What is iso iec 20000

What is ISO/IEC 20000?
An Introduction to the International
Service Management Standard
by Mart Rovers
President
INTERPROM
©InterProm USA Corporation – Confidential and Proprietary Information 110/19/2015

WHAT IS ISO/IEC 20000?
Contents
©InterProm USA – Confidential and Proprietary Information 210/19/2015

Contents
• Background Information
• The Service Management System
• The Service Quality Principles
• A Pragmatic Norm
• ISO/IEC 20000 Contributions
• Benefits of ISO/IEC 20000
• The Certification Process
• ISO/IEC 20000 Publications
• Useful ISO/IEC 20000 Links
• About the Presenter
International Standards Organization (ISO)
is the Owner of ISO/IEC 20000

HISTORY AND CONTEXT
Background Information

History – Before 2005
• ISO/IEC 20000 is the offspring of the
British Standard 15000 (BS 15000), a
standard of the British Standard
Institute which originated in the 1990s.
• The BS 15000 standard was
introduced to measure the level of
implementation of ITIL®’s best
practices in an organization or its
adherence to the goals of the ITIL
processes.
ITIL is the acronym for
Information Technology Infrastructure Library.
Both ITIL and the Information Technology
Infrastructure Library are registered trademarks
that are owned by AXELOS Ltd.

History – In 2005
The Joint Technical Committee 1 /
Subcommittee 7 of the ISO and IEC
organizations released in 2005:
• Part 1: ISO/IEC 20000-1:2005
– Specification
– The normative part of the standard
– The requirements to meet
• Part 2: ISO/IEC 20000-2:2005
– Code of Practice
– The informative part of the standard
– The recommendations to meet the
requirements

History – In 2011 and 2012
In 2011, a new version of the normative
standard ISO/IEC 20000-1 was released:
• ISO/IEC 20000-1:2011
– Service Management System Requirements
– A list of 256 requirements a service provider
“shall” adhere to when seeking certification
In 2012, a new version of the informative
standard ISO/IEC 20000-2 was released:
• ISO/IEC 20000-2:2012
– Guidance on the Application of the Service
Management System
– A list of more than 800 recommendations a
service provider “should” take into consideration
when desiring to meet the 256 requirements

History – Since 2005
Since the introduction of the standard the
Subcommittee has released several additional
informative parts of the ISO/IEC 20000 standard
• ISO/IEC TR 20000-3
– Guidance on the Scope Definition and Applicability of
ISO/IEC 20000-1
– Process Reference Model
– Exemplar Implementation Plan
– Application of ISO/IEC 20000-1 to Cloud Services
• ISO/IEC TR 20000-10
– Concepts and Terminology
TR stands for Technical Report

Context – ISO/IEC 20000…
• … is a worldwide standard
that describes the
implementation of an
integrated process
approach for the delivery of
IT services.
• … consists of a set of
minimum requirements to
audit an organization
against effective IT Service
Management.
• … promotes the adoption of
an integrated process
approach to effectively
deliver managed services to
meet the business and
customer requirements.
• … promotes the coordinated
integration and
implementation of the
service management
processes to provide the
ongoing control, greater
efficiency and opportunities
for continual improvement.

ISO/IEC 20000 Structure
4. Service Management System (SMS)
Management responsibility
Governance of processes operated by other parties
Documentation management
Resource management
Establish the SMS
Plan the SMS (Plan)
Implement and operate the SMS (Do)
Monitor and review the SMS (Check)
Maintain and improve the SMS (Act)
5. Design and Transition of new or changed services
6. Service Delivery Processes
Capacity management
Service continuity &
availability management
Service level management
Service reporting
Information security
management
Budgeting &
Accounting for services
9. Control Processes
Configuration management
Change management
Release and deployment
management
7. Relationship Processes8. Resolution Processes
Incident and service request
management
Problem management
Business relationship
management
Supplier management

SERVICE MANAGEMENT
SYSTEM
The SMS

The SMS
• The Service Management System
(SMS) is what will be audited for
certification.
• The SMS is the framework of
processes, tools and resources
(human resources, technology resources,
information resources, and financial
resources) coordinately used to plan,
execute, document and continually
improve service management tasks
in a goal-oriented, customer-
oriented and quality-oriented way.
Resource management
Establish the SMS
Plan the SMS (Plan)
Capacity management
Service reporting
management
Budgeting &
Change management
management
management
Problem management
management
Supplier management

The SMS Components
Important components of the SMS are:
• Management Responsibility
• Governance of Processes Operated
by Other Parties
• Documentation Management
• Resource Management
• A structured approach to establish
and improve the SMS, following the
Deming Cycle
• A set of 14 Strategic, Tactical and
Operational processes
Resource management
Establish the SMS
Plan the SMS (Plan)
Capacity management
Service reporting
management
Budgeting &
Change management
management
management
Problem management
management
Supplier management

The SMS Deming Cycle
ISO/IEC 20000 provides the
requirements of the steps involved to
establish and maintain the SMS. These
steps follow the Quality Circle of
Deming: Plan-Do-Check-Act:
• Plan the SMS (Plan)
• Implement and Operate the SMS
(Do)
• Monitor and Review the SMS
(Check)
• Maintain and Improve the SMS (Act)

SMS Triggers
Answers to questions that trigger the
SMS to start functioning are:
1. What are the customer and business requirements, needs and
expectations?
2. What are the statutory and legal requirements the service
provider needs to take into account?
3. Are there requirements of other standards the service provider
needs to abide by?
4. Does the service provider have contractual obligations to
adhere to?
5. What are the service requirements, as a result of these
requirements and obligations as listed above?
6. What is the portfolio of services that is needed to meet these
service requirements?
7. What is the service management policy and what is the service
management plan, i.e. the service strategy, to meet these
service requirements?
Resource management
Establish the SMS
Plan the SMS (Plan)
Capacity management
Service reporting
management
Budgeting &
Change management
management
management
Problem management
management
Supplier management

A Working SMS
The execution of the service
management plan will be performed
by the 14 ISO/IEC 20000 processes.
• Strategic Processes
– Relationship Processes
• Tactical Processes
– Design and Transition of New or
Changed Services (process #14)
– Service Delivery Processes
• Operational Processes
– Control Processes
– Resolution Processes
Service Delivery Processes:
1. Service Level Management
2. Service Reporting
3. Service Continuity and
Availability Management
4. Budgeting and Accounting for
Services
5. Capacity Management
6. Information Security
Management
Relationship Processes:
7. Business Relationship
Management
8. Supplier Management
Resolution Processes:
9. Incident and Service Request
Management
10. Problem Management
Control Processes:
11. Configuration Management
12. Change Management
13. Release and Deployment
Management

The Purpose of the SMS
Ultimately, the SMS serves one major
purpose:
• Turning customers with needs,
expectations and requirements into
satisfied customers.
This is why the standard focuses on
effectiveness. Overtime, the focus can
shift towards efficiency by means of
continuous improvements.

PERMANENCY OF SERVICE
QUALITY
Service Quality Principles

ISO/IEC 20000 is Framework-neutral
ISO/IEC 20000-1
ISO/IEC 20000-2
Service Management Frameworks
(e.g. ITIL, COBIT, Six Sigma, PMBOK, PRINCE2, CMMI)
&
Quality Management and Other Supporting Standards
(e.g. ISO 9000 and ISO 31000, ISO/IEC 27001, ISO/IEC 38500,
ISO22301, ISO 21500, ISO/IEC 15504)
ISO/IEC 20000 is based on many
frameworks, such as ITIL and
COBIT. This does not imply
that an organization is
required to adopt the
best practices of
these frameworks
In order to meet
the standard’s
requirements.
ISO/IEC 20000 relates to many other
ISO standards such as ISO 9001,
ISO/IEC 27001 and ISO 31000.
This does not imply that an
organization has to meet
the requirements of these
related standards.
These standards
merely serve as
additional
guidance.

Service Quality Principles
• ISO/IEC 20000 incorporates all
of the eight quality management
principles of ISO 9001
• Every ISO/IEC 20000-1
requirement supports one or
more of these quality principles.
• What does this mean?
Implementing the requirements
of the standard will bring a
cultural and organizational
change.

Importance of Principles
• Principles are Guidelines for
Human Conduct that are proven
to have Enduring Permanent
Value
• Principles are deep, fundamental
truths
• Principles are unarguable
because they are self-evident
• Principles have a universal
application

COMMON SENSE PREVAILS
A Pragmatic Norm

Pragmatic Requirements
• Representatives of more than 20
countries, working together in
the Joint Technical Committee 1
/ Subcommittee 7 of the ISO/IEC
organizations, have contributed
to the 2011 version of the
standard through a transparent
and democratic voting process
• Years of combined practical
experience has resulted in a
collection of logical, pragmatic
and clear requirements

Pragmatic Norms For…
• Leadership
• Business Relationship Managers
• Supplier/Vendor Management
Managers
• Project Managers
• Business Analysts
• Human Resource Managers
• Service Owners
• Process Owners
• Asset Owners
• Talent Managers
• And more…
For
Any
Service
Provider,
Not just IT
Organizations

WHEN TO CONSIDER
ISO/IEC 20000 Contributions

When to Consider? (1 of 4)
• When comparing IT service providers.
ISO/IEC 20000 provides uniform and
common language as well as a norm for
benchmarking
• When selecting an IT service provider.
An IT organization can express added
value when offering its services and
distinguish itself from its competition
• When an IT department/organization is
looking for ways to better understand
the needs of the customer. ISO/IEC
20000 can be a norm to improve IT
governance

• When needing guidance to determine
which best practices to focus on first
when adopting industry best practices
to improve the effectiveness and
efficiency of the IT
department/organization
• When seeking increased transparency
of IT service provision costs, risks, IT
budgets and costs
• When looking for ways to implement
changes faster and more effective and
when seeking for a norm to improve
efficiency and effectiveness

• When attempting to better align the IT
department’s/organization’s services to
a third party’s services, creating a
uniform chain of services in particular
from a process perspective
• When looking for an effective method
and uniform guidelines to outsource or
offshore through a well-aligned process
interfaces and common and consistent
nomenclature. A norm which regulates
outsourcing
• When seeking a norm for reliable and
available quality IT services

• When looking for evidence that IT’s
processes are in compliance with
international financial and security
norms, rules and regulations
• When going for a broad range of
quality improvements within the IT
department/organization, as well as
boosting IT’s professional image
• When looking for an independent and
non-biased baseline to weigh service
providers against and use it as a norm

WHAT TO EXPECT?
Benefits of ISO/IEC 20000

What to Expect? (1 of 2)
• To qualify for new customers; more and
more companies and organizations
consider ISO/IEC 20000 certification an
essential requirement for conducting
business with a new vendor
• To enter global markets; the ISO/IEC 20000
standards are widely recognized
• To objectively measure the level of
compliance to industry best practices
• To have better information available for
numerous purposes
• To better streamline to various process
improvements that may go on
simultaneously in an IT department

What to Expect? (2 of 2)
• To provide guidance with prioritizing the
best practices to be implemented in an IT
department
• To give a company or organization a
competitive edge
• To show a drive for quality services
• To objectively assess and benchmark IT’s
level of maturity
• To increase customer focus and
transparency of value provided to the
business
• To establish a mentality of continual
improvement in IT

STEPS TOWARDS
CERTIFICATION
The Certification Process

7 Steps to become Certified
and uphold Certification
1. Complete a Questionnaire of the RCB
2. Apply for an Assessment by the RCB
3. Conduct an optional pre-audit by the RCB
4. Conduct the Initial Audit (Stage 1)
– Documentation Review
5. Conduct the Certification Audit (Stage 2)
– Onsite Inspection
– Interviews
– Records Review
6. Conduct Surveillance Audits every 12 months
– Spot Checks
7. Conduct the Re-certification Audit every 3 years
– Stage 1
– Stage 2

READING MATERIAL
ISO/IEC 20000 Publications

ISO/IEC 20000 Publication
• ISO/IEC 20000-1:2011 – A Pocket Guide
• Publisher: Van Haren Publishing
• ISBN-13: 978-9087537265
• Author: Mart Rovers
• Price: USD$25
• This Pocket Guide provides a concise
explanation of the nature, content and aim
of ISO/IEC 20000-1: 2011 and a short
summary of ISO/IEC 20000-2:2012.

LEARN MORE…
Useful ISO/IEC 20000 Links

ISO/IEC 20000 Links
• ISO Organization: http://www.iso.org
• ISO Standard:
http://www.iso.org/iso/home/store/catalogue_ics.htm
• http://webstore.ansi.org/
• ISO/IEC 20000 Certification Training:
http://www.interpromusa.com/training-services/iso-iec-
20000-certification-training/
• ISO/IEC 20000 Books:
http://www.interpromusa.com/resources/
• ISO/IEC 20000 Certified Firms:
http://www.isoiec20000certification.com/
• ISO/IEC 20000 RCBs:
http://www.isoiec20000certification.com/

MART ROVERS
About the Presenter

About Mart Rovers
• Mart Rovers is the President of INTEPROM. He has
over 30 years of experience in IT and has been
consulting and training in IT Service Management
(ITSM), Information Security Management (ISM), IT
Governance and Business Continuity Management
since 1992.
• He has led numerous organizations towards
becoming ISO/IEC 20000, ISO/IEC 27001, and ISO
22301 certified.
• He is a frequent speaker at international events and is
the author of the ISO/IEC 20000 – A Pocket Guide
• Mart received his MBA degree in Information
Analytics and holds BS degrees in Mathematics,
Statistics and in Marketing.

What is iso iec 20000

More Related Content

What's hot (20)

Similar to What is iso iec 20000 (20)

More from Mart Rovers (7)

Recently uploaded (20)

What is iso iec 20000