Embed Size (px)
DESCRIPTION
Practical experience from implementation of ISO 20000 that lead to successful certification.
Citation preview
EXPERIENCE FROM IMPLEMENTATION
OF ISO 20000:2005
Viktorija DoncevaTrajkovski & Partners Management
Consulting
Ohrid, May 2009
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
CONTENTS
Introduction
Law regulation from the National bank of the Republic of Macedonia
ISO 20000:2005 standard requirements
Practical experience from implementation of ISO 20000:2005
12.04.2023 2
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
INTRODUCTION
12.04.2023 3
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
What is ISO 20000?
First worldwide standard specifically aimed at IT Service ManagementDescribes processes for delivery of services
Aligned with and complementary to the process approach defined within ITIL
ISO/IEC 20000 consists of two parts: ISO/IEC 20000-1, the formal Specification ISO/IEC 20000-2, the Code of Practice
Formerly British Standard 15000, adopted by ISO in December, 2005
12.04.2023 4
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
IT Service Management standards and best practice framework
12.04.2023 5
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
ISO 20000 Structure
Introduction and overview
Scope, terms and definitions
Requirements for a management system
Planning and implementing ITSM
Planning and implementing new or changed IT services
Process groupings12.04.2023 6
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
ISO 20000 Processes
12.04.2023 7
Overall management system
Planning and implementing service management
Planning and implementing new/changed services
Service delivery processes
Capacity management
Service continuity and availability management
Service level management
Service reporting
Information security managementBudgeting and
accounting for IT services
Release processes
Release management
Resolution processes
Incident management
Problem management
Relationship processes
Business relationship management
Supplier management
Control processesConfiguration management
Change management
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
LAW REGULATION FROM THE NATIONAL BANK OF THE
REPUBLIC OF MACEDONIA
12.04.2023 8
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Decisions from NBRM
DECISION on the bank's information system security ("Official Gazette of the Republic of Macedonia" No. 31/2008)
DECISION on amending the Decision on the bank's information system security ("Official Gazette of RM" No. 78/08)
DECISION on amending the Decision on the bank's information system security ("Official Gazette of RM" No. 31/2009)
12.04.2023 9
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Requirements for outsourcing companies
Outsourcing company of the bank with main activity of managing data processing system and which based on written agreement manages and stores bank data while performing bank or financial activities.
The outsourcing company shall obligatorily be certified in accordance with the international standard ISO/IEC 20000.
12.04.2023 10
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
ISO 20000:2005 STANDARD REQUIREMENTS
12.04.2023 11
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Requirements for the management system
To provide a management system, including polices
and a framework to enable the effective management
and implementation of all IT services
12.04.2023 12
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Documents required by the standard
PoliciesService management and improvement
policy, Budgeting and accounting policy, Release policy etc.
PlansService management plan, Service
improvement plan, Capacity plan etc.
Processes Improvement process, supplier
management process, Change management process etc.
12.04.2023 13
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Documents required by the standard
ProceduresDocument control, Incident management,
Problem management etc.
RecordsService level agreements, Management
review report, Proposal for new or changed services, Risk Assessments, Configuration management database (CMDB)etc.
12.04.2023 14
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
PRACTICAL EXPERIENCE FROM IMPLEMENTATION OF
ISO 20000:2005
12.04.2023 15
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Clients’ starting situation
Implemented QMS based on ISO 9001:2000
Implemented ISMS based on ISO 27001:2005
Implementing ITSMS based on ISO 20000:2005The Scope of the IT Service Management
System are all the services that the organization provides for its customers and for the internal users.
ITSMS Framework + ITSM processes
Connections and overlaps between the management systems
12.04.2023 16
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Connections and overlaps between the management systems
ISO/IEC 20000-1:2005ISO
9001:2008
ISO/IEC
27001:2005
1 Scope 1 1
2 Terms & definitions 3 3
3 Requirements for a management system 4 4, A.6.1
4 Planning and implementing service management
7.1 A.6
5 Planning and implementing new or changed services
7.2 A.10.3, A.12.1
6 Service delivery process 7.2
7 Relationship processes 7.2.3/4.1 4.1, 4.2, A.10.8
8 Resolution processes 8.5 A.10.10
9 Control processes 7.5.1 A.12.2
10 Release management 7.312.04.2023 17
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
ITSMS Framework
1. Introduction2. Service Management and Improvement
Policy3. IT Service Management System Overview4. Management Responsibility5. Organization for Service Management6. ITSMS Documentation7. Services overview8. Planning and implementing service
management9. Planning and implementing new or
changed services10. Service Management Process Model
12.04.2023 18
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
ITSMS Processes Defined 13 processes based on ISO 20000:2005
standardService Improvement Planning and implementing new or changed servicesService level management and reportingService continuity and availability managementBudgeting and accounting for IT servicesCapacity managementBusiness Relationship management Supplier management Incident management Problem management Configuration management Change management Release management
12.04.2023 19
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
ISO 20000 key processes
Service Level ManagementISO20000-1:2005 ref. number: 6.1
Service Level Management GoalTo maintain and improve IT Service
quality, through a constant cycle of agreeing, monitoring and reporting upon IT Service Achievements.
Service Level Management objectiveTo define, agree, record and manage levels
of service
12.04.2023 20
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Service Level Management overview
12.04.2023 21
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Service catalog (1/2)
List of all services IT provides to Customers
Provides a clear explanation of the services, Customers/Users, descriptions and costs
Essential to any service provider business in order to define products and services
Managed and updated by the Business Development Department
12.04.2023 22
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Service catalog (2/2)
Separate catalogs for services provided to clients and internal services
Each service separately described through the following information: Service name, Status of service, Description
of service, Standard and additional service features, Frequency of service delivery, Service availability, Client technical requirements for using the service, Service support (description and hours), Service owner, Standard and additional Tariff costs, Service delivery level
12.04.2023 23
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
What goes into an SLA?
Services included/excluded Service hours Availability / Reliability targets Throughput, transaction response times, batch
turnaround times Support arrangements / targets Change targets Security Plan IT Service Continuity Plan Service costs and charges Reviews and reporting Penalties and Incentives
12.04.2023 24
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Questions?
Thank you for your attention!
12.04.2023 25
