certifications.
These certifications represent another milestone in Lockwood & Wilcox’ path to securing a leadership position in the hosting and managed services space. ISO is the entity responsible for developing and publishing standards across a variety of business, government and societal subjects.
The ISO 20000 and 27001 certifications validate that basic operational best practices are followed in the areas of customer service and security, respectively.
ISO certifications serve as a trusted and authoritative element of the standards-based foundation from which Lockwood & Wilcox delivers managed services. “The managed services offered by Lockwood & Wilcox are characterized by complexity and high levels of information security,” said L.
Klippan, Vice President, Global Managed Services, Lockwood & Wilcox. “ISO certifications will help us to significantly scale up our Global Command Center operations and will lead to a consistent and improved customer experience, positioning our company as a true global player in the managed services domain.” Lockwood & Wilcox owns and operates data centers located across three continents, all centrally managed by the Managed Services Operations Center in India.
The ISO certification can externally substantiate the fact that all operational processes at the Lockwood & Wilcox MSOC are built for compliance with the IT Infrastructure Library (ITIL), the prescribed manual for managing IT infrastructure, development, and operations. “Lockwood & Wilcox continues to pursue a leadership position among global managed hosting and storage service providers,” said the Vice President, Data Center and Application Services, Lockwood & Wilcox. “Our continued data center expansion in the US, UK, Asia and India, in addition to our portfolio expansion in the areas of virtualization, IBM AIX support, application management and server clustering are some of the key milestones planned to achieve this leadership.
Attaining industry-leading certifications and participating in compliance reviews such as ISO and SAS-70 for our worldwide data centers is an integral part of our overall global strategy.” Lockwood & Wilcox offers a full suite of managed IT infrastructure services ranging from collocation to managed hosting and managed storage services, all of which are administered from highly secure locations within its global Tier-1 IP backbone, with a footprint spanning over 100 countries.
Lockwood & Wilcox’ corporate vision is to help businesses grow through IP enablement solutions.
The fulfillment of this goal is a strategic road paved with the pursuit to confront and excel at the most contemporary, elite and rigorous technology and industry benchmarks. Common Terminology Critical to our ability to participate with and apply the concepts from the ISO/IEC 20000 Standard is the need to be able to speak a common language with other IT staff, customers, end-users and other involved stakeholders.
This next section documents the important common terminology that is used throughout the Standard. Term Definition — Collect and analyze data to baseline and benchmark the service provider’s capability to manage and deliver service and service management processes Identify, plan and implement improvements Consult with all parties involved Set targets for improvements in quality, costs and resource utilization Consider relevant inputs about improvements from all the service management processes Measure, report and communicate the service improvements Revise the service management policies, processes, procedures and plans where necessary Ensure that all approved actions are delivered and that they achieve their intended objectives. An example may be that the ITIL® phase of Continual Service Improvement identifies, via measurement and metrics, that a change is needed to the Incident Management process.
Details will be compiled in a Request for Change (RFC) and coordinated and authorized through Change Management.
Release and Deployment Management will test and prepare the release for the live environment and provide advice, guidance and support to the Service Operation phase, as they will deal directly with the customer.
The evaluation process will assess the success of the change and report back to Change Management who will, in turn, via Key Performance Indicators and other metrics, report back to Continual Service Improvement.
CSI will then assess that the approved actions were delivered and achieved the intended objective. Further information on the objectives and the requirements of planning and implementing service management can be found in Chapter 4, Part 1 of the ISO/IEC 20000 standard. Planning & Implementing New or Changed Services Within any business or organization that is in operation, the need for new or changed services will always exist.
Any new services, changes to the service catalog or closure of services have to be handled by the change management process and this interface must be documented. According to the standard, the objective of planning and implementing new or changed services is to ensure that new services and changes to services will be deliverable and manageable at the agreed cost and service quality. The diagram above demonstrates the process flow from the plan for a new or changed service, through approval via change management to a formal proposal. Proposals for new or changed services must consider: Cost Organizational impact Technical impact Commercial impact. All plans for implementation are to consider adequate funding and resources to make the changes needed for service delivery and management.
For example, the Change Management process of ITIL® considers the business, technology and financial criteria before approving or rejecting a change. The service provider must accept any new or changed service before implementation into the live environment occurs and is to report on the outcomes achieved.
A post implementation review comparing actual outcomes against those planned is to be performed through the change management process. Information about what must be included in the plans for implementing new or changed services can be found in Chapter 5, Part 1 of the ISO/IEC 20000 Standard. Please refer to module 8 in the online learning program for further information on planning and implementation. Planning and Implementation Review Questions The PDCA cycle stands for: Plan, Discover, Check, Act Prepare, Do, Check, Act Plan, Do, Check, Act Plan, Do, Check, Analyze. — Target audience Purpose Details of data source All of the above Service Continuity & Availability Management OBJECTIVE: To ensure that agreed service continuity and availability commitments to customers can be met in all circumstances. Service continuity and availability management processes contain activities to ensure that systems are made available and will stay that way.
According to ITIL, Service Continuity and Availability management are two different, but closely related processes while in ISO/IEC 20000, a combined availability and service continuity management system exists. Availability Management deals with the day-to-day availability of services whereas Service Continuity Management takes over when a ‘disaster’ situation occurs and the continuity plan is invoked.
For the purpose of ISO/IEC 20000, they are combined as the planning and testing of both service continuity and availability management can be performed as one set of activities.
It is important to note, however, that the monitoring and management of activities within each process are to be executed separately. Activities – Service Continuity Management IT Service Continuity Management (ITSCM) supports the overall Business Continuity Management (BCM) by ensuring that the required IT infrastructure and the IT service provision can be recovered within required and agreed business time scales.
For this reason, ITSCM is often referred to as ‘Disaster Recovery’ planning. The diagram above shows the four stages of ITSCM, incorporating each of the activities that take place to ensure that IT organizations are as prepared and organized as possible in the event of a disaster situation. Two of the major data sources for ITSCM are developed within Stage 2, including Business Impact Analysis and Risk Assessment. — Management of ISO/IEC 20000 The objective of ISO/IEC 20000 management is to provide a management system, including policies and a framework to enable the effective management and implementation of all IT services. An organization will need to develop and manage the roles and duty statements of all staff involved in providing IT service management. Examples may be Position Statements or Performance Agreements where the role and expected work performance have been agreed and documented.
In conjunction with this, individual learning plans should be developed.
Regular reviews meetings should be conducted and the Position Statements and individual learning plans reviewed and updated as required. Process roles such as the Problem Manager and Change Manager can apply here, however these are ITIL® terms and are not referenced in the standard. There are three components of management in the implementation of ISO/IEC 20000: Management responsibility, documentation requirements and competence, awareness and training. Management responsibility Through leadership and action, top/executive management is to provide evidence of its commitment to developing, implementing and improving its Service Management capability within the context of the organization’s business and customer’s requirements. The concept of management commitment is essentially intangible and compliance to the management responsibility requirement can be shown only through documented leadership and actions for the development, implementation and improvement of its Service Management capability. Documentation to demonstrate that commitment may include: Appointment records Written Service Management policies, objectives and plans Implementation results Communication records and meeting minutes Records of resource determination. — Performance Statements and Underpinning Contracts. True or False The objective of ISO/IEC 20000 management is to provide a management system, including policies and a framework to enable the effective management and implementation of all IT services. T F Which of the following is CORRECT? Definition of ITIL® roles such as Problem Manager and Change Manager are requirements in the standard There are four components of management within the standard Compliance with management responsibility can only be shown through documented leadership and actions None of the above. What are the three quality management principles of Competence, Awareness and Training? Leadership, Involvement of People and Review Schedules Involvement of People, Leadership and Continual Improvement Continual Improvement, Review Schedules and Leadership Review Schedules, Involvement of People and Continual Improvement. Which of the following are examples of documentation to demonstrate commitment? Appointment records Implementation results — ANSWERS 1c, 2T, 3c, 4b, 5d Certification ISO/IEC 20000 Certification Pathways ISO/IEC 20000 Standard is considered a requirement for IT Service providers and is fast becoming the most recognized symbol of quality in IT Service Management processes.
ISO/IEC 20000 programs aim to assist IT professionals master and understand the standard itself and issues relating to earning compliance. For more information on certification and available programs please visit our website http://www.artofservice.com.au ITIL® Certification Pathways There are many pathway options that are available to you within the ITIL® Certification scheme.
Below illustrates the possible pathways that are available to you.
Currently it is intended that the highest certification is the ITIL® V3 Expert, considered to be equal to that of Diploma Status. For more information on certification and available programs please visit our website http://www.artofservice.com.au ISO/IEC 20000 Foundation Exam Tips Exam Details 40 questions The correct answer is only one of the four 60 minutes duration 26 out of 40 is a pass (65%) Closed book No notes. — References BSI (2005).
Information Technology – Service Management: Part1 Specification. BSI (2005).
Information Technology – Service Management: Part 2 Code of Practice. ITSMF International (2006).
Metrics for IT Service Management, Zaltbommel, Van Haren Publishing ITSMF International (2008).
ISO/IEC 20000: An Introduction.
Zaltbommel, Van Haren Publishing. CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service (2007) ITIL® Factsheets, Brisbane, The Art of Service CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service (2008) CMDB and Configuration Management Creation and Maintenance Guide, Brisbane, CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service The Art of Service (2008).
Introduction to ISO/IEC 20000.
United Kingdom, Emereo Pty Ltd. The Art of Service (2008).
ISO/IEC 20000 Foundation Classroom Program Materials.
Brisbane, The Art of Service. CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service (2008) IT Governance, Metrics and Measurements and Benchmarking Workbook, Brisbane, CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service The Art of Service (2008).
ITIL® V3 Foundation Complete Certification Kit.
United Kingdom, Emereo Pty Ltd. CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service (2008) Risk Management Guide, Brisbane, CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service To find out more about The Art of Service and our range of products, visit: HYPERLINK “http://www.artofservice.com.au” www.artofservice.com.au HYPERLINK “http://www.theartofservice.com” www.theartofservice.com HYPERLINK “http://www.theartofservice.org” www.theartofservice.org Index A accredited certification bodies 15, 36-7 adherence 14-15 agreements 10, 38-9, 103 — identification 10, 44, 123, 128-9 implementation 48, 50, 100, 130, 132, 134, 137, 143-4, 147-8, 150 Incident Management 7, 91, 108, 111-12, 114-15, 119, 121, 135, 142, 151 incidents 7, 38, 62, 87, 89, 92, 107-9, 111, 113-17, 119-20, 129, 136 information security 23, 33, 85, 87, 89, 99, 114, 129 Information Security Management 7, 85, 87, 89-91, 151 infrastructure 10, 34, 37, 39, 64, 79-80, 87, 106, 122, 125, 129, 142 Interfaces 7-8, 42, 55, 60, 68, 74, 81, 88, 96, 102, 111, 118, 126, 133, 139 ISO 6, 22-3, 30, 33-4, 87 IT Service Management (ITSM) 1, 6, 9-15, 19, 27, 30, 57, 143, 153, 157 ITIL (IT Infrastructure Library) 6, 8, 13, 19-21, 30, 34, 46, 48, 64, 143, 147, 154, 157 L leadership 34, 143, 145, 148 live environment 39, 46, 48, 106, 136-7, 142 M maintenance 44, 86, 89, 145 meetings 36, 73, 82, 97-8 metrics 46, 59, 157 monitoring 41, 44, 51, 59, 64, 67, 70, 80, 109 O
Read more about 1 ITIL® PAGEREF _Toc242691799 \h 19 HYPERLINK \l “_Toc242691800” 1: