Download (PPT, 1.9MB)
Continual Service Improvement Process

General Understanding

Knowledge Sources

ISO/IEC 20000:2011

Section 4.5 Establish and Improve SMS.


Continual Service Improvement.


Manage Quality

Monitor, Evaluate and Assess Performance and Conformance.

Monitor, Evaluate and Assess the System of Internal Controls.

Monitor, Evaluate and Assess Compliance with External Requirements.

Continual Improvement – PDCA Cycle

7 Steps to Service Improvement

COBIT Processes

Provides the governance and management structures to manage and improve:





Continual Service Improvement

Planning for Improvements

ISO/IEC 20000: Plan – scope and service management plan.

ITIL: Define what should be measured (strategy).

Define what will be measured (measurement framework).

COBIT: Establish a quality management system.

Define and management quality standards, practices, and procedures.

Establish a monitoring approach.

Set performance and control targets.

Identify compliance requirements.

Optimize responses to compliance.

Step 1 – Defining Strategy

Defining what should be measured:

Corporate Strategy.

IT Strategy.

Improvement Strategy.

The Continual Service Improvement Model

The Continual Service Improvement Model


Why scope?

To provide the greatest value to the customer.

To prioritize appropriately.

To manage budgets and resources effectively.

To minimize risk.

Service Management Plan

A service management plan will include information on:


Service requirements.

Policies, standards, and external requirements.

Roles, responsibilities, and authorities.

Resource allocations (human, technical, information, and financial).

Stakeholders and suppliers.

Process and system interfaces.

Risk acceptance and management.

Approved technologies.

Measurements and reporting.

Quality Management Systems

Benefits to Continuous Improvement:

Performance advantage through improved organizational capabilities.

Alignment of improvement activities to organization’s strategic intent.

Flexibility to react quickly to opportunities.

Employing a consistent approach to continual improvement.

Providing people with training .

Making continual improvement an objective for every person in the organization.

Establishing goals and measures in continual improvement.

Recognizing and acknowledging improvements.

Source: Quality Management Principles (ISO)

Approaches to Monitoring

Identify stakeholders.

Define requirements on monitoring and reporting.

Maintain alignment with current business, customer, and IT objectives.

Create agreement around goals, metrics, taxonomy, and retention periods.

Create agreement around change control.

Allocate resources to monitoring and reporting.

Assess effectiveness of approach.

Identifying compliance requirements






CSI – Implementation Issues

Identify and fill critical roles and responsibilities, e.g.

CSI Manager, Service Owner, SLM and reporting analyst.


CSI and Organizational Change.

Communication and Strategy planning.

CSI – value to the business

CSI and the Service Lifecycle

Step 2 – Define Measurement Framework

Defining what to measure

Creating relationships between objectives, critical success factors, key performance indicators, and metrics

Identifying methods of reporting communicating service levels, customer satisfaction, business impact, supplier performance, and market performance


Governance has been around the IT arena for decades.

IT is forced to comply with sweeping legislation and an

ever increasing number of external regulations.

IT organizations must operate under full transparency.

IT Governance

“IT governance is the responsibility of the board of

directors and executive management.

It is an integral part of enterprise governance and

consists of the leadership, organizational structures

and processes that ensure that the organization’s IT

sustains and extends the organization’s strategies

and objectives.”

Source: Board briefing on IT Governance, 2nd Edition, 2003,

IT Governance Institute – ITGI.

Defining Service Levels

Service Levels are a means of defining and measuring the behavior of service components within the context of providing value to the customer.

Defining Service Target

Service Targets represent the required level of service needed to deliver value to the customer.

Quality Management

What is quality?

A measure of excellence.

A comparison between similar objects.

A fulfillment of requirements.


Process Management

The activities of process management include:

Process definition.

Defining roles, responsibilities, and authorities.

Evaluating performance.

Identifying opportunities for improvement.

Continual Service Improvement

Implementing and Operating CSI

ISO/IEC 20000: Do – service management system.

ITIL: Gather Data.

Process Data.

COBIT: Monitoring, control and review of performance.

Performance and conformance data.

Monitor internal controls.


Confirm compliance.

Step 3 – Data Collection



Internal Control


Procedure for Data Collection

Performance Monitoring

Capability assessment.

Investment performance reports.

Service level reports and service reviews.

Supplier reports and reviews.

Project performance reviews.

Availability, performance, and capacity monitoring.

Incident and problem reports.

Service request and change reports.

Internal Controls

What is an Internal Control?

“A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achieving of objectives to operations, reporting, and compliance.”

From COSO Internal Control – Integrated Framework Executive Summary

COSO Internal Controls Framework

The framework consists of:

Three objective categories




Five components

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring Activities

17 principles

Capability Assessments

A capability assessment compares the performance of a process

against a performance standard. This can be an agreement in a SLA,

maturity standard, or an average compared to companies in the same

industry (known as a benchmark).

An assessment for ISO/IEC 20000 is a capability assessment; it shows whether or not the requirements of ISO/IEC 20000 are being met.

Purpose of Internal & External Audits

An independent evaluation is needed to assess the performance,

and is also required by customers and third parties.

The results can be used to update the agreed measures in

consultation with the customers, and also for their implementation.

There are three forms of evaluation:


Internal Audit.

External Audit.

Types of Audit

Audit findings are used to assess the effectiveness of the quality

management system and to identify opportunities for improvement.

There are three main types of audit:

First-Party Audit

Second-Party Audit

Third-Party Audit

Step 4 – Data Processing

Continual Service Improvement

Monitor and Review

ISO/IEC 20000: Check – internal audits and management reviews.

ITIL: Analyze Data.

Present and Use Data.

COBIT: Analyze and report performance.

Identify and report control deficiencies.

Obtain compliance assessment.

Step 5 – Analyze Data

Review the data collected.

Current process results

Statistical measurements

Descriptive Analysis

Variation Analysis

Root Cause Analysis

Can we learn anything from a SWOT analysis?

Step 6 – Presenting Data

Management Reviews

Top Management must regularly review the service management system and services.

The purpose of the review is to determine continued suitability and effectiveness of the targeted area.

The review may include:

Assessment of improvement opportunities.

Assessment of SMS changes, including strategic and policy changes.

Service Reviews

Service and Service Level Agreements are reviewed with customer at planned intervals

Continual Service Improvement

Step 7 – Implementation

Data drive Decisions

Objectives drive Priorities

Necessity drive Implementation