A practical guide and case study on leveraging ITIL v3 and ISO 20000 as part of your overall best-practice ecosystem.

Harpreet .K. Virdee, Director, Manta Group

Objectives

Provide a taster of ITIL v3 and ISO20000 Leave you passionate and energizedspawn a new career..(?) Give you a pragmatic view. What it really takes.

Agenda

Agenda

Best Practices Ecosystem

About The Manta Group

www.mantagroup.com pg.00

Agenda

Evolution of Service Management

IT Function ITIL v3 Focus: Business Value Strategic Partner

Services Lifecycle

Processes

Value

ITIL v2 Focus: IT Services IT Service Management Service Partner

Support

Delivery

IT Services

ITIL v1 Focus: Process Framework Technology Provider IT Infrastructure Mgt

40 books

Processes

Time

ITIL V3 Framework

What is a Service? A means of delivering value to customers by facilitating desired business outcomes without ownership of risks or costs

ITIL V3 Overview
Service Strategy Service Design Service Transition Service Operations
SO1 Event Management

SS1 Strategy Generation

SD1 Service Catalogue Management

SD2 Service Level Management

ST1 Transition & Planning Support ST3 Service Asset & Configuration Management ST5 Service Validation & Testing

ST2 Change Management

SS2 Financial Management

SD3 Capacity Management

SD5 IT Service Continuity Management

ST4 Release & Deployment Management

SO2 Incident Management

SS3 Demand Management

SD4 Availability Management

SD7 Supplier Management

ST6 Evaluation

SO3 Request Fulfilment SO4 Problem Management SO5 Asset Management

SS4 Service Portfolio Management

SD6 Information Security Management

ST7 Knowledge Management

Continual Service Improvement

CSI1 7-Step Improvement Process

CSI2 Service Measurement

CSI3 Service Reporting

ITIL V2 Mapping onto ITIL V3

Service Strategy Service Design Service Transition Service Operations
SO1 Event Management

SS1 Strategy Generation

SD1 Service Catalogue Management

SD2 Service Level Management

ST1 Transition & Planning Support ST3 Service Asset & Configuration Management ST5 Service Validation & Testing

ST2 Change Management

SS2 Financial Management

SD3 Capacity Management

SD5 IT Service Continuity Management

ST4 Release & Deployment Management

SO2 Incident Management

SS3 Demand Management

SD4 Availability Management

SD7 Supplier Management

ST6 Evaluation

SO3 Request Fulfilment SO4 Problem Management SO5 Asset Management

SS4 Service Portfolio Management

SD6 Information Security Management

ST7 Knowledge Management

Continual Service Improvement

CSI1 7-Step Improvement Process

CSI2 Service Measurement

CSI3 Service Reporting

The Strategy Canvas for ITIL V2 and V3

Level of detail and orientation

ITIL V2
High

ITIL V3

Low

Strategic Focus

Enterprise Involvement

Operational Ease of Use Orientation Attributes

Scalability

Ease of Implementation

ISO 20000: Basic Concepts

Quality standard for IT Service Management
BS 15000 fast-tracked to become IS0 20000 + AS8018

ISO/IEC: International Org for Standardization

US ANSI (American National Standards Institute) www.ansi.org CA SCC (Standards Council of Canada) www.scc.ca

ITIL v2 forms the basis of the standard

ITIL = best practices: process flows, roles, KPIs, etc OGC

12

ISO Stages Of Acceptance Fast-Track

Multiple Stages of ISO Standards: 60.60 is the goal 60.60 is a Fully Published International Standard ISO 20000 moved to 40.99 on 10/10/05 Moved to 60.00 on 11/24/05

13

The Standard
Part 1 (ISO 20000-1)
ITSM Specification for Service Management 3 editions 2000, 2002, 2005 Integrated process approach

Part 2 (ISO 20000-2)

ITSM Code of Practice for Service Management Detailed practices under scope of Part 1

+ PD00015: Self-Assessment Workbook

14

ISO Documentation Available

ISO 20000 - 1
The Standard Clearly states the requirements that are to be attained before Certification can be granted

15

Part 1: Specification
Integrated process approach to effectively deliver managed services to meet the business and customer requirements Ten sections: Scope Terms & Definitions Planning and Implementing Service Management Requirements for a Management System Planning & Implementing New or Changed Services Service Delivery Process Relationship Processes Control Processes Resolution Processes Release Process
16

Plan-Do-Check-Act

17

Service Management Processes

18

Relationship Processes

Business Relationship Management: Customer Engagement Model, Roles, Service Reviews

19

Supplier Management

Supplier Management: Conformance is the responsibility of the Service Provider (not supplier)

20

Requirements In Addition to Processes

Management System
Management Responsibility Documentation Requirements Competence, Awareness Training

Planning and Implementing Service Management

Plan: Plan Service Management Do: Implement Service Management Check: Monitor, Measure, and Review Service Management Act: Continuously Improve Service Management

Planning and Implementing New or Changed Services

21

Example Change Management Specification (s9.2)

Objective + Requirements that need to be satisfied Objective:
To ensure all changes are assessed, approved, implemented and reviewed in a controlled manner

Requirement examples:
All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor Requests for changes shall be assessed for their risk, impact and business benefit All changes shall be reviewed for success and any actions taken after implementation

22

Supporting Documentation

ISO 20000
Code of Practice Provides very specific requirements against the ISO 20000 specification

23

Part 2: Code Of Practice

Describes the specific 217 minimum set of requirements for service management Nine sections:
Scope Terms & Definitions The Management System Planning & Implementing Service Management Service Delivery Processes Relationship Processes Resolution Processes Control Processes Release Management Processes

24

Example: Change Management Code Of Practice

Change Management:
Sub-process: 8.2.2 Closing and reviewing the change request.

Code of practices that need to be satisfied:

All changes should be reviewed for success or failure after implementation and any improvements recorded A post-implementation review should be undertaken for major changes to check that: a) the change met its objectives; b) the customers are happy with the results; c) there have been no unexpected side effects Any weaknesses or deficiencies identified in a review of the change control process should be fed in to service improvement plans

25

Self-assessment workbook

PD0015 Analysis against the ISO 20000 Standard Use an accepted Checklist

26

Agenda

Why and Who has gone down this path?

Why? You can adopt ITIL and realize the same benefits.. But ISO gives you the badge of honour... And.. Need to implement ITIL best practices to get the certification. Who? 355 organizations are certified UK (52), India (42), Japan, China, S. Korea (30s), US (18). Canada (?) Predominantly supplier organizations: Verizon, Unisys, Fujitsu..

Spotlight
Allied Irish Bank

30

AIB in the Spotlight

First Iteration
False starts Non-cohesive approach No program initiated

Second Iteration

Program kick-off Agreed on framework (ITIL) Difficulty maintaining executive support and communicating benefits Difficulty sustaining staff buy-in

Third Iteration

Established new goal of ISO 20000 Certification Executive buy in established end point defined Staff buy in established job security Continuous Service Improvement formalized Certification milestones drove the program

31

With a mature Service Level model, detailed tracking of costs/events in business terms is possible
Year 2005 2006 2007 2008*
* 2008 values pro-rated from Aug 31st, 2008 data

Outages 1901 1834 1545 1175

Average Outage Time (mins) 207 185 138 104

Total Outage Time (hours) 6,558.5 5,655 3,553.5 2,037

29 weeks of Branch banking 6 weeks of personal online banking 12 weeks of commercial online banking

IT Results communicated in the context of business value

Agenda

The Whos who of ISO20000

ITSMF created and manages the ISO20000 certification scheme:

ITSMF accredits ISO200000 training providers:

Consulting Organizations:

Become a registered Certification Body /auditor (RCBs) Can conduct an ISO20000 audit

Accredited Course Providers (ACP) Auditor course 2 days Internal auditor/con. course 3 days

Adoption of bestpractices to support a certification ISO 2000 prereadiness assessment.

33

1. Plan for eligibility and scope

Understand Eligibility for the ITSMF certification scheme:

For a given scope Conform to all 217 requirements of the standard. If you outsource some of your IT services, need to prove that you have retained management control: Input Output Metrics Accountability Continuous Improvement Internal training?

34

2. Plan & design project

Set certification as a formal project. Consider Internal training Note - re-certification requires on-going operations against the standard need in-house expertise. Plan for the operational long-term strategy Conduct a baseline assessment Internal PD0015 workbook External consultancy firm Assess gaps on current processes against the standard Create an implementation roadmap.

35

Implementation roadmap based on gap analysis

Security Management is required for Certification Note additional processes are covered.

Reach objective : Conform to all 217 requirements.

36

3. Do the Audit
Auditor Off site paper audit of documented processes. This audit is against a checklist of requirements in the Standard Written report of paper findings Remediate issues identified in in written report Demonstrates compliance with documented processes Answers any non compliance Auditee

On site audit to verify actual implementation of documented processes Culminates in the Written Report of Overall Findings Major non compliance

Answers non compliance or remediate in preparation of re-audit CERTIFICATION IS GRANTED

37

4. Its not overAssessments

Certification achieved yippee On-going commitment by Surveillance audits
At clients site every six or twelve months by the RCB Review subset of requirements. Aim to cover all requirements before the next reassessment.

Reassessment:
Conducted every three years on 3rd anniversary. Full assessment on all requirements.

38

Agenda

Summary
This is a growth area for North America. ISO20000 can propel the sustained adoption of bestpractices by providing:
Milestone targets A prize logo Continual Improvement and Governance

Note: Scoping Statement of ISO20000 compliance. You can still achieve the same benefits through adopting ITIL practices. Achieving those benefits depends on how you adopt:
Governance & Compliance Organizational and Behavioural Change Process and Automation.

Thank YouQuestions?
Harpreet Virdee harpreet.virdee@mantagroup.com ISO: www.iso.org itSMF: www.itsmf.com BSI Americas: www.bsiamericas.com ANSI: www.ansi.org SCC: www.scc.ca Scoping guidelines: www.isoiec20000certification.com

41