ISO/ IEC (ITSM) Certification Roadmap

Transcription

1 ISO/ IEC (ITSM) Certification Roadmap Rasheed Adegoke June 2013

2 Outline About First Bank Motivations Definitions ITIL, ISO/IEC & DIFFERENCES ISO/ IEC Certification Roadmap First Bank ITSM Processes after ISO/ IEC Benefits of ISO/ IEC Certification Next Steps & Work-in-progress Conclusion/Wrap up

3 ABOUT FIRST BANK - 2 -

4 About FIRST BANK

5 MOTIVATIONS FOR ISO

6 Motivations/Drivers IT VISION To create and operate best-in-class technology infrastructure & services for the achievement of s clear leader objective. GROWTH Build reliable highly scalable infrastructure and agile IT architecture to support growth & rapid integration of acquired capacity PROCESS EXCELLENCE Facilitate process simplification and workflow automation Enable innovative use of customer self-service channels Reduce IT OPEX PERFORMANCE MANAGEMENT & PEOPLE Build robust enterprise performance management & reporting platform Empower employees with innovative solutions

7 Motivations/Drivers : Build reliable and Agile IT Service foundation :- Infrastructure & Processes (AGILITY) : Deploy new solutions to support Product & Service Innovation (INNOVATION) : Achieve global certification of IT Processes & Governance (EXCELLENCE) Improve IT Processes 4. Optimise infrastructure Build capacity & talents 3. Enable AGILE & INNOVATIVE enterprise 6. Optimise service delivery Improve communication with business 5. Optimise business applications

8 DEFINITIONS: ITIL, ISO

9 DEFINITIONS: WHAT IS ITIL? ITIL (Information Technology Infrastructure Library) is the most widely adopted approach for IT Service Management in the world. It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business. Source:

10 DEFINITIONS: ISO AND HOW IT DIFFERS FROM ITIL ISO is the international standard for IT service management. It describes an integrated set of management processes for the effective delivery of services to the business and its customers. Closely follows the ITIL framework. While individuals are ITIL certified, organizations are ISO20000 certified. ISO/ IEC PART 1 - SPECIFICATION Formal specification and defines the requirements for an organization to deliver managed services of an acceptable quality for its customers. PART 2 CODE OF PRACTICE Code of Practice and describes the best practices for Service Management processes within the scope of ISO/IEC

11 ISO/ IEC IMPLEMENTATION IN FIRST BANK Part 1 Specification Part 2 Code of Practice AUDITABLE SPECIFICATION: Target for achievement CODE OF PRACTICE: Explanatory guidance of the standard ITSM STANDARD ISO/ IEC ITIL, COBIT and other related guidelines First Bank Policies, Processes and Procedures Other best Practice guidance Implementation and improvement plans OTHER APPLICABLE STANDARDS REFERENCED ISO/IEC comprises of two parts: The first part is the auditable specification, which defines the requirements for certification (the shalls ) and the second part is the code of practice (the shoulds ), which contains recommendations and guidance for helping organizations achieve the first part. We also considered other guidelines and standards including industry/internal policies in our implementation of relevant IT Processes and Procedures.

12 ISO CERTIFICATION ROADMAP

13 CERTIFICATION & MAINTAINING PREPARING & IMPLEMENTING READINESS ASSESSMENT ISO/IEC CERTIFICATION ROADMAP Conduct ISO Readiness Assessment Conduct PDCA cycle review of ISO processes and remediate gaps Conduct certification audit

14 ISO/ IEC Certification Roadmap - Readiness Assessment As part of the certification roadmap, a readiness Process Area Maturity Assessment Absent 0 Informal 1 Repeatable 2 Defined 3 Managed & Measurable 4 Optimized 5 assessment was conducted at the beginning of the project Capacity Management Service Continuity and Availability Service Level Management Key Findings; Service Reporting Insufficient documentation of Information Security Management business requirements for IT Budgeting and Accounting for IT Services Configuration Management Many IT Processes are manually operated Change Management Lack of dedicated personnel Incident Management assigned to ITSM processes Problem Management Reports are not generated Release Management periodically but on a needbasis Business Relationship Management Supplier Management 13

15 ISO/ IEC Certification Roadmap - Key Considerations for implementation Is this right for us? Are we eligible, is this a mandatory business need, will we get clear benefits? What work is involved? Planning, costs, time and resources required to achieve ISO/IEC accreditation. This includes the development work and the auditing process Where do we stand currently against the standards? How would we score and what are the current gaps that need to be filled? What benefits do we expect from ISO/IEC 20000? Industry standing, cost and quality benefits, benefits of going through a quality programme

16 ISO/ IEC Certification Roadmap - Project Scope, Objectives and Organization SCOPE To improve and certify First Bank Plc.'s IT Service Management framework (policies, processes and practices) based on compliance with the international best practice standard in ITSM: ISO/IEC Fifteen (15) services defined in IT s service catalogue were covered. OBJECTIVES Reduce risks in service delivery Increase productivity and profit margin Measure effectiveness of service delivery Improve quality of IT services ORGANIZATION A formal project organization was established. The Chief Risk Officer was the project sponsor. Digital Jewels Limited were engaged as consultants on the project. Project was executed in line with our in-house project management methodology.

17 ISO/ IEC Certification Roadmap -Action and Timeplan PERIOD (Months) ACTION 1 Initial Gap assessment, definition of scope, planning, review of current processes and procedures. Definition of IT services based on ISO Selection of service and process owners 2 Definition/ refinement and implementation of processes in line with ISO ISO / IEC Foundation and Lead Auditor training for all process owners and selected staff Ongoing awareness sessions for the entire IT Organization 3 Fine tuning of processes Commenced implementation of a new service management tool 3-4 Final review of processes before audit Mock Audit Preparation for Certification Audit 4 Certification Audit

18 ISO/ IEC Certification Roadmap - Communication Plan and Data Collection COMMUNICATION PLAN; During the project, regular internal staff communication took place, including periodic meetings and circulation of progress reports. Staff communication encompassed; Project start-up Progress Possible changes in processes and policies Roll Out Certification COLLECTING DATA ON THE MANAGEMENT SYSTEM Metrics for Incident Management Process was generated from the existing ITSM tool. This includes information on incidents logged, closed, outstanding and resolved within the period. Monthly service status report reports are collated across the fifteen defined IT services. The reports itemized how the thirteen ITSM processes impact on the quality of their services. Processes, policies and procedures were assessed Interviews were conducted with relevant staff of the IT organization

19 ISO/ IEC Certification Roadmap - SIP and Certification Audit SERVICE IMPROVEMENT PLAN A formal Service Improvement Plan was established to cover areas of improvement in operations, services, staff training and ITSM processes. Progress of the Service Improvement Plan is measured through trends analysis, customer satisfaction surveys to highlight the impact of service improvement successes and failures. CERTIFICATION AUDIT Certification Assessment was conducted by auditor from British Standards Institute from 18 th to 26 th of April 2013 to assess the Service Management System. There were no major non conformances found The Certificate was awarded on May 21 st, 2013

20 FIRST BANK ITSM AFTER ISO

21 ITSM Processes after ISO Key improvements Effective documentation of business requirements for IT Services Process Area Maturity Assessment Capacity Management Absent 0 Informal 1 Repeatable 2 Defined 3 Managed & Measurable 4 Optimized 5 All IT processes are defined Service Continuity and Availability managed and measured Dedicated personnel have been assigned to ITSM processes as Process Service Level Management Service Reporting Information Security Management owners Budgeting and Accounting for IT Periodic reports are generated for continuous evaluation and improvement of the SMS Appointment of a dedicated Configuration Management Change Management Incident Management Problem Management IT Service Manager Release Management Implementation of Microsoft System Centre Suite Business Relationship Management Supplier Management 20

22 BENEFITS OF ISO CERTIFICATION

23 ISO/ IEC and the Banking Services Industry - Benefits of Certification to an IT Service Provider IMPROVED IT SERVICE DELIVERY ISO/ IEC certification CAN ENHANCE CUSTOMER PERCEPTION IT SERVICE PROVIDER REDUCED IT BREAK DOWNS AND FASTER RESOLUTIONS HIGHER RETURN ON IT INVESTMENTS STAFF MOTIVATION

24 ISO/ IEC and the Banking Services Industry - Impact on Banks Continuous improvement of service quality, including stability and cooperation, resulting in more customer confidence in the banks. Focused services through alignment with the enterprise strategy Insight into IT performance that is confirmed by an independent source and may serve as a basis for marketing and selling services Improved understanding by all process participants for defining objectives, responsibilities and roles Compliance to emerging regulatory regime that may enforce IT standards

25 NEXT STEPS & WORK IN PROGRESS

26 Next Steps and Work in-progress PRESERVING THE CERTIFICATE We plan to maintain the Certification by sustaining provision and continually improving services in line with the ISO standard. METRICS AND REVIEWS Monitoring processes have been embedded within IT Governance processes and other mechanisms such as audits of the SMS (internal and external) and management reviews. OPPORTUNITIES FOR IMPROVEMENT All identified opportunities for improvement will be exploited to achieve a better SMS Currently implementing a BSM system to automate ITSM processes PROCESS & SERVICE OWNERS Selected process and service owners have been assigned the task of monitoring and improving compliance to the standard

27 Conclusion / Wrap up We expect to leverage the ISO Certification process and subsequent automation of ITSM processes along with other IT Governance & Process improvements including CMMi, ISO 38500, etc. to deliver on the goal of attaining world-class IT Services in First Bank.

28