ISO/IEC ISO/IEC White Paper

Similar documents
ISO/ IEC (ITSM) Certification Roadmap

Contents. List of figures. List of tables. 5 Managing people through service transitions 197. Preface. Acknowledgements.

Implementing ITIL v3 Service Lifecycle

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Effective COBIT Learning Solutions Information package Corporate customers

What is ISO/IEC 20000?

POSITION DESCRIPTION

Information technology Service management. Part 11: Guidance on the relationship between ISO/IEC :2011 and service management frameworks: ITIL

Agile Project Management White Paper

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

Achieving ICT Service Management Excellence with ITIL and ISO20000 Frameworks

What is ISO/IEC 27001?

ITSM20F_Umang. Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0. Exin ITSM20F

Accelerate Your Enterprise Private Cloud Initiative

"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary

Revisit the Foundations of ITSM SMSG

SERVICE DESCRIPTION ISO Lex. Certifications

ISO/IEC overview

Getting Started with ITIL

Session 609 Tuesday, October 22, 2:45 PM - 3:45 PM Track: IT Governance and Security

Three Key Challenges Facing ISPs and Their Enterprise Clients

Data Security Standards

AVOIDING HIGH ORACLE DBMS COSTS WITH EDB POSTGRES

The Evolution of IT Service Management

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

EXIN Expert in IT Service Management based on ISO/IEC Preparation Guide

Predstavenie štandardu ISO/IEC 27005

Grow Your Services Business

Planning and Implementing ITIL in ICT Organisations

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Build confidence in the cloud Best practice frameworks for cloud security

ISO/IEC IT Service Management (ITSM) Standard & IT Infrastructure Library (ITIL) Overview and Growth Trends

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

Getting Started with IT Service Management

ITIL : Professional Education Training. Innovative solutions for modern businesses.

ITIL 2011 Foundation Course

The Honest Advantage

Data Sheet The PCI DSS

Pink Elephant. ITIL V3 The Value of Education

ProDeploy Suite. Accelerate enterprise technology adoption with expert deployment designed for you

Contents. viii. List of figures. List of tables. OGC s foreword. 3 The ITIL Service Management Lifecycle core of practice 17

ITIL Certification The next logical certification step for the Cisco Certified Professional

Kentucky IT Consolidation

THE TRUSTED NETWORK POWERING GLOBAL SUPPLY CHAINS AND THEIR COMMUNITIES APPROVED EDUCATION PROVIDER INFORMATION PACK

Global Security Consulting Services, compliancy and risk asessment services

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators

Driving Global Resilience

CAPABILITY STATEMENT

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

ITIL Managing Across the Lifecycle Course

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

UKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems

New Zealand Government IBM Infrastructure as a Service

ISO 9001 Auditing Practices Group Guidance on:

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

HCL GRC IT AUDIT & ASSURANCE SERVICES

SERVICE OPERATION ITIL INTERMEDIATE TRAINING & CERTIFICATION

Training Services TRAINING SERVICES. Translating Knowledge into Results

ROLE DESCRIPTION IT SPECIALIST

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta

IT-CNP, Inc. Capability Statement

ISO/IEC INTERNATIONAL STANDARD

An Executive Overview of ITIL v3

SERVICE TRANSITION ITIL INTERMEDIATE TRAINING & CERTIFICATION

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

Accelerating Cloud Adoption

SBL Professional Services

Information technology Security techniques Guidance on the integrated implementation of ISO/IEC and ISO/IEC

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

INTELLIGENCE DRIVEN GRC FOR SECURITY

STRATEGIC PLAN

Getting Started with IT Service Management

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Protecting information across government

Chartered Membership: Professional Standards Framework

Balancing energy and environmental demands

DATACENTER SERVICES DATACENTER

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

TR TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN THE FIELD OF ROAD TRANSPORT MANAGEMENT SYSTEMS. Approved By:

The ITIL Service Desk. Common Sense Comes To Life. Version : 1.4 Date : July 19, 2005 : Pink Elephant

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD. Information technology Software asset management Part 1: Processes and tiered assessment of conformance

Swedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation

Symantec Data Center Transformation

The Value of ANSI Accreditation. Top 10 Advantages. of accredited third-party conformity assessment

Introduction to ISO/IEC 27001:2005

PROTERRA CERTIFICATION PROTOCOL V2.2

- OQSF - Occupational Qualifications Sub-framework

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

WHITE PAPER. Title. Managed Services for SAS Technology

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

TRENDS. January 5, 2006 COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance. by Craig Symons

CRITERIA FOR CERTIFICATION BODY ACCREDITATION IN THE FIELD OF RISK BASED INSPECTION MANAGEMENT SYSTEMS

MANAGED TALENT SOLUTIONS

Transcription:

White Paper

2 Contents Foreword from Richard Pharro, CEO, APMG 3 Introduction 4 Overview 5 Benefits 8 Conclusion 10 Further information 10

3 Foreword by Richard Pharro, CEO, APMG The close relationship between ITIL and ISO/ IEC 20000 enables companies to leverage their investment in ITIL and existing process improvement initiatives. Conformance to ISO/ IEC 20000 demonstrates to a global audience the effectiveness of the organization s IT service management system and processes to suppliers, customers, staff and partners. In a bid to achieve competitive differentiation, access key government markets and drive down costs, growing numbers of IT service provider organizations are looking to achieve ISO/IEC 20000 certification. is the first international standard for IT Service Management. First published in 2005, and based on BS 15000, it was designed to align with ITIL best practice guidance. ITIL is a best practice framework that provides guidance for organizations wishing to improve the IT services they provide. Implementation of builds on ITIL guidance and its best practice processes to enable conformance to the globally recognized ISO standard. Service providers must be independently audited to achieve certification, and undertake further audits every year to retain it. Indeed, offers competitive advantage for a range of companies, including Outsourcers, ASPs and Government IT service providers. Achieving conformance helps organizations to drive down costs, improve the quality of core IT service management processes and improve access to key government markets. In addition, conformance can significantly reduce the cost and time associated with conformance to regulations such as the Payment Card Industry Data Security Standard (PCI DSS). By improving insight into existing IT resources conformance to can also transform the speed at which organizations realize the benefits of merger and acquisition activity. This white paper provides an overview of the standard and the way it builds on ITIL processes. It highlights the demands and benefits of certification for organizations and qualifications for individuals. It explains the key role people play in achieving and maintaining conformance and creating a culture of proactive IT service delivery.

4 Introduction Setting the Scene As the economic squeeze continues, organizations across the private and public sectors face a range of challenges. Cutting costs is just a given. At the same time, they face escalating conformance requirements while being tasked with becoming more competitive and achieving clear market differentiation. How can these objectives be achieved in an era of cost containment? One of the key areas to address has to be the effectiveness of the IT operation. Efficient, well run and relevant IT services are key to driving innovation, achieving differentiation and creating a culture of continual improvement. However, in this challenging economic environment, organizations also need to minimize the risks associated with both day to day service delivery and innovative change. Furthermore, they must also be able to demonstrate quality of service to new and existing customers in order to attain commercial value in a highly competitive marketplace. Over the past few years, organizations have worked hard to address these challenges. Many have embraced the ISO 9000 standards for quality management, which are increasingly required for EU based operations. At the same time, thousands of organizations globally have turned to ITIL in order to increase the value of the IT services they deliver. ITIL adoption has delivered a range of benefits, from reduced downtime to improved business relevance and the creation of a culture of proactive IT management. However, because ITIL is best practice guidance, rather than a standard, organizations struggle to demonstrate this improved quality to the marketplace. As a result, there is a drive to achieve ISO/ IEC 20000 certification in order to leverage this investment and expertise in ITIL and demonstrate operational competence. The ISO/ IEC 20000 standard is rapidly gaining worldwide support. Government Agencies are starting to mandate certification for service providers who want to offer their services for government IT contracts. The US Air force requires certification from sourcing providers and the UK National Health Service requires its major service providers to be certified. Achieving certification demonstrates to other organizations, suppliers, customers, staff, partners and industry bodies that the service provider organization is a knowledgeable, competent supplier. They have shown they have the practices, procedures and management system controls in place to ensure services are provided effectively with customer satisfaction at the core. By providing an opportunity to benchmark against the rest of the market, achieve competitive differentiation, and leverage the existing investment in ITIL, offers clear financial and operational benefit. It is no surprise, therefore, that over 600 IT service provider organizations throughout the world have already become certified, with a multitude of others preparing for certification. These service providers come from all sectors not just IT outsourcers providing external services, but internal service providers in finance, manufacturing, logistics, government, utilities and so on.

5 Overview Building on ITIL First published in 2005, is the international standard for IT Service Management. It is published by ISO, the International Organization for Standardization, based in Geneva, and has been adopted globally. It describes an integrated set of management processes for the effective delivery of services to the business and customers. The standard is based on, and supersedes, BS 15000 a standard developed by the British Standards organization. It aligns with best practice guidance contained within the ITIL framework and is compatible with other IT Service Management frameworks and approaches, including components of ISACA s COBIT framework. This is all contained within a quality management system which itself aligns with other pertinent standards such as ISO 9001, ISO/IEC 27001 etc. The standard comprises several parts. Part 1 is the formal specification and details the requirements for a service management system that enables the service provider to fulfil service requirements and provide value for both the customer and the service provider. Part 2 provides guidance on the application of service management systems. It describes the best practices for service management within the scope of -1. It provides more detail about the processes organizations should follow to achieve the requirements laid out in Part 1. Part 3 gives guidance on scope definition and applicability of the standard. This is required to help understand the often complex supply chains involved in IT service management, particularly where many process areas and functions are outsourced. Various other parts supplement these three with guidance and information on specific aspects and uses of the standard. Part 1 comprises several sections. Many of the process names will be recognized by those familiar with ITIL. Scope outlining the scope of the standards. Terms & definitions explaining the terminology used in the requirements. General requirements for a management system Similar to other standards such as ISO 9001 and ISO/IEC27001, outlining the detailed management responsibilities, including resourcing, reporting, accountability and documentation. The general requirements also cover scope and process governance, documenting a formal plan for the overall management system including process integration and continual improvement. Design and transition of new or changed services key to enabling the smooth implementation of new services, or major changes to existing services. Service delivery processes capacity management, service level management, information security management, budgeting and accounting for IT services, service reporting and service continuity and availability management. Relationship Processes supporting business relationship management and supplier management in the end to end supply chain. Control Processes configuration management, change management and release and deployment management. Resolution Processes incident management and problem management.

6 For companies that have already achieved ISO 9001 or ISO/IEC 27001 certification, the management system of will be familiar. It follows the same plan-do-act-check methodology, linked to customer/business requirements using business metrics and reinforcing continual improvement. It demands the implementation of a management structure and system to provide accountability for every element of IT service management including a strong reporting structure, clear personal responsibility and supporting documentation. And, again following similar standards, it addresses the planning and implementation of the service management system aimed at achieving the goals of improving efficiency and effectiveness, customer satisfaction and continual improvement. For those companies that have achieved ISO 9001 or similar certification, this core part of ISO/IEC 20000 should be reasonably straightforward, with demonstrable, proven management processes and structures already in place. This does assume, however, that the existing system encompasses the activities of IT Service Management to some degree. Such organizations will then have to consider implementation of the actual service management processes, much of which ITIL practitioners will already be familiar with. The difference between ITIL and, however, is that mandates tight integration of these service management processes into a service management system, and defines precise requirements which must be met as opposed to giving best practice advice which may or may not be adopted in a particular organization. It is essential that IT service provider organizations put in place a sound project management plan with accurate timelines and costs for implementing the service management system and associated processes. Specification Aims to fulfil ISO/IEC 20000-1 parts 2, 3, 5 and others providing supporting guidance Best practice reference models for IT Service Management SUPPORT guidance standards Supporting frameworks: ITIL, Cobit, MOF, Certification -1 Service management system SMS Implementation and improvement Policies, plans, processes, procedures for the IT service provider in the service management landscape

Overview 7 Many organizations will have already gained benefit from adopting some or all of the ITIL best practice processes, and that provides an ideal grounding for implementing them and others in an service management system. Organizations must implement every one of the service management processes mentioned above within the context of an integrated service management system and be able to demonstrate to their external, independent auditors that policies are established, processes are documented and that these are followed consistently. It typically takes organizations up to two years to achieve certification, although this depends on their existing level of ITIL capability. The more advanced and mature the existing ITIL processes, along with existence of a relevant quality management system, the less effort will be required to integrate them into an quality management system. Certified service providers are subject to annual surveillance audits and are required to be recertified every three years to ensure ISO/IEC 20000 conformance is retained. It is therefore essential to attain buy in and commitment from IT service management personnel at all levels. Individuals need to understand the value of the proactive culture, to embrace opportunities to improve the relevance and timeliness of IT provision to the business and, critically, they need to understand why the business is taking this route. Qualifications Growing numbers of IT service provider organizations are looking to provide staff with training and qualifications at an individual level to maximize the chances of project success, and to ensure ongoing conformance. Qualifications are currently available in three areas. The Foundation course provides an introduction to the concepts and principles of the standard in a typical implementation. Practitioner courses are relevant to those who are involved in implementation of the standard. The Auditor course is aimed at practising auditors who either are employed by a Certification Body or work as internal auditors in an IT service provider organization. These training courses contained within the qualification and certification scheme are offered by a number of accredited training organizations globally.

8 Benefits Transforming Performance So why is important? Since only companies that have demonstrated they have implemented all of the service management processes within a quality management system framework can become certified, achieving certification provides clear competitive advantage for companies across many sectors including: Internal IT service provider organizations in any sector Outsourcers Application service providers (hosted/cloud solutions) Government contractors. Improving IT processes and, critically, the control, audit and documentation of these processes, is a key requirement for the many sectors now subject to tight regulations, including: Banks, Retailers and other merchants: Payment Card Industry Data Security Standard (PCI DSS) Insurance Companies: Model Audit Rule (MAR) regulation on solvency and corporate governance developed by the National Association of Insurance Commissioners (NAIC). Organizations needing to conform with Sarbanes-Oxley (SOX) requirements Utility Companies: Face strict new conformance rules, including Critical Infrastructure Protection (CIP). For a business, certification enforces a measurable level of effectiveness and creates a culture of continual improvement. It delivers a multitude of benefits that include: Outsource core functions: Once is in place, and an organization has created its culture of proactive IT service delivery, it is far easier to outsource the reactive elements to a third party, driving down costs and enabling the IT service delivery team to concentrate on adding tangible corporate value. ISO/IEC 20000 specifies that the interfaces between the outsourcers and the service providers have to be clearly documented and managed. Competitive differentiation: For outsourcing providers in particular, offers a chance to achieve significant competitive differentiation. It also can drive down costs. For example, the integration of incident management with problem management can typically result in a large reduction in incidents. This has a huge impact on costs; increasing profitability in existing customer accounts and enabling more competitive tenders for new business. Access to key markets: With government, healthcare and military organizations now mandating for their IT service providers, any organization wanting to enter this market, or sustain an existing market position, must achieve certification. In the EU, organizations already need ISO 9000 certification; it is likely that a demand for ISO/ IEC 20000 will follow. Organizations from all over the world are increasingly looking at certification as way of differentiating themselves and ensuring high levels of quality.

9 Streamlined conformance activity: Organizations that adhere to the policies and processes of, especially the management procedures, have a strong foundation for conformance activity. Indeed, conformance with is proven to drive down the cost of conformance to a multitude of regulations, from PCI, DSS to Sarbanes Oxley. For example, one utility company s CIP conformance effort was reduced by 50% because the company was already ISO/ IEC 20000 compliant. Improved Merger & Acquisition (M&A): Leveraging ITIL practices to achieve ISO/IEC 20000 certification means that companies have a far better insight into the resources in place and what will be required to support both organic growth and any merged organization. The result is that the right resources can be put in place in time, to maximise the success of the M&A activity. profitable growth in the future. By enforcing conformance to the requirements, ISO/IEC 20000 drives highly effective and efficient management of IT services and promotes a culture of proactive service delivery that supports continual improvement. Demonstrable best practice: Internal service provider organizations that have achieved ISO/ IEC 20000 certification are increasingly being heralded as market leaders, with competitors now encouraged to follow suit. For the individual: qualifications provide an opportunity to build up skills; to evolve beyond generic service management expertise and take companies through the ISO/IEC 20000 process. It enables individuals to leverage ITIL experience and develop new competencies. There is a demand for skilled implementers in the market at the present time. Continual improvement: Companies in this economic downturn want efficiencies now that can be leveraged to support expansion and

10 Conclusion In this marketplace, organizations need to drive down costs. But they also need to build a solid foundation for the future and achieve competitive differentiation, maximize the opportunities provided by merger and acquisition and ensure access to key markets. The adoption of ITIL processes over the last decade has undoubtedly transformed the quality, relevance and timeliness of IT service delivery; it has enabled the creation of customer and business focussed services and improved the cost/ value equation. For most organizations the people cost is the biggest burden on the budget. Trained staff who understand the value of a process-oriented culture and work in tightly integrated teams within a recognized quality management system bring great value to the organization. It is the first step to becoming highly effective. The ISO/ IEC 20000 professional qualification will give the organization a head start in achieving company certification and realizing true value from improved efficiencies and effectiveness. Over 600 organizations globally have already recognised the value of certification to ISO/IEC 20000. Further information www.apmg-international.com APMG-International Head Office, Sword House, Totteridge Road High Wycombe, Buckinghamshire HP13 6DG Tel: +44 (0) 1494 452 450 Fax: +44 (0) 1494 459 559 Email: servicedesk@apmg-international.com Web: www.apmg-international.com APMG International 2012 ITIL is a Registered Trade Mark of The Office of Government Commerce in the United Kingdom and other countires

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback