Business is evolving, you should too.

Helsinki, Tampere, Turku, Tukholma, Göteborg | www.tieturi.fi

What is ISO20000?Ben Kalland, Tieturi

Agenda

• What is ISO/20000 and why should I care?• History and future• Relationship to ITIL and other standards• Certification, who, how much, why and when• ISO20000 processes – difference to ITIL• How to proceed from here

ITIL is a library of best practice

• Service Strategystrategic analysis, planning, positioning

• Service Designtranslates plans to designs and specifications

• Service Transitionensures design will deliver and can be operated

• Service Operationmanage a service throughout production life

• Continual Service Improvementmeasure performance for maximum benefit

ITIL

• ITIL knowledge can be certified for individuals• Foundation• Practitioner• Service Manager – ITIL Expert

• An organisation cannot be ITIL certified• Anyone can claim they have adopted ITIL

ISO/IEC 20000

• Worldwide standard for IT Service Management• International certification against standard• Proof that best practices are implemented• ITIL not requirement• Not as deep as ITIL – minimum requirement• ITIL is a set of guidance – ISO is requirements• Easier to achieve if ITIL based approach• 200 + requirements to be able to demonstrate compliance• Based on BS15000, 400 minor adjustments• Certification for Quality Management (not i.e. tools)

Relationship ISO 20000 - ITIL

Relationship ISO 20 000 - ITIL

Timeline - history and future

• 1989 ITIL V1• 1999 ITIL V2• 2000 BS15000• 2003 itSMF launched BS15000 certification• 2005 ISO/IEC 20000• 2007 ITIL V3• 2009 IS/IEC 20000 – v2

Can you answer these questions?

• What are the current and future requirements of the business

• What happens if you have a major disaster• What level of service do you provide• What level of risks and liability do you have• What is the current level of failures and how much does it

cost the business• If your business customer base doubles, what does it

mean for IT and how much does it cost and when is it ready

• Goal of SM: align with business, low cost, high quality

Note!

ISO/IEC 20000 certifies the quality management system and processes SUPPORTING the products or services provided.

It does NOT certify the products or services themselves.

Position against other frameworks

Requirements

• Part 1 provides the requirements for IT service management to gain certification

• This is relevant to those responsible for initiating, implementing or maintaining IT service management in their organization

• Senior Management are responsible and accountable for ensuring all requirements of Part One are met if Certification is sought

• Compulsory requirements – shall• Basis for independent auditing• Example: “All incidents shall be recorded”

Guidance

• Part 2 - Code of Practice for Service Management• Provides guidance to internal auditors and assists service

providers planning service improvements or preparing for audits against ISO 20000

• Guidance – should• Explanations, not compulsory• Ex: “The process for a major incident should include a

review”

Scope

• Part 3 - Scope & Applicability• Advice on scoping for service management• Planning & improvements• Scope statements for certification audits• Suggestions on applicability include adding

communications or wider technology enabled services• Not yet formally agreed.

Who is certified? Examples

• 50% private, 50% public • 50% internal, 50% external service providers• CSC Nordic, Denmark• Fujitsu Services, Finland• Siemens Business Services, Germany• Flughafen Munchen, Germany• T-Systems ITC Services, Spain• Salzburg AG, Austria• EDS, Netherlands• ING Services Centre Budapest, Hungary

Who is certified? 349 organizations in March 2009

• UK 52• Japan 50• India 41 • South Korea 35• China 34• Germany 20…• Denmark 2• Finland 1• Sweden, Norway - none

Eligibility• An organisation must be able to demonstrate it has management control of

each of the ISO 20000 processes • All requirements must be met• If a process or function is outsourced, the organisation must retain

management control• Control of input, policy setting• Use and knowledge of output• Define metrics and continuous improvement• Management control of a process consists of:

• knowledge and control of the inputs• knowledge, use and interpretation of the outputs• definition and measurement of metrics• demonstration of objective evidence of accountability for process

functionality• definition, measurement and review of process improvements

ISO/IEC 20000 processes

Delivery processes

Support processes

How to proceed• Prepare for certification through Consultancy Services

• Assessment, implementation of processes, mentoring and guidance• Undertake various forms of training:

• ISO 20000 Foundation• Aimed at individuals familiar with ITIL, who participate in developing processes

or preparing for audition

• ISO 20000 Consultants Certifiacte• Aimed at experienced IT Service Management practitioners whose roles and

responsibilities include preparing organisations for the adoption of ISO 20000.

• ISO 20000 Auditors Certificate:• Aimed at experienced internal or external auditors who have at least 3 years’

general IT auditing experience and are either certified ISO 9000, ISO 27001 or TickIT auditors or are certified internal auditors

• Service Management• ITIL Foundation, Practitioner, Managers• Planning To Implement• Experiential Learning & Awareness

• Select an approved Registered Certified Body

Audits

• RCB• Needed documentation

• Evidence of intention: process designs, SLA’s, plans, contracts, ...• Inputs, specifications

• Records of achievement or activities performed: statistical data, minutes of meetings, RFC’s, ...

• Outputs• Surveillance audits – at least annually• Full re-audits – every three year• Internal audits – ”at planned intervals”

More information?

Ben KallandITIL Expert, ISO 20000 Foundation certified consultantAccredited ITIL trainer

ben.kalland@tieturi.fi

Tieturi Oy, HTC Santa MariaTammasaarenkatu 500180 HELSINKIwww.tieturi.fi/itil