ITIL1 ITIL® 268174296 \h 30 \l “268174297” 1

\l “268174286” 1.3.1 Defining Processes 268174286 \h 11 \L “268174287” The Four Perspectives (Attributes) of ITSM 268174287 \H 13 \L “268174288” 1.4 What is ISO/IEC 20000? 268174288 \H 15 \l “268174289” 1.4.1 History of ISO/IEC 20000 268174289 \h 16 \l “268174290” 1.4.2 The Future of ISO/IEC 20000 268174290 \h 16 \l “268174291” 1.4.3 The ISO/IEC 20000 Standard 268174291 \h 17 \L “268174292” 1.5 Common Terminology 268174292 \H 19 \l “268174293” 1.5.1 Auditing & Certification 268174293 \h 26 \l “268174294” 1.5.2 Benefits of ISO/IEC 20000 268174294 \h 29 \L “268174295” 1.6 Associated Frameworks 268174295 \H 30 \l “268174296” 1.6.1 ITIL® 268174296 \h 30 \l “268174297” 1.6.2 CobiT 268174297 \h 32 \l “268174298” 1.6.3 MoF 268174298 \h 33 \l “268174299” 1.6.4 Six Sigma 268174299 \h 33 \l “268174300” 1.6.5 CMMi 268174300 \h 33 \L “268174301” 1.7 Other ISO Standards 268174301 \H 34 \l “268174302” 1.7.1 ISO 9000 268174302 \h 34 \l “268174303” 1.7.2 ISO 15504 268174303 \h 34 \l “268174304” 1.7.3 ISO 27001 268174304 \h 35 \l “268174305” 1.7.4 ISO 17799 268174305 \h 35 \L “268174306” 2 Roles & Responsibilities within ISO/IEC 20000 268174306 \H 36 \L “268174307” 2.1 Business and IT Alignment 268174307 \H 38 \L “268174308” 2.2 ISO/IEC 20000 Processes 268174308 \H 40 \L “268174309” 3 Scoping 268174309 \H 42 \L “268174310” 3.1 Limits to Scope 268174310 \H 45 \L “268174311” 3.2 Changing Scope 268174311 \H 47 — \L “268174370” 9.1 Release Management 268174370 \H 131 \l “268174371” 9.1.1 Release Policy 268174371 \h 132 \l “268174372” 9.1.2 Interfaces with Other Processes 268174372 \h 133 \L “268174373” 10 Management of ISO/IEC 20000 268174373 \H 135 \l “268174374” 10.1.1 Management responsibility 268174374 \h 136 \l “268174375” 10.1.2 Documentation Requirements 268174375 \h 138 \l “268174376” 10.1.3 Competence, Awareness & Training 268174376 \h 138 \L “268174377” 11 ISO/IEC 20000 FAQs 268174377 \H 139 \L “268174378” 12 Certification 268174378 \H 155 \L “268174379” 12.1 ISO/IEC 20000 Certification Pathways 268174379 \H 155 \L “268174380” 12.2 ITIL® Certification Pathways 268174380 \H 156 \L “268174381” 13 Acronyms 268174381 \H 157 \L “268174382” 14 References 268174382 \H 162 \L “268174383” 15 Index 268174383 \H 164 Introduction What is IT Service Management? IT Service Management is the management of all processes that co-operate to ensure the quality of live services, according to the levels of service agreed with the customer.

It addresses the initiation, design, organization, control, provision, support and improvement of IT services, tailored to the needs of the customer organization. The term IT Service Management (ITSM) is used in many ways by different management frameworks and organizations seeking governance and increased maturity of their IT organization.

Standard elements for most definitions of ITSM include: Description of the processes required to deliver and support IT Services for customers The purpose primarily being to deliver and support the products or technology needed by the business to meet key organizational objectives or goals Definition of roles and responsibilities for the people involved including IT staff, customers and other stakeholders involved The management of external suppliers (partners) involved in the delivery and support of the technology and products being delivered and supported by IT. — In 2002, a second part of the standard was added, called BS15000 – 2.

A formal certification scheme was also introduced. In 2005, ISO/IEC 20000 was first published, based almost entirely on BS15000.

This standard comprises two documents, ISO/IEC 20000 – 1 and ISO/IEC 20000 – 2. In 2007, ISO/IEC 20000 was accepted in Australia as ISO/IEC 20000: 2007.

The two parts of the ISO/IEC 20000 standard were available concurrently. The Future of ISO/IEC 20000 This is a relatively new standard; however it is widely expected to have a significant impact on the future of IT service management.

This is due to the following reasons: ISO/IEC 20000 supports established methods EG ITIL®, CobiT and Six Sigma. IT Service Management certification is increasingly in demand. The standard itself undergoes review to ensure it meets current expectations. ISO/IEC 20000 is an internationally recognized scheme and will inevitably act as a driver for organizations to differentiate themselves in the market. The ISO/IEC 20000 Standard In terms of IT Service Management, there is an ever-increasing demand to improve services through the use of emerging technologies.

Standards provide a common and consistent platform for organizations to work from. There are three components to the ISO/IEC 20000 Standard. Part 1 = SHALL In order to achieve certification, ALL specifications from this part of the standard must be complied with.

The ‘shalls’ have been outlined in this book for each of the service management processes. Part 2 = SHOULD This part of the standard is based on ‘best practice’.

When you are audited, it is recommended that your IT Service Management processes are performed in this way.

However, certification can be achieved without demonstrating all practices from Part 2 of the standard.

References to the standard will be made throughout this book for further information on ISO/IEC 20000 requirements and best practices. — Suppliers will be managed more effectively Service providers will become more responsive, with services which are business-led rather than technology-driven Your IT service is more likely be chosen, or renewed over that of a competitor that does not demonstrate ISO/IEC 20000 certification, providing both a competitive edge and demonstrating a visible commitment to managing the provision of IT services It will provide enablers to visibly support the business strategy, with opportunities to improve the efficiency of services in all areas, impacting on costs and service An operational benefit is to clearly demonstrate service reliability and consistency, which in any environment is critical to business survival and potential growth Certification audits are continual and should be treated as a mechanism for educating and raising awareness of employees Certification can also reduce the amount of supplier audits thereby reducing costs Finally, the use of qualified and independent auditors can be used as a benchmark. Associated Frameworks There are several sources of practical guidance to ITSM.

Among them are standards like ISO/IEC 20000 and maturity models such as CMMi, but there are many other useful standards, best practices and frameworks available, such as ITIL® and governance frameworks such as CobiT®. ITIL® ITIL® stands for the Information Technology Infrastructure Library.

The core publications of the ITIL® Version 3 framework consist of Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement.

Each provides the guidance necessary for an integrated approach, and addresses capabilities having direct impact on a service provider’s performance.

The structure of the core is in the form of a lifecycle.

It is both iterative and multidimensional.

It ensures organizations are set up to leverage capabilities in one area for learning and improvements in others.

The core is expected to provide structure, stability and strength to service management capabilities with durable principles, methods and tools.

This serves to protect investments and provide the necessary basis for measurement, learning and improvement. As The Art of Service is an ITIL® education and certification provider, some of the concepts in this book will be based on the ITIL® framework, however it is important to note that, while the framework provides useful guidance toward certification, ITIL® it is not a requirement of the ISO/IEC 20000 standard. There is often confusion about the differences between ITIL® and ISO/IEC 20000. Below is a brief summary of some of these differences: ITIL® ISO/IEC 20000 Method / Practice Standard Descriptive Processes Prescriptive (Part 1) It’s about processes and activities It’s about management control Doesn’t say how to manage the processes Separate section about Management system requirements Service Lifecycle focus Process control focus CobiT The CobiT framework provides a uniform structure to understand, implement and evaluate IT capabilities, performance and risks, with the primary goal of satisfying business requirements.

The current version of CobiT, edition 4.1, includes 34 High Level Control Objectives, 13 of which are grouped under the ‘deliver and support domain’, which maps closely to ITIL®’s Service Operation phase.

CobiT is primarily aimed at auditors; so it has an emphasis on what should be audited and how, rather than including detailed guidance for those who are operating the processes that will be audited; but it has a lot of valid material which organizations may find useful.

CobiT and ITIL® are not competitive, nor are they mutually exclusive, but can be used in conjunction as part of an organization’s overall managerial and governance framework. MoF MoF is incorporated within the Microsoft Enterprise Service Model that enables an organization to meet changing business demands and rapid technological change.

Microsoft Enterprise Services provide innovative solutions built on proven practices for people, processes and technology for each stage of the IT lifecycle including planning, preparing, building and operating.

MoF’s prescriptive guidance in operating Microsoft technologies compliments ITIL®’s descriptive guidance and each are based on industry best practice.

MoF draws extensive IT experience from Microsoft, partners and customers. Six Sigma From a process perspective, the statistical representation of Six Sigma describes, in quantitative form, how a process is performing.

It is a statistical measure of variation and a methodology for improving key processes.

Six Sigma works on the foundation that everything we do can be considered as a process, or part of a process, and that every process can be characterized by average performance and variation.

Processes are performing optimally when the result of the process is at the expected value. CMMi CMMi describes the organizational maturity level, on a scale from Level 1 to Level 5.

As ISO/IEC 20000 emphasizes the definition, description and design of processes, developing and implementing a quality system which complies with their requirements, using a maturity model can enable the organization to reach and maintain the system to a pre-defined level of maturity. Other ISO Standards ISO/IEC 20000 demonstrates a relationship with a number of ISO industry standards.

These include: ISO 9000 — Below is a press release based on the attainment of ISO/IEC 20000 for the company, Lockwood & Wilcox.

While the article refers to many different components of the business and ISO/IEC 20000 certification, the scoping statement is short and specific. Lockwood & Wilcox Attains ISO/IEC 20000 and 27001 Certifications for Managed Services and Data Centers Company Also Renews ISO 14001 Certification, a Key Milestone in Securing a Leadership Position in the Managed Hosting and Storage and Hosted Messaging Services Provider Space Lockwood & Wilcox, a leading provider of the new world of communications, announced today that it has successfully attained the International Organization for Standardization (ISO) 20000-1:2005 and 27001:2005 certifications for its Global Managed Services Operations in the areas of Managed Hosting, Managed Storage Services and Hosted Messaging Services. The company’s data centers in India have attained the ISO 27001 and renewed the ISO 14001 certifications.

These certifications represent another milestone in Lockwood & Wilcox’ path to securing a leadership position in the hosting and managed services space. ISO is the entity responsible for developing and publishing standards across a variety of business, government and societal subjects.

The ISO 20000 and 27001 certifications validate that basic operational best practices are followed in the areas of customer service and security, respectively.

ISO certifications serve as a trusted and authoritative element of the standards-based foundation from which Lockwood & Wilcox delivers managed services. “The managed services offered by Lockwood & Wilcox are characterized by complexity and high levels of information security,” said L.

Klippan, Vice President, Global Managed Services, Lockwood & Wilcox. “ISO certifications will help us to significantly scale up our Global Command Center operations and will lead to a consistent and improved customer experience, positioning our company as a true global player in the managed services domain.” Lockwood & Wilcox owns and operates data centers located across three continents, all centrally managed by the Managed Services Operations Center in India.

The ISO certification can externally substantiate the fact that all operational processes at the Lockwood & Wilcox MSOC are built for compliance with the IT Infrastructure Library (ITIL), the prescribed manual for managing IT infrastructure, development, and operations. “Lockwood & Wilcox continues to pursue a leadership position among global managed hosting and storage service providers,” said the Vice President, Data Center and Application Services, Lockwood & Wilcox. “Our continued data center expansion in the US, UK, Asia and India, in addition to our portfolio expansion in the areas of virtualization, IBM AIX support, application management and server clustering are some of the key milestones planned to achieve this leadership.

Attaining industry-leading certifications and participating in compliance reviews such as ISO and SAS-70 for our worldwide data centers is an integral part of our overall global strategy.” Lockwood & Wilcox offers a full suite of managed IT infrastructure services ranging from collocation to managed hosting and managed storage services, all of which are administered from highly secure locations within its global Tier-1 IP backbone, with a footprint spanning over 100 countries.

Lockwood & Wilcox’ corporate vision is to help businesses grow through IP enablement solutions.

The fulfillment of this goal is a strategic road paved with the pursuit to confront and excel at the most contemporary, elite and rigorous technology and industry benchmarks. Limits to Scope Where the service provider intends to include an entire business area in the SMS, defining the scope of the SMS is relatively simple.

This is because the scope is everything the service provider does.

If only some of its services are included in the SMS, the service provider may find it difficult to define the scope in simple terms or to avoid ambiguity. Despite these difficulties, some service providers prefer to demonstrate conformity initially for only some of the services.

The service provider may then extend the scope of the SMS, up to the whole extent of the service provider’s services. The service provider delivering services under the terms of a legally binding contract should be aware that it is not possible for the contract to reduce the service providers obligation to fulfill all the requirements specified in part 1 of the standard.

Nor is it possible for the terms of the contract to remove the assessor’s obligations to obtain sufficient evidence of conformity to all the requirements.

This is the case even if a contract limits the services and processes. The service provider should use parameters to define the scope of the SMS, and ensure that there is no ambiguity about what is included and excluded. The parameters include but are not limited to: Organizational units providing services Services offered Geographical location from which the service provider delivers services Customers and their locations Technology used to provide the services. — Collect and analyze data to baseline and benchmark the service provider’s capability to manage and deliver service and service management processes Identify, plan and implement improvements Consult with all parties involved Set targets for improvements in quality, costs and resource utilization Consider relevant inputs about improvements from all the service management processes Measure, report and communicate the service improvements Revise the service management policies, processes, procedures and plans where necessary Ensure that all approved actions are delivered and that they achieve their intended objectives. An example may be that the ITIL® phase of Continual Service Improvement identifies, via measurement and metrics, that a change is needed to the Incident Management process.

Details will be compiled in a Request for Change (RFC) and coordinated and authorized through Change Management.

Release and Deployment Management will test and prepare the release for the live environment and provide advice, guidance and support to the Service Operation phase, as they will deal directly with the customer.

The evaluation process will assess the success of the change and report back to Change Management who will, in turn, via Key Performance Indicators and other metrics, report back to Continual Service Improvement.

CSI will then assess that the approved actions were delivered and achieved the intended objective. Further information on the objectives and the requirements of planning and implementing service management can be found in Chapter 10, Part 1 of the ISO/IEC 20000 standard. Planning & Implementing New or Changed Services Within any business or organization that is in operation, the need for new or changed services will always exist.

Any new services, changes to the service catalog or closure of services have to be handled by the change management process and this interface must be documented. According to the standard, the objective of planning and implementing new or changed services is to ensure that new services and changes to services will be deliverable and manageable at the agreed cost and service quality. The diagram above demonstrates the process flow from the plan for a new or changed service, through approval via change management to a formal proposal. Proposals for new or changed services must consider: Cost Organizational impact Technical impact Commercial impact. All plans for implementation are to consider adequate funding and resources to make the changes needed for service delivery and management.

For example, the Change Management process of ITIL® considers the business, technology and financial criteria before approving or rejecting a change. The service provider must accept any new or changed service before implementation into the live environment occurs and is to report on the outcomes achieved.

A post implementation review comparing actual outcomes against those planned is to be performed through the change management process. Information about what must be included in the plans for implementing new or changed services can be found in Chapter 5, Part 1 of the ISO/IEC 20000 Standard. Service Delivery Processes Service Level Management OBJECTIVE: To define, agree, record and manage levels of service. The primary goal of Service Level Management is to ensure that an agreed level of service is provided for all current IT services, and that future services are delivered in line with agreed achievable targets.

It also proactively seeks and implements improvements to the level of service delivered to customers and users. While some organizations may continue to rely on a ‘best endeavors’ approach to service quality, the majority have realized that there needs to be a consistent, agreed and understandable method used for defining and reporting IT service quality.

As the modern IT organization has matured over time to be more akin to any other area of business, there has also been an increased requirement for more formal methods, by which the value of funding and investments into IT are assessed, and performance measured for services provided and capabilities supported.

In the context of Service Offerings and Agreements, Service Level Management is the process that seeks to provide consistency in defining the requirements for services, documenting targets and responsibilities, and providing clarity as to the achievements for service quality delivered to customers. In effect, the process seeks to manage the ‘grey areas’ that are formed between customers and the IT organization, as well as ensuring that the activities performed by various IT groups are coordinated optimally to meet customer requirements.

The staff involved (Service Level Management team) are fluent in both technical and business jargon; they resolve disputes between parties (but as a result are sometimes seen as a spy in both camps) and generally work to improve the relationship between the IT organization and the customers it supports. — The level of technical detail included within the SLA will also vary, depending on the type and nature of the customer.

Some customers may be an IT Service Provider themselves, others will be purely business focused.

To be successful in all these scenarios, SLAs must be written in such a way that they are clear and unambiguous for both parties, leaving no room for confusion or misinterpretation.

They certainly won’t be perfect from the moment they are developed, so a continual cycle of review and revision should seek to improve the quality and effectiveness of SLAs over time. Service Level Agreement Structures There are a number of ways in which SLAs can be structured.

The important factors to consider when choosing the SLA structure are: Will the SLA structure allow flexibility in the levels of service to be delivered for various customers? Will the SLA structure require much duplication of effort? Who will sign the SLAs? Three types of SLAs structures that are discussed within ITIL® are service-based, customer-based and multi-level or hierarchical SLAs. Figure – SLA structures Many different factors will need to be considered when deciding which SLA structure is most appropriate for an organization to use. Typical Multi-level SLA Structure components: Corporate level: All generic issues are covered, which are the same for the entire organization. Example: The Corporate Security Baseline, EG Passwords, ID cards etc. — Examples of what Service Reporting should do: Requirements for service reporting are agreed and recorded for customers and internal management. Reports are timely, clear, reliable and concise and of sufficient accuracy to be used as a decision support tool. A complete overview of the requirements of Service Reporting can be found in Chapter 6.2, Part 1 of the ISO/IEC 20000 standard.

More guidance on best practices can be found in Chapter 6.2, Part 2 of the ISO/IEC 20000 standard. Service Continuity & Availability Management OBJECTIVE: To ensure that agreed service continuity and availability commitments to customers can be met in all circumstances. Service continuity and availability management processes contain activities to ensure that systems are made available and will stay that way.

According to ITIL, Service Continuity and Availability management are two different, but closely related processes while in ISO/IEC 20000, a combined availability and service continuity management system exists. Availability Management deals with the day-to-day availability of services whereas Service Continuity Management takes over when a ‘disaster’ situation occurs and the continuity plan is invoked.

For the purpose of ISO/IEC 20000, they are combined as the planning and testing of both service continuity and availability management can be performed as one set of activities.

It is important to note, however, that the monitoring and management of activities within each process are to be executed separately. Activities – Service Continuity Management IT Service Continuity Management (ITSCM) supports the overall Business Continuity Management (BCM) by ensuring that the required IT infrastructure and the IT service provision can be recovered within required and agreed business time scales.

For this reason, ITSCM is often referred to as ‘Disaster Recovery’ planning. The diagram above shows the four stages of ITSCM, incorporating each of the activities that take place to ensure that IT organizations are as prepared and organized as possible in the event of a disaster situation. Two of the major data sources for ITSCM are developed within Stage 2, including Business Impact Analysis and Risk Assessment. — A complete overview of the requirements of Release Management can be found in Chapter 10.1, Part 1 of the ISO/IEC 20000 standard.

More guidance on best practices can be found in Chapter 10.1, Part 2 of the ISO/IEC 20000 standard. Management of ISO/IEC 20000 The objective of ISO/IEC 20000 management is to provide a management system, including policies and a framework to enable the effective management and implementation of all IT services. An organization will need to develop and manage the roles and duty statements of all staff involved in providing IT service management. Examples may be Position Statements or Performance Agreements where the role and expected work performance have been agreed and documented.

In conjunction with this, individual learning plans should be developed.

Regular reviews meetings should be conducted and the Position Statements and individual learning plans reviewed and updated as required. Process roles such as the Problem Manager and Change Manager can apply here, however these are ITIL® terms and are not referenced in the standard. There are three components of management in the implementation of ISO/IEC 20000: Management responsibility, documentation requirements and competence, awareness and training. Management responsibility Through leadership and action, top/executive management is to provide evidence of its commitment to developing, implementing and improving its Service Management capability within the context of the organization’s business and customer’s requirements. The concept of management commitment is essentially intangible and compliance to the management responsibility requirement can be shown only through documented leadership and actions for the development, implementation and improvement of its Service Management capability. Documentation to demonstrate that commitment may include: Appointment records Written Service Management policies, objectives and plans Implementation results Communication records and meeting minutes Records of resource determination. — ISO 9000 is applied and used by all organizations in different sectors and industries, and whilst it has certain attributes and benefits that are valuable to your existing commercial relationship, you should consider whether you wish to have a specific certification for the IT Service Management (ITSM) component of your business.

ISO 9000 addresses all working practices in a business, without concentrating specifically on IT Service Management processes (although they may be included at a detailed level).   ISO/IEC 20000 is a focused specification for IT Service Management, its terminology is that of IT Service Management and all types of assessment will need to be carried out by competent auditors in order to provide you with an assessment report and a certificate if successful, which will be totally aligned with your IT service management business. ISO/IEC 20000 addresses only the IT Service Management processes, and the supporting Management System.

Adoption of ISO/IEC 20000 is therefore relevant to those organizations which specifically wish to target their IT Service Management processes, and is not directly related to the adoption or continuance of ISO 9000.

There is however some areas of overlap between the standards.

Should the principal purpose of your business be ITSM, then ISO/IEC 20000 is virtually essential. I believe there are many quality standards available.

How do they compare and overlap? There are many quality standards, frameworks and methods available and being unsure which one to examine or implement is understandable.

You may have heard of MOF, CoBIT, CMM, TickIT, ISO 9000, ISO27001, EFQM, Six Sigma, Balanced Scorecard and Sarbannes-Oxley.

Most are not standards in the strict sense, but simply tools to help organizations operate more efficiently and effectively.

It is important to understand the scope and purpose of each one, and then to match this to what you are trying to achieve in your organization.   ISO/IEC 20000 is unique in that it mirrors “” \l “Whatis_ITIL”ITIL Service Management principles. ISO/IEC 20000 will be readily understood by anyone with ITIL qualifications. MOF, for instance, a branded product, openly states that it utilizes ITIL principles, but also concentrates on the use of Microsoft® products in its implementation. TickIT works in conjunction with ISO 9000 and focuses on application development and project management. CoBIT focuses on corporate governance and can be used with ITIL. Six Sigma is a process improvement tool but is not specific to ITSM and can be used with ITIL. CMM is a maturity measure for primarily application development and project management processes. Most quality systems, by their very nature, will overlap with each other.

The most common overlap will be in the areas of quality management, training, documentation audit and conformance.   A significant point in the adoption of or conversion to another standard is to avoid discarding any process, procedure or documentation without serious examination. In what ways will ISO/IEC 20000 help me? As well as the potential external marketing and commercial benefits, it provides a recognized and tried and tested management system which allows an IT service organization to plan, manage, deliver, monitor, report, review and improve its services.   It not only looks at operational aspects but also focuses on the business controls covering associated risks, finances, resources and capabilities, providing a proper infrastructure to enable a traditional Plan, Do, Check, Act (PDCA) cycle to be implemented and managed. Our IT is distributed around the US and overseas.

Can sites be certified separately? — What are the origins of ISO/IEC 20000? “” \l “Topic_List” ISO/IEC 20000 was adopted as an international standard from the original British Standard (BS 15000).

There were minor changes during the internationalization, mainly to do with formatting and clarity.

There were few substantive changes to requirements. The edition of BS15000 (BS 15000-1:2002 and BS 15000-2:2003) that was submitted to ISO was actually the second edition and replaced an earlier version released in 2000 called BS15000:2000.

The second edition came about as a result of experience and feedback from early adopters of the 2000 edition.   The original standard was based on a Code of Practice for IT Service Management – DISC PD 0005:1998.   The technical panel which produced BS15000 included representation from the British Computer Society (BCS), the Office of Government Commerce (OGC) and the IT Service Management Forum (itSMF) as well as from IT organizations and technical experts.   BS 15000 was aligned with ITIL, best practice guidance and advice first published by the UK government in the 1980s.

Today, ITIL is the globally accepted ‘de facto’ standard for best practice processes in ITSM.   ITIL was a major contributor to the development of ISO/IEC 20000, in that its major processes have been adopted entirely, and augmented by a few key management processes. What is ITIL? “”ITIL provides ‘proven’ best practices in IT Service Management (ITSM), derived from public and private sector experts world-wide. Currently, the core publications in ITIL are Service Support; Service Delivery; ICT Infrastructure Management; Application Management; Security Management; Planning to Implement Service Management; and The Business Perspective (of ITSM).

The processes defined in these publications also formed the core processes in BS 15000 (and hence ISO/IEC 20000) Isn’t ITIL Best Practice? Yes it is.

ISO/IEC 20000 incorporates all the ITIL Service Support and Service Delivery processes but goes further by separating out Service Reporting and introducing three new processes covering Business Relationship Management, Supplier Management and Information Security Management.

Additionally there are three management system processes. ITIL is best practice guidance but it is not possible to be accredited as a company against ITIL.

The standard is a specification which provides the company level accreditation to demonstrate the consistent use of best practice. ISO/IEC 20000 does not mandate the use of ITIL.

However, demonstrating best practice in IT Service Management is of course far easier if it is underpinned by the use of ITIL. Will ISO/IEC 20000 be readily understood by anyone with ITIL qualifications? ISO/IEC 20000 and ITIL share common terminology so the short answer is yes.

Remember that conformance is also based on demonstrating appropriate training and skills to deliver the services being accredited so ITIL training should form a significant part of your Best Practice program. What is the benefit of the logo? Certificates of Compliance bearing the ISO/IEC 20000 logo confirm that the Certification Body which issued the Certificate is one which has been registered as complying with the stringent requirements of the itSMF ISO/IEC 20000 Certification Scheme.   Organizations which have a current Certificate of Compliance bearing the itSMF logo are also permitted to display the logo on their stationery, etc.

Subject to certain terms and conditions.

In this way the organization can demonstrate their compliance with the standard to a wide audience. Our IT is distributed internationally.

Can sites be certified separately? Yes.

Eligibility is based on demonstrating management control of all processes within the ISO/IEC 20000 standard relative to the scope of certification.

A certification may be scoped by specific sites, departments, or by IT services irrespective of location. Are customers already asking for ISO/IEC 20000 and BS15000 in tender documents? — Yes.

There are a number of customers asking for statements of supplier conformance, accreditation plans and quality management policies: some are quoting ISO/IEC 20000 or BS15000 specifically as the service requirement.

It is likely that this movement will grow and, quite simply, if a prospective supplier cannot demonstrate such conformance, they may not be considered during a tendering exercise. Even if a customer doesn’t ask for certification, your service is more likely to be chosen over that of a competitor who does not demonstrate ISO/IEC 20000 or BS15000 certification, providing competitive advantage. Is an existing ISO 9001 certification of benefit? Yes.

An existing ISO 9001 Certification indicates that the knowledge and processes of a structured QMS are already accepted and in use.

It should quicken the process, and provides the opportunity for both certifications to be assessed together. Which other frameworks can be used with ISO 20000? Whilst ITIL is the most common and most closely aligned, it is by no means mandatory to use it.

Other potential frameworks/methods include MOF, COBIT and Six Sigma. As a business seeking ISO/IEC 20000 certification, what external help is available? There are a number of organizations that have qualified consultants who can advise on the appropriate course of action required.

In addition, many RCBs will offer pre-audit evaluations to help the organization understand its current status. In addition, BSI has produced a series of books to assist with understanding different aspects of a full service management solution.

Contact us for further information. Certification ISO/IEC 20000 Certification Pathways ISO/IEC 20000 Standard is considered a requirement for IT Service providers and is fast becoming the most recognized symbol of quality in IT Service Management processes.

ISO/IEC 20000 programs aim to assist IT professionals master and understand the standard itself and issues relating to earning compliance. There are several programs in the certification series, first is the ISO/IEC 20000 Foundation Certificate, which is the prerequisite for any further programs in the series, including the Implementation Leader Certificate. For more information on certification and available programs please visit our elearning website “” or our store “” ITIL® Certification Pathways There are many pathway options that are available to you within the ITIL® Certification scheme.

Below illustrates the possible pathways that are available to you.

Currently it is intended that the highest certification is the ITIL® V3 Expert, considered to be equal to that of Diploma Status. For more information on certification and available programs please visit our elearning website “” or our store “” Acronyms ACP Accredited Course Provider ANSI American National Standards Institute AS Australian Standard BPM Business Process Modeling BS — ISACA Informational Systems Audit and Control Association ISO International Organization for Standardization ISM Institute of Service Management ISMS Institute of Security Management System IT Information Technology ITIL Information Technology Infrastructure Library ITOCO Input-Throughput-Output-Control-Outcome ITSM IT Service Management ITSCM IT Service Continuity Management itSMF IT Service Management Forum ITT Invitation to Tender JAB The Japan Accreditation Board for Conformity Assessment JQA Japanese Quality Association — BSI (2005).

Information Technology – Service Management: Part1 Specification. BSI (2005).

Information Technology – Service Management: Part 2 Code of Practice. BSI (2009) Information Technology – Service Management: Part 3 Guidance on scope definition and applicability of ISO/IEC 20000-1. ITSMF International (2006).

Metrics for IT Service Management, Zaltbommel, Van Haren Publishing ITSMF International (2008).

ISO/IEC 20000: An Introduction.

Zaltbommel, Van Haren Publishing. CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service (2009) ITIL® Factsheets, Brisbane, The Art of Service CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service (2009) CMDB and Configuration Management Creation and Maintenance Guide, Brisbane, CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service The Art of Service (2008).

Introduction to ISO/IEC 20000.

United Kingdom, Emereo Pty Ltd. The Art of Service (2010).

ISO/IEC 20000 Foundation Classroom Program Materials.

Brisbane, The Art of Service. CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service (2008) IT Governance, Metrics and Measurements and Benchmarking Workbook, Brisbane, CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service The Art of Service (2010).

ITIL® V3 Foundation Complete Certification Kit.

Third Edition.

United Kingdom, Emereo Pty Ltd. The Art of Service (2010).

ISO 20000 Foundation Complete Certification Kit.

Third Edition.

United Kingdom, Emereo Pty Ltd. The Art of Service (2010).

ISO 20000 Implementation Leader Complete Certification Kit.

Third Edition.

United Kingdom, Emereo Pty Ltd. CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service (2008) Risk Management Guide, Brisbane, CONTACT _Con-3CD3C83F1 \c \s \l The Art of Service To find out more about The Art of Service and our range of products, visit: “” Index A accountability 36-7, 48

Read more about 1 ITIL® 268174296 \h 30 \l “268174297” 1:

Accredited ITIL Foundation, Intermediate and Expert Certifications

Accredited ITIL Foundation, Intermediate and Expert Certifications, Learn more about ITIL HERE:

ITIL and 1 ITIL®   268174296 \h 30    \l ITIL and 1 ITIL®   268174296 \h 30    \l

Categories: News

Related Posts



  This ITIL report evaluates technologies and applications in terms of their business impact, adoption rate and maturity level to help users decide where and when to invest. The Predictive Analytics Scores below – ordered Read more…



Read online and subscribe to Predictive Analytics Email Updates HERE You can have a say in which analytics you need in which timeframe: simply add your (anonymous) need to the list at and we Read more…



  This Storage Technologies report evaluates technologies and applications in terms of their business impact, adoption rate and maturity level to help users decide where and when to invest. This predictive analytics evaluates 36 storage-related Read more…