ISO/ IEC (ITSM) Certification Roadmap

Similar documents
ISO/IEC overview

EXIN Expert in IT Service Management based on ISO/IEC Preparation Guide

ITSM20F_Umang. Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0. Exin ITSM20F

ISO/IEC ISO/IEC White Paper

"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary

Planning and Implementing ITIL in ICT Organisations

Symantec Data Center Transformation

Implementing ITIL v3 Service Lifecycle

What is ISO/IEC 20000?

Effective COBIT Learning Solutions Information package Corporate customers

Convergence of BCM and Information Security at Direct Energy

Business Architecture Implementation Workshop

IT123: SABSA Foundation Training

Service Management Practice Overview. Pete Swan )

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta

Session 609 Tuesday, October 22, 2:45 PM - 3:45 PM Track: IT Governance and Security

Using ITIL to Measure Your BCP

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Achieving ICT Service Management Excellence with ITIL and ISO20000 Frameworks

TIPA Lead Assessor for ITIL

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

ITSM Training Solution

1. You should attempt all 40 questions. Each question is worth one mark.

NCSF Foundation Certification

EXIN Specialist in IT Service Management based on ISO/IEC Preparation Guide

Introduction to ISO/IEC 27001:2005

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

What is ISO/IEC 27001?

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

How Cisco IT Improved Development Processes with a New Operating Model

BCS Specialist Certificate in Change Management Syllabus

Company Overview. global-lynx. Version: September 30, 2015

Achieving effective risk management and continuous compliance with Deloitte and SAP

CAPABILITY STATEMENT

Contents. viii. List of figures. List of tables. OGC s foreword. 3 The ITIL Service Management Lifecycle core of practice 17

BCS Specialist Certificate in Service Desk and Incident Management Syllabus

Accelerate Your Enterprise Private Cloud Initiative

ISO Information Security Management Systems Implementation Road Map

for TOGAF Practitioners Hands-on training to deliver an Architecture Project using the TOGAF Architecture Development Method

ITIL Managing Across the Lifecycle Course

ITIL 2011 Foundation Course

ISO/IEC JTC 1 N 13145

ICT Mentors e-learning portfolio provides our delegates with materials for study at the comfort of their homes, work place etc.

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Contents. List of figures. List of tables. 5 Managing people through service transitions 197. Preface. Acknowledgements.

COBIT 5 Assessor Certification Course

Certified Information Security Manager (CISM) Course Overview

Organizational Readiness for Digital Transformation

ITIL Intermediate Service Design (SD) Certification Boot Camp - Brochure

Data Security Standards

STRATEGIC PLAN

SERVICE TRANSITION ITIL INTERMEDIATE TRAINING & CERTIFICATION

New Zealand Government IbM Infrastructure as a service

Quality Assurance and IT Risk Management

ITIL Intermediate Service Design (SD) Certification Training - Brochure

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

Optimisation drives digital transformation

ITG. Information Security Management System Manual

What Auditors Want. John Mitchell. PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, MIIA, CISA, QiCA, CFE

Data Governance. Mark Plessinger / Julie Evans December /7/2017

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

University of British Columbia Library. Persistent Digital Collections Implementation Plan. Final project report Summary version

Cisco SP Wi-Fi Solution Support, Optimize, Assurance, and Operate Services

ISSA Guidelines on Information and Communication Technology: Overview

Data Sheet The PCI DSS

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Department of Management Services REQUEST FOR INFORMATION

New Zealand Government IBM Infrastructure as a Service

Cybersecurity. Securely enabling transformation and change

Keeping the lid on storage

ITIL Intermediate Service Transition (ST) Certification Training - Brochure

What is ITIL. Contents

Information Security Management System (ISMS) ISO/IEC 27001:2013

OVERVIEW BROCHURE GRC. When you have to be right

Security and Privacy Governance Program Guidelines

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

ITIL 2011 Overview - 1 Day (English and French)

Module 6: Functions. ITIL Foundation v V1. Reader s Note QAI India Ltd. I

_isms_27001_fnd_en_sample_set01_v2, Group A

UKAS accredited Certification Bodies

Build confidence in the cloud Best practice frameworks for cloud security

COURSE BROCHURE. ITIL - Intermediate Service Transition. Training & Certification

Predstavenie štandardu ISO/IEC 27005

Information technology Service management. Part 11: Guidance on the relationship between ISO/IEC :2011 and service management frameworks: ITIL

Managing e-infrastructures

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Enabling efficiency through Data Governance: a phased approach

ITIL: The Key Differences Between Versions 2 and 3

ROLE DESCRIPTION IT SPECIALIST

Avanade s Approach to Client Data Protection

Better skilled workforce

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Government IT Modernization and the Adoption of Hybrid Cloud

POSITION DESCRIPTION

Implementation of Business Continuity Management System (BCMS) based on ISO 22301:2012 requirements

ITIL : the basics. Valerie Arraj, Compliance Process Partners LLC. AXELOS.com. The APM Group and The Stationery Office 2013

Transcription:

ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013

Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank ITSM Processes after ISO/ IEC 20000 Benefits of ISO/ IEC 20000 Certification Next Steps & Work-in-progress Conclusion/Wrap up

ABOUT FIRST BANK - 2 -

About FIRST BANK

MOTIVATIONS FOR ISO 20000-4 -

Motivations/Drivers IT VISION To create and operate best-in-class technology infrastructure & services for the achievement of s clear leader objective. GROWTH Build reliable highly scalable infrastructure and agile IT architecture to support growth & rapid integration of acquired capacity PROCESS EXCELLENCE Facilitate process simplification and workflow automation Enable innovative use of customer self-service channels Reduce IT OPEX PERFORMANCE MANAGEMENT & PEOPLE Build robust enterprise performance management & reporting platform Empower employees with innovative solutions

Motivations/Drivers 2009-2010: Build reliable and Agile IT Service foundation :- Infrastructure & Processes (AGILITY) 2010-2012: Deploy new solutions to support Product & Service Innovation (INNOVATION) 2011-2013: Achieve global certification of IT Processes & Governance (EXCELLENCE) 1. 2. Improve IT Processes 4. Optimise infrastructure Build capacity & talents 3. Enable AGILE & INNOVATIVE enterprise 6. Optimise service delivery Improve communication with business 5. Optimise business applications

DEFINITIONS: ITIL, ISO 20000-7 -

DEFINITIONS: WHAT IS ITIL? ITIL (Information Technology Infrastructure Library) is the most widely adopted approach for IT Service Management in the world. It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business. Source: www.itil-officialsite.com

DEFINITIONS: ISO 20000 AND HOW IT DIFFERS FROM ITIL ISO 20000 is the international standard for IT service management. It describes an integrated set of management processes for the effective delivery of services to the business and its customers. Closely follows the ITIL framework. While individuals are ITIL certified, organizations are ISO20000 certified. ISO/ IEC 20000 PART 1 - SPECIFICATION Formal specification and defines the requirements for an organization to deliver managed services of an acceptable quality for its customers. PART 2 CODE OF PRACTICE Code of Practice and describes the best practices for Service Management processes within the scope of ISO/IEC 20000-1.

ISO/ IEC 20000 IMPLEMENTATION IN FIRST BANK Part 1 Specification Part 2 Code of Practice AUDITABLE SPECIFICATION: Target for achievement CODE OF PRACTICE: Explanatory guidance of the standard ITSM STANDARD ISO/ IEC 20000 ITIL, COBIT and other related guidelines First Bank Policies, Processes and Procedures Other best Practice guidance Implementation and improvement plans OTHER APPLICABLE STANDARDS REFERENCED ISO/IEC 20000 comprises of two parts: The first part is the auditable specification, which defines the requirements for certification (the shalls ) and the second part is the code of practice (the shoulds ), which contains recommendations and guidance for helping organizations achieve the first part. We also considered other guidelines and standards including industry/internal policies in our implementation of relevant IT Processes and Procedures.

ISO 20000 CERTIFICATION ROADMAP - 11 -

CERTIFICATION & MAINTAINING PREPARING & IMPLEMENTING READINESS ASSESSMENT ISO/IEC 20000 CERTIFICATION ROADMAP Conduct ISO 20000 Readiness Assessment Conduct PDCA cycle review of ISO 20000 processes and remediate gaps Conduct certification audit

ISO/ IEC 20000 Certification Roadmap - Readiness Assessment As part of the certification roadmap, a readiness Process Area Maturity Assessment Absent 0 Informal 1 Repeatable 2 Defined 3 Managed & Measurable 4 Optimized 5 assessment was conducted at the beginning of the project Capacity Management Service Continuity and Availability Service Level Management Key Findings; Service Reporting Insufficient documentation of Information Security Management business requirements for IT Budgeting and Accounting for IT Services Configuration Management Many IT Processes are manually operated Change Management Lack of dedicated personnel Incident Management assigned to ITSM processes Problem Management Reports are not generated Release Management periodically but on a needbasis Business Relationship Management Supplier Management 13

ISO/ IEC 20000 Certification Roadmap - Key Considerations for implementation Is this right for us? Are we eligible, is this a mandatory business need, will we get clear benefits? What work is involved? Planning, costs, time and resources required to achieve ISO/IEC 20000 accreditation. This includes the development work and the auditing process Where do we stand currently against the standards? How would we score and what are the current gaps that need to be filled? What benefits do we expect from ISO/IEC 20000? Industry standing, cost and quality benefits, benefits of going through a quality programme

ISO/ IEC 20000 Certification Roadmap - Project Scope, Objectives and Organization SCOPE To improve and certify First Bank Plc.'s IT Service Management framework (policies, processes and practices) based on compliance with the international best practice standard in ITSM: ISO/IEC 20000. Fifteen (15) services defined in IT s service catalogue were covered. OBJECTIVES Reduce risks in service delivery Increase productivity and profit margin Measure effectiveness of service delivery Improve quality of IT services ORGANIZATION A formal project organization was established. The Chief Risk Officer was the project sponsor. Digital Jewels Limited were engaged as consultants on the project. Project was executed in line with our in-house project management methodology.

ISO/ IEC 20000 Certification Roadmap -Action and Timeplan PERIOD (Months) ACTION 1 Initial Gap assessment, definition of scope, planning, review of current processes and procedures. Definition of IT services based on ISO 20000 Selection of service and process owners 2 Definition/ refinement and implementation of processes in line with ISO 20000 2 ISO / IEC 20000 Foundation and Lead Auditor training for all process owners and selected staff Ongoing awareness sessions for the entire IT Organization 3 Fine tuning of processes Commenced implementation of a new service management tool 3-4 Final review of processes before audit Mock Audit Preparation for Certification Audit 4 Certification Audit

ISO/ IEC 20000 Certification Roadmap - Communication Plan and Data Collection COMMUNICATION PLAN; During the project, regular internal staff communication took place, including periodic meetings and circulation of progress reports. Staff communication encompassed; Project start-up Progress Possible changes in processes and policies Roll Out Certification COLLECTING DATA ON THE MANAGEMENT SYSTEM Metrics for Incident Management Process was generated from the existing ITSM tool. This includes information on incidents logged, closed, outstanding and resolved within the period. Monthly service status report reports are collated across the fifteen defined IT services. The reports itemized how the thirteen ITSM processes impact on the quality of their services. Processes, policies and procedures were assessed Interviews were conducted with relevant staff of the IT organization

ISO/ IEC 20000 Certification Roadmap - SIP and Certification Audit SERVICE IMPROVEMENT PLAN A formal Service Improvement Plan was established to cover areas of improvement in operations, services, staff training and ITSM processes. Progress of the Service Improvement Plan is measured through trends analysis, customer satisfaction surveys to highlight the impact of service improvement successes and failures. CERTIFICATION AUDIT Certification Assessment was conducted by auditor from British Standards Institute from 18 th to 26 th of April 2013 to assess the Service Management System. There were no major non conformances found The Certificate was awarded on May 21 st, 2013

FIRST BANK ITSM AFTER ISO 20000-19 -

ITSM Processes after ISO 20000 Key improvements Effective documentation of business requirements for IT Services Process Area Maturity Assessment Capacity Management Absent 0 Informal 1 Repeatable 2 Defined 3 Managed & Measurable 4 Optimized 5 All IT processes are defined Service Continuity and Availability managed and measured Dedicated personnel have been assigned to ITSM processes as Process Service Level Management Service Reporting Information Security Management owners Budgeting and Accounting for IT Periodic reports are generated for continuous evaluation and improvement of the SMS Appointment of a dedicated Configuration Management Change Management Incident Management Problem Management IT Service Manager Release Management Implementation of Microsoft System Centre Suite Business Relationship Management Supplier Management 20

BENEFITS OF ISO 20000 CERTIFICATION - 21 -

ISO/ IEC 20000 and the Banking Services Industry - Benefits of Certification to an IT Service Provider IMPROVED IT SERVICE DELIVERY ISO/ IEC 20000 certification CAN ENHANCE CUSTOMER PERCEPTION IT SERVICE PROVIDER REDUCED IT BREAK DOWNS AND FASTER RESOLUTIONS HIGHER RETURN ON IT INVESTMENTS STAFF MOTIVATION

ISO/ IEC 20000 and the Banking Services Industry - Impact on Banks Continuous improvement of service quality, including stability and cooperation, resulting in more customer confidence in the banks. Focused services through alignment with the enterprise strategy Insight into IT performance that is confirmed by an independent source and may serve as a basis for marketing and selling services Improved understanding by all process participants for defining objectives, responsibilities and roles Compliance to emerging regulatory regime that may enforce IT standards

NEXT STEPS & WORK IN PROGRESS - 24 -

Next Steps and Work in-progress PRESERVING THE CERTIFICATE We plan to maintain the Certification by sustaining provision and continually improving services in line with the ISO 20000 standard. METRICS AND REVIEWS Monitoring processes have been embedded within IT Governance processes and other mechanisms such as audits of the SMS (internal and external) and management reviews. OPPORTUNITIES FOR IMPROVEMENT All identified opportunities for improvement will be exploited to achieve a better SMS Currently implementing a BSM system to automate ITSM processes PROCESS & SERVICE OWNERS Selected process and service owners have been assigned the task of monitoring and improving compliance to the standard

Conclusion / Wrap up We expect to leverage the ISO 20000 Certification process and subsequent automation of ITSM processes along with other IT Governance & Process improvements including CMMi, ISO 38500, etc. to deliver on the goal of attaining world-class IT Services in First Bank.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback