IT Service Management: ISO/IEC 20000 1:2018 - Introduction and Implementation Guide - Second edition E-Book

IT Service Management: ISO/IEC 20000-1:2018Introduction and Implementation Guide

Other publications by Van Haren Publishing

Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards

within four domains:

- IT and IT Management

- Architecture (Enterprise and IT)

- Business Management and

- Project Management

Van Haren Publishing is also publishing on behalf of leading organizations and companies: ASLBiSL Foundation, BRMI, CA, Centre Henri Tudor, CATS CM, Gaming Works, IACCM, IAOP, IFDC, Innovation Value Institute, IPMA-NL, ITSqc, NAF, KNVI, PMI-NL, PON, The Open Group, The SOX Institute.

Topics are (per domain):

IT and IT Management

ABC of ICT

ASL®

CMMI®

COBIT®

e-CF

ISO/IEC 20000

ISO/IEC 27001/27002

ISPL

IT4IT®

IT-CMFtm

IT Service CMM

ITIL®

MOF

MSF

SABSA

SAF

SIAMtm

TRIM

VeriSMtm

Enterprise Architecture

ArchiMate®

GEA®

Novius Architectuur

Methode

TOGAF®

Business Management

BABOK ® Guide

BiSL® and BiSL® Next

BRMBOKTM

BTF

CATS CM®

EFQM

eSCM

IACCM

ISA-95

ISO 9000/9001

OPBOK

SixSigma

SOX

SqEME®

Project Management

A4-Projectmanagement

DSDM/Atern

ICB / NCB

ISO 21500

MINCE®

M_o_R®

MSP®

P3O®

PMBOK ® Guide

Praxis®

PRINCE2®

For the latest information on VHP publications, visit our website: www.vanharen.net.

Colophon

Title:

IT Service Management: ISO/IEC 20000-1:2018Introduction and Implementation Guide - Second edition

Series:

Best Practice

Author:

Dolf van der Haven

Publisher:

Van Haren Publishing, ’s-Hertogenbosch-NLwww.vanharen.net.

ISBN Hard copy:

978 94 018 0701 2

ISBN eBook (pdf):

978 94 018 0702 9

ISBN ePUB:

978 94 018 0703 6

Editions:

First edition, first impression, August 2019 (ITSM Press)Second edition, first impression, October 2020

Layout and Design:

Coco Bookmedia, Amersfoort-NL

Copyright:

© Van Haren Publishing and Dolf van der Haven, 2019, 2020

Nothing from this publication may be reproduced, recorded in an automated database or published on or via any medium, either electronically, mechanically, through photocopying or any other method, without prior written permission from the publisher.

This publication was produced with the utmost care and attention. Nevertheless, the text may contain errors. The publisher and the authors are not liable for any errors and/or inaccuracies in this text.

Trademark notices:

ITIL® is a registered trademark of AXELOS Limited. All rights reserved.

COBIT® is a registered trademark of ISACA. All rights reserved.

ISO® and IEC® are registered trademarks of ISO and IEC. All rights reserved.

VeriSM™ is a trademark of IFDC. All rights reserved.

CMMI® is a registered trademark of CMMI Institute. All rights reserved.

3.1 The ISO/IEC 20000 series of documents

3.2 The structure and contents of ISO/IEC 20000-1:2018

Clause 1 – Scope

Clause 2 - Normative references

Clause 3 - Terms and definitions

Clause 4 - Context of the organization

Clause 5 – Leadership

Clause 6 – Planning

Clause 7 – Support

Clause 8 – Operation

Clause 9 - Performance evaluation

Clause 10 – Improvement

Step 1: Education

Step 2: Management support

Step 3: Determine the organization’s context

Step 4: Communicate, communicate, communicate!

Step 5: What do you have in place now?

Step 6: Gaps, risks and opportunities

Step 7: Implementation

Step 8: Operation

Step 9: Evaluation and improvement

5.1 Clause 4

5.1.1 Internal and external issues

5.1.2 Interested parties

5.2 Clause 5

5.3 Clause 6

5.3.1 Risk management

5.3.2 Service management objectives

5.3.3 Service management plan

5.4 Clause 7

5.4.1 Competence

5.4.2 Processes

5.4.3 Procedures

5.4.4 Knowledge

5.5 Clause 8

5.5.1 Process design

5.5.2 Operational planning and control

5.5.3 Plan the services

5.5.4 Control of parties involved in the service lifecycle

5.5.5 Service catalogue management

5.5.6 Configuration management

5.5.7 Business relationship management

5.5.8 Service level management

5.5.9 Supplier management

5.5.10 Budgeting and accounting for services

5.5.11 Demand management

5.5.12 Capacity management

5.5.13 Change management

5.5.14 Service design and transition

5.5.15 Release and deployment management

5.5.16 Incident management

5.5.17 Service request management

5.5.18 Problem management

5.5.19 Service availability management

5.5.20 Service continuity management

5.5.21 Information security management

5.6 Clause 9

5.6.1 Internal audit

5.6.2 Management reviews

5.7 Clause 10

6.1 Planning

6.1.1 Planning the SMS

6.1.2 Planning processes

6.1.3 Planning working with other parties

6.2 Operating

6.3 Evaluating

6.4 Improving

8.1 VeriSM

8.2 The ISMF

Introduction

Management systems standards structure

Explanation of differences

General requirements

Service management processes

Operational planning and control

The revised standard for service management, ISO/IEC 20000-1:2018, was published in September 2018 and is the third version of the International Standard for service management, replacing the 2011 edition.

ISO/IEC 20000-1 provides requirements for the planning, design, transition, delivery and improvement of a Service Management System (SMS), which is the coordinated set of policies, processes, organizational structures, people, etc. involved in managing services.

This book introduces the ISO/IEC 20000-1 standard as well as providing extensive practical advice on implementing an SMS that conforms to the requirements. It does so by referring to the ISO/IEC 20000-1:2018 documentation toolkit, which is separately available and contains dozens of templates that allow you to provide the documented evidence necessary. This book, however, can also be read without using the templates, or using others in their place.

This book contains the following chapters:

Chapter 2 deals with a general overview of service management and why you need it — services are everywhere, even if you don’t realize it.

In Chapter 3, an overview is given of the ISO/IEC 20000-1 standard and the other parts of the ISO/IEC 20000 series.

High-level steps on how to implement the requirements of ISO/IEC 20000-1 are provided in Chapter 4.

Chapter 5 contains the practical guidance for conforming to the requirements of the standard. It extensively details the documented information needed as well as referring to the documentation toolkit developed together with this book.

Chapter 6 highlights the practical aspects of running an SMS beyond the documented information discussed in Chapter 5, instead focusing on planning, running, measuring and improving the SMS and other services.

Chapter 7 provides information on the certification process, in case your organization may want to get formal certification against the standard through external audits.

To conclude, Chapter 8 describes two models that can help you go beyond the requirements of the standard and look at service management from a holistic perspective.

Appendix A lists further resources that may be helpful during your journey in implementing ISO/IEC 20000-1.

Finally, Appendix B lists the main differences between the 2018 edition of the standard and the previous 2011 edition.

Note that the documentation toolkit, containing several dozen templates that can be used to conform to the requirements of the standard, is available from www.vanharen.net.

Services are as old as the world – various forms of services have been around for a long time, including legal services, transport services and governmental services. As a subset, Information Technology (IT) services have been around a bit shorter. IT services importantly gave rise to what was known as IT Service Management (ITSM), because a need was felt better to control these services and the costs of them. ITSM, in turn, has been generalized to general Service Management, by applying its principles to other services than IT. In fact, most, if not all, services today contain some IT component, if even as limited as a payment method or a website. This book, and the ISO/IEC 20000-1 standard, therefore refer to Service Management rather than ITSM, just to show how it can be applied to all types of services.

Contrary to popular belief, service management does not have to be an old-fashioned, rigid framework that slows down every effort in bringing positive changes. This is despite the fact that the fast-paced development of services today, pushed by (and, in turn, leading to) rapidly evolving customer requirements, result in many developers believing that traditional service management needs to make way for “newer” frameworks, such as Lean, Agile, DevOps and other related methodologies. In reality, the new ISO/IEC 20000-1 standard fully supports the use of these newer methodologies, but it can also be used with more traditional approaches to service management.

A standard like ISO/IEC 20000-1 does not prescribe how you should implement your service management processes; it only states what these processes should conform to. This opens up a range of possibilities for organizations to implement their processes in a way that is suited to their circumstances. Even a framework such as ITIL®, which is far more prescriptive, is clear regarding the modification of its processes to the organization’s needs. I tend to modify its slogan to Adapt and Adopt. You need to be able to adapt your service management practices to your organization’s culture and then adopt said practices to maximize the outcome.

You can conform to all requirements of ISO/IEC 20000-1 in various ways, adapted to the management practices you have adopted and the services you provide. It applies to both waterfall-type service implementations and restrictive change management practices, as well as to continuous delivery practices with a rapid change approval turnaround time. It is all dependent on what your service management policy (the high-level statement by which service management is governed) and your principles (the related statements on what is permissible in, for example, change or incident management) are. These, in turn, are dependent on the culture of the organization.

What makes service management so valuable is that it enables a structure for provisioning that can be adapted to the culture of the organization. People working within this structure know the level of flexibility and autonomy needed to make decisions independently for the organization. Customers are aware that they can expect consistent value from the services they purchase, and management know they have a structure in place that promotes efficiency, reduces costs and keeps customers satisfied.

◾ 3.1 THE ISO/IEC 20000 SERIES OF DOCUMENTS

ISO/IEC 20000 is not a single document — there is actually a series of ten, in which the primary standard (i.e. ISO/IEC 20000-1:2018) is included. ISO decided to distinguish these documents as parts of the 20000 series by assigning numbers to them, hence the primary standard is 20000-1.

Other parts of the 20000 series are as follows:

(Note that with the release of the 2018 edition of Part 1, some dependent parts that are currently published still refer to the 2011 edition and will be updated.)

◾ ISO/IEC 20000-1 is the international standard for service management, providing requirements to which a service management system (SMS) should conform.

◾ ISO/IEC 20000-10 (also known as Part 10, and updated in 2018) is the general introduction to the series, containing descriptions of the aims of ISO/IEC 20000, as well as the various other parts and ISO standards related to it. It also contains all terms and definitions used in the series.

◾ ISO/IEC 20000-2 (Part 2) is a larger document. Part 1 specifies concise and precise requirements that can be audited, whereas Part 2 provides further guidance on how to interpret and implement the requirements.

◾ ISO/IEC 20000-3 (Part 3) provides guidance on how to define a scope for Part 1: we will see that this is an important aspect in implementing the standard, which may become complex if you are using one or more internal or external suppliers.

◾ ISO/IEC 20000-5 (Part 5) is an example of an implementation plan for an SMS according to Part 1. As well as a project plan, it also includes guidance on areas such as a business case and templates.

◾ ISO/IEC 20000-6 (Part 6) provides requirements for certification bodies when they audit an SMS based on ISO/IEC 20000-1. Part 6 is valid for both the 2011 and the 2018 editions of Part 1.

◾ ISO/IEC 20000-7 (Part 7) provides guidance on the integration and correlation of management systems based on ISO/IEC 20000-1, ISO 9001 (quality management) and ISO/IEC 27001 (information security management).

◾ ISO/IEC 20000-11 (Part 11) makes a comparison between Part 1 and the Information Technology Infrastructure Library (ITIL).`

◾ ISO/IEC 20000-12 (Part 12) makes a comparison between Part 1 and the Capability Maturity Model Integration for Services (CMMI®-SVC).

◾ ISO/IEC 20000-13 (Part 13) makes a comparison between Part 1 and Control Objectives for Information Technology (COBIT®).

◾ Some parts (4, 8 and 9) seem to be missing from this series; this is due to either cancelling their development, withdrawing or renumbering them.

◾ 3.2 THE STRUCTURE AND CONTENTS OF ISO/IEC 20000-1:2018

ISO/IEC 20000-1 is now aligned with the high-level structure and terminology of what is referred to as the “Annex SL”, which is an appendix to the ISO Directives. This structure has been, or will be, applied to all management system standards, including the latest editions of ISO 9001 (Quality Management Systems), ISO/IEC 27001 (Information Security Systems), ISO 14001 (Environmental Management Systems) and many others, now also including ISO/IEC 20000-1. Applying the high-level structure results in many requirements being identical or at least very similar right across these standards, making the integration of multiple management systems much easier. If you already have, for example, an ISO 9001:2015 certification, then part of the work you have completed to achieve that can be re-used for your ISO/IEC 20000-1:2018 certification.