ISO/IEC 20000:2011 - A Pocket Guide E-Book

ISO/IEC 20000:2011A Pocket Guide

Colophon

Title:

ISO/IEC 20000:2011 – A Pocket Guide

Author:

Mart Rovers

Editor:

Jane Chittenden

Publisher:

Van Haren Publishing, Zaltbommel, www.vanharen.net

ISBN hardcopy:

978 90 8753 726 5

ISBN eBook:

978 90 8753 787 6

Print:

First edition, first impression, February 2012 First edition, second impression, July 2012 Second edition, first impression, February 2013

Design and Layout:

CO2 Premedia bv, Amersfoort – NL

Copyright:

© Van Haren Publishing 2013

For any further enquiries about Van Haren Publishing, please send an e-mail to: [email protected]

Although this publication has been composed with most care, neither Author nor Editor nor Publisher can accept any liability for damage caused by possible errors and/or incompleteness in this publication.

No part of this publication may be reproduced in any form by print, photo print, microfilm or any other means without written permission by the Publisher.

Acknowledgements

We would like to thank the team of experts who contributed in such a major way to this publication. They have spent much time and kindly given their expertise to encourage better practices and understanding worldwide.

First of all we would like to thank Author Mart Rovers for pulling together the structure, approach and text. Always professional and knowledgeable, his kindness and humour means that he is indeed a great pleasure to work with. We are very privileged to work with Mart.

We also wish to thank the international team of experts who have reviewed the manuscript. These respected global experts have been kind enough to spend hours reviewing the title and sharing their hard-won expertise with the rest of the community. Always positive and professional these experts demonstrate the true strengths that can be found within IT Service Management.

Team:

Ashfaque Chowdhury

CIO, New Breed Logistics

Lynda Cooper

ISO20000 Evangelist, ITIL Master

Frederik van Eeden

Trainer and ISO20000 consultant

Subrata Guha

Director IT Services, UL DQS

Doug Houle

DHL

Wolfgang Moser

Consultant and Trainer, Prozess Delta

David W Nottingam

Manager - Configuration, Change, and Release Management, Premier, Inc.

Tony Powell

CIO, Florida Department of Revenue

Marc Taillefer

Consultant, Trainer and Coach in Management of IT Service

Kathy Tamer

Vice President & Chief Information Officer - Retired, United Space Alliance

Paul R. Theisen,

Director of Information Services, NPL Construction Company

Bryon Zimpfer

Change & Configuration Management, Adobe Systems Inc.

Foreword

The aim of ISO/IEC 20000 is to provide a common reference standard for any enterprise offering IT services to internal or external customers. In 2004, when Van Haren Publishing first produced a pocket book on the predecessors of this reference standard, the world was already highly inter-connected. Since then enterprises have taken even further strides to take advantage of the benefits of global relationships. This makes the need to embed a common set of terms and references within IT even more desirable -- as the IT Advisory Board to Van Haren Publishing we therefore welcome this new edition.

Any standard, in itself, will make no difference unless is understood and applied wisely and appropriately by those in the industry. As such we welcome this pocket guide which presents the standard in an easily digestible format that can be referenced easily. We believe it will be useful not only to experts within the area of IT service management but also by business managers and audit personnel who need to understand the basic objective of this standard. This title supports the standard which is intended to help businesses achieve their IT-enabled business objectives and their IT quality and service management objectives.

Members of Van Haren Publishing IT Advisory Board

Jacques Cazemier, VKA NL

Bill Hefley, University of Pittsburgh and ITSqc, LLC

Kevin Holland, NHS Connecting for Health

Brian Johnson, CA

David Jones, Pink Elephant UK

Alan Nance, Independent

Eric Rozemeijer, Quint Wellington Redwood

Gad J Selig, University of Bridgeport

Abbas Shahim, Atos Consulting

John Stewart, Independent

Contents

1 Introduction

1.1 Purpose of this book

1.2 Structure of this book

1.3 Audience for this book

2 Overview of ISO/IEC 20000

2.1 The ISO/IEC 20000 Series

2.2 History of ISO/IEC 20000

2.3 Purpose of ISO/IEC 20000

2.4 Contributions and benefits

3 Development of ISO standards

4 Accreditation, certification and assessment

4.1 Accreditation

4.2 Certification training for individuals

4.3 Assessments and audits

4.4 Certification

4.5 Scoping and applicability

5 Relationships to frameworks

5.1 Relationship to ITIL®

5.2 Relationship to risk management

6 Alignment with other standards

6.1 Alignment with ISO 9001

6.2 Alignment with ISO/IEC 27001

7 ISO/IEC 20000 and communication

8 ISO/IEC 20000-1:2011

8.1 Management in general

8.2 Scope – clause 1 of ISO/IEC 20000-1

8.3 Application – clause 1.2 of ISO/IEC 20000-1

8.4 (4) Service management system general requirements

8.5 (5) Design and transition of new or changed services

8.6 (5.2) Plan new or changed services

8.7 (5.3) Design and development of new or changed services

8.8 (5.4) Transition of new or changed services

8.9 (6) Service delivery processes

8.10 (7) Relationship processes

8.11 (8) Resolution processes

8.12 (9) Control processes

9 ISO/IEC 20000 self-assessment

9.1 Preparation

9.2 Assessment and reporting

9.3 Review and act

Annex A Glossary: terminology and definitions

Annex B ISO/IEC 20000-1:2011 changes

B.1 Name change

B.2 Changes in structure and size

B.3 Integrated Management System

B.4 Other noticeable changes

B.5 Major non-process-specific differences

B.6 Changes in terms and definitions

B.7 New requirements of ISO/IEC 20000-1:2011

Annex C ISO/IEC 20000-2:2012

1 Introduction

1.1 Purpose of this book

The purpose of this book is to provide an easy to read document that explains the nature, the context, the purpose and interpretation of ISO/IEC 20000-1:2011 and ISO/IEC 20000-2:2012. It should bring ISO/IEC 20000, the international Information Technology Service Management (ITSM) standard, within reach of a rapidly growing global audience at a higher pace by providing an easy, accessible guide:

•   To promote the awareness and the applicability of ISO/IEC 20000 as a valuable standard for service providers in the Information Technology (IT) industry;

•   To support ISO/IEC 20000 adoption, application and compliance initiatives, training, accreditation and certification;

•   To produce an easy to use interpretation of the core content of ISO/IEC 20000-1:2011 and ISO/IEC 20000-2:2012 for any IT professional interested in the design and delivery of quality IT services;

•   To provide guidance when implementing and improving ITSM even when ISO/IEC 20000 certification is not the end goal.

“ISO/IEC 20000 - A Pocket Guide” is aimed at a broad range of IT professionals who are looking for guidance and direction to improve IT service quality. In addition, this book is aimed at customers and consumers of IT services who wish to gain insight into what they can expect from a service provider and for ways to distinguish between different service providers providing the same services.

The contents of this book along with the standard may be applied:

•   When at the very beginning of your ITSM journey, in particular when seeking a measuring stick to objectively visualize improvements or when seeking a compass to steer you towards your intended service improvement goals and objectives

•   When looking for ways to boost your (stalled) ITSM adoption initiative, in particular when ITSM successes are hard to quantify and qualify or when momentum is (about to be) lost

•   When looking for ways to continuously improve your levels of IT process efficiency and effectiveness, your service quality levels and your customer satisfaction levels

1.2 Structure of this book

The book starts with an introduction to ISO/IEC 20000 by describing its nature and purpose (this chapter). This covers the structure, the history, and the purpose of ISO/IEC 20000, as well as the standard’s contributions and who will benefit from it. Chapter 2 provides an overview of the standard.

The following two chapters address the environment of ISO/IEC 20000 by putting it in context. Chapter 3 explains how ISO standards are developed. Chapter 4 explains the meaning of accreditation, certification, assessments, audits, scoping and applicability.

The remaining chapters cover the interpretation of the standard. This involves the relations with the Information Technology Infrastructure Library® (ITIL®) and Risk Management; the alignment with ISO 9001 and ISO/IEC 27001 (Chapter 5); communications requirements for the service provider (Chapter 6); and a description of the ISO/IEC 20000-1:2011 requirements, together with a self-assessment approach (Chapter 7 and Chapter 8). The standard’s definitions of its terminology are provided in appendix A. The changes between the 2005 and the 2011 version of the ISO/IEC 20000-1 standard are listed in appendix B. Annex C covers a brief explanation of ISO/IEC 20000-2:2012.

This book does not provide a copy of the ISO/IEC 20000-1:2011 or ISO/IEC 20000-2:2012 standard. For this we refer to Van Haren’s book ISO/IEC 20000 – An Introduction1, or to the ISO organization. The ISO/IEC 20000 publications can be obtained from ISO (http://www.iso.org/iso/store.htm). However, this book does describe each ISO/IEC 20000-1:2011 requirement in the author’s language and interpretation of it. Organizations who are seeking certification are recommended to obtain a formal copy of the standard to benefit from these interpretations. Certification audits will be based on the official standard and not this book.

Neither does the book describe the implementation steps to be considered when attempting to adhere to the standard. For this we refer to Van Haren’s book ISO/IEC 20000 – An Implementation Roadmap2. This book does, however, include helpful guidance with interpreting and understanding the standard’s requirements to allow for a more rapid adherence.

1.3 Audience for this book

This book is written for IT professionals who are seeking ways to improve their organization’s:

1.   Efficiency, effectiveness, and/or performance in general, including the delivery of services and the supporting processes

2.   Service quality levels’ predictability, consistency and repeatability

3.   Attitude, behavior, culture and move from a technology focus towards a more end-to-end service and customer focus

4.   Communication processes, including those affecting the customers, the users, the service provider’s staff, and the suppliers

5.   Information and knowledge gathering and collaboration in support of a higher quality and informed decision-making process

6.   Transparency, including value creation and delivery, resource utilization and demands, cost management, and risk management

7.   Continual improvement of service quality in alignment with customer needs and market opportunities

8.   Ability to determine objectively its current service quality level by comparing its service quality levels with an international auditable standard specific for IT, including setting a baseline and benchmarking against comparable service providers in the same industry segment

9.   Ability to determine the direction and the steps involving improvement efforts addressing higher service quality levels and higher customer satisfaction

The target audience for this book is purposely described in broad terms. The ISO/IEC 20000 standard is beneficial to every IT professional. Whether you are in an IT leadership, practitioner, advisory, analyst, instructor or auditor role, the standard provides guidance and direction towards quality IT services across the IT organization and IT industry. Limiting the target audience would unnecessarily impair the standard’s reputation, potential and applicability.

____________________

1 At the time this book was written, the available ISO/IEC 20000 – An Introduction book was still based on the 2005 version of ISO/IEC 20000.

2 At the time this book was written, the available ISO/IEC 20000 – An Implementation Roadmap book was still based on the 2005 version of ISO/IEC 20000.

2 Overview of ISO/IEC 20000

This chapter introduces ISO/IEC 20000. It outlines the structure of ISO/IEC 20000, its history, and its purpose; and explains the contributions and benefits of the standard to IT organizations.

2.1 The ISO/IEC 20000 Series

The core of the ISO/IEC 20000 standard consists of several documents:

1.   ISO/IEC 20000-1:2011 Service management system requirements. This is the formal specification of the standard. It describes the required activities, documents and records defined in 256 ‘shall’ statements.

2.   ISO/IEC 20000-2 Guidance on the application of service management systems describes the best practices in detail and provides guidance to auditors and recommendations for service providers planning for service improvements defined in ‘should’ statements.

3.   ISO/IEC TR1 20000-3 Guidance on scope definition and applicability of ISO/IEC 20000-1 provides guidance on determining the scope of certification and the applicability of the standard.

4.   ISO/IEC TR 20000-4 Process Reference Model facilitates the development of a process assessment model that will be described in ISO/IEC TR 15504-8 Information Technology – Process Assessment.

5.   5. ISO/IEC TR 20000-5 Exemplar Implementation Planfor ISO/IEC 20000-1 provides guidance on the implementation of the standard’s requirements.

Other parts of the standard are currently being planned.

More details of each document will be described in the upcoming chapters.

2.2 History of ISO/IEC 20000

The IT Infrastructure Library (ITIL) is accepted all over the world as a de facto reference for best practice processes in IT Service Management. Inherently, because ITIL is a framework and not a standard, showing compliance with ITIL is impossible for service providers2. This changed in the year 2000 when a formally documented standard became available. It was BSI (the British Standards Institution) who officially determined the requirements for the effective delivery of services to the business and its customers in a British Standard: BS 15000.

The first edition of BS 15000 was published in November 2000, based on an earlier publication - DISC PD0005: 1998 - the Code of Practice for IT Service Management. BS 15000-1:2002 became the second edition, which was the result of experience and feedback from early adopters of the first edition. The development of a certification strategy gave a major boost to the acceptance of BS 15000 as a formal standard.

On 15 December 2005, ISO, the International Organization for Standardization, accepted BS 15000 as an international ISO standard: ISO/IEC 20000:2005, the first edition of the standard.

There are two ways to create an ISO standard:

1.   A cooperative creation by involved countries, or

2.   The fast-track route based upon a national standard.

For the acceptation of this British Standard, ISO followed the fast-track route. Preceding its acceptance as an ISO standard, BS 15000 was already copied and accepted in the national standards bodies of Australia and South Africa.

More information about the ISO organization, its processes and procedures can be found in Chapter 3.