ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013
Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank ITSM Processes after ISO/ IEC 20000 Benefits of ISO/ IEC 20000 Certification Next Steps & Work-in-progress Conclusion/Wrap up
ABOUT FIRST BANK - 2 -
About FIRST BANK
MOTIVATIONS FOR ISO 20000-4 -
Motivations/Drivers IT VISION To create and operate best-in-class technology infrastructure & services for the achievement of s clear leader objective. GROWTH Build reliable highly scalable infrastructure and agile IT architecture to support growth & rapid integration of acquired capacity PROCESS EXCELLENCE Facilitate process simplification and workflow automation Enable innovative use of customer self-service channels Reduce IT OPEX PERFORMANCE MANAGEMENT & PEOPLE Build robust enterprise performance management & reporting platform Empower employees with innovative solutions
Motivations/Drivers 2009-2010: Build reliable and Agile IT Service foundation :- Infrastructure & Processes (AGILITY) 2010-2012: Deploy new solutions to support Product & Service Innovation (INNOVATION) 2011-2013: Achieve global certification of IT Processes & Governance (EXCELLENCE) 1. 2. Improve IT Processes 4. Optimise infrastructure Build capacity & talents 3. Enable AGILE & INNOVATIVE enterprise 6. Optimise service delivery Improve communication with business 5. Optimise business applications
DEFINITIONS: ITIL, ISO 20000-7 -
DEFINITIONS: WHAT IS ITIL? ITIL (Information Technology Infrastructure Library) is the most widely adopted approach for IT Service Management in the world. It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business. Source: www.itil-officialsite.com
DEFINITIONS: ISO 20000 AND HOW IT DIFFERS FROM ITIL ISO 20000 is the international standard for IT service management. It describes an integrated set of management processes for the effective delivery of services to the business and its customers. Closely follows the ITIL framework. While individuals are ITIL certified, organizations are ISO20000 certified. ISO/ IEC 20000 PART 1 - SPECIFICATION Formal specification and defines the requirements for an organization to deliver managed services of an acceptable quality for its customers. PART 2 CODE OF PRACTICE Code of Practice and describes the best practices for Service Management processes within the scope of ISO/IEC 20000-1.
ISO/ IEC 20000 IMPLEMENTATION IN FIRST BANK Part 1 Specification Part 2 Code of Practice AUDITABLE SPECIFICATION: Target for achievement CODE OF PRACTICE: Explanatory guidance of the standard ITSM STANDARD ISO/ IEC 20000 ITIL, COBIT and other related guidelines First Bank Policies, Processes and Procedures Other best Practice guidance Implementation and improvement plans OTHER APPLICABLE STANDARDS REFERENCED ISO/IEC 20000 comprises of two parts: The first part is the auditable specification, which defines the requirements for certification (the shalls ) and the second part is the code of practice (the shoulds ), which contains recommendations and guidance for helping organizations achieve the first part. We also considered other guidelines and standards including industry/internal policies in our implementation of relevant IT Processes and Procedures.
ISO 20000 CERTIFICATION ROADMAP - 11 -
CERTIFICATION & MAINTAINING PREPARING & IMPLEMENTING READINESS ASSESSMENT ISO/IEC 20000 CERTIFICATION ROADMAP Conduct ISO 20000 Readiness Assessment Conduct PDCA cycle review of ISO 20000 processes and remediate gaps Conduct certification audit
ISO/ IEC 20000 Certification Roadmap - Readiness Assessment As part of the certification roadmap, a readiness Process Area Maturity Assessment Absent 0 Informal 1 Repeatable 2 Defined 3 Managed & Measurable 4 Optimized 5 assessment was conducted at the beginning of the project Capacity Management Service Continuity and Availability Service Level Management Key Findings; Service Reporting Insufficient documentation of Information Security Management business requirements for IT Budgeting and Accounting for IT Services Configuration Management Many IT Processes are manually operated Change Management Lack of dedicated personnel Incident Management assigned to ITSM processes Problem Management Reports are not generated Release Management periodically but on a needbasis Business Relationship Management Supplier Management 13
ISO/ IEC 20000 Certification Roadmap - Key Considerations for implementation Is this right for us? Are we eligible, is this a mandatory business need, will we get clear benefits? What work is involved? Planning, costs, time and resources required to achieve ISO/IEC 20000 accreditation. This includes the development work and the auditing process Where do we stand currently against the standards? How would we score and what are the current gaps that need to be filled? What benefits do we expect from ISO/IEC 20000? Industry standing, cost and quality benefits, benefits of going through a quality programme
ISO/ IEC 20000 Certification Roadmap - Project Scope, Objectives and Organization SCOPE To improve and certify First Bank Plc.'s IT Service Management framework (policies, processes and practices) based on compliance with the international best practice standard in ITSM: ISO/IEC 20000. Fifteen (15) services defined in IT s service catalogue were covered. OBJECTIVES Reduce risks in service delivery Increase productivity and profit margin Measure effectiveness of service delivery Improve quality of IT services ORGANIZATION A formal project organization was established. The Chief Risk Officer was the project sponsor. Digital Jewels Limited were engaged as consultants on the project. Project was executed in line with our in-house project management methodology.
ISO/ IEC 20000 Certification Roadmap -Action and Timeplan PERIOD (Months) ACTION 1 Initial Gap assessment, definition of scope, planning, review of current processes and procedures. Definition of IT services based on ISO 20000 Selection of service and process owners 2 Definition/ refinement and implementation of processes in line with ISO 20000 2 ISO / IEC 20000 Foundation and Lead Auditor training for all process owners and selected staff Ongoing awareness sessions for the entire IT Organization 3 Fine tuning of processes Commenced implementation of a new service management tool 3-4 Final review of processes before audit Mock Audit Preparation for Certification Audit 4 Certification Audit
ISO/ IEC 20000 Certification Roadmap - Communication Plan and Data Collection COMMUNICATION PLAN; During the project, regular internal staff communication took place, including periodic meetings and circulation of progress reports. Staff communication encompassed; Project start-up Progress Possible changes in processes and policies Roll Out Certification COLLECTING DATA ON THE MANAGEMENT SYSTEM Metrics for Incident Management Process was generated from the existing ITSM tool. This includes information on incidents logged, closed, outstanding and resolved within the period. Monthly service status report reports are collated across the fifteen defined IT services. The reports itemized how the thirteen ITSM processes impact on the quality of their services. Processes, policies and procedures were assessed Interviews were conducted with relevant staff of the IT organization
ISO/ IEC 20000 Certification Roadmap - SIP and Certification Audit SERVICE IMPROVEMENT PLAN A formal Service Improvement Plan was established to cover areas of improvement in operations, services, staff training and ITSM processes. Progress of the Service Improvement Plan is measured through trends analysis, customer satisfaction surveys to highlight the impact of service improvement successes and failures. CERTIFICATION AUDIT Certification Assessment was conducted by auditor from British Standards Institute from 18 th to 26 th of April 2013 to assess the Service Management System. There were no major non conformances found The Certificate was awarded on May 21 st, 2013
FIRST BANK ITSM AFTER ISO 20000-19 -
ITSM Processes after ISO 20000 Key improvements Effective documentation of business requirements for IT Services Process Area Maturity Assessment Capacity Management Absent 0 Informal 1 Repeatable 2 Defined 3 Managed & Measurable 4 Optimized 5 All IT processes are defined Service Continuity and Availability managed and measured Dedicated personnel have been assigned to ITSM processes as Process Service Level Management Service Reporting Information Security Management owners Budgeting and Accounting for IT Periodic reports are generated for continuous evaluation and improvement of the SMS Appointment of a dedicated Configuration Management Change Management Incident Management Problem Management IT Service Manager Release Management Implementation of Microsoft System Centre Suite Business Relationship Management Supplier Management 20
BENEFITS OF ISO 20000 CERTIFICATION - 21 -
ISO/ IEC 20000 and the Banking Services Industry - Benefits of Certification to an IT Service Provider IMPROVED IT SERVICE DELIVERY ISO/ IEC 20000 certification CAN ENHANCE CUSTOMER PERCEPTION IT SERVICE PROVIDER REDUCED IT BREAK DOWNS AND FASTER RESOLUTIONS HIGHER RETURN ON IT INVESTMENTS STAFF MOTIVATION
ISO/ IEC 20000 and the Banking Services Industry - Impact on Banks Continuous improvement of service quality, including stability and cooperation, resulting in more customer confidence in the banks. Focused services through alignment with the enterprise strategy Insight into IT performance that is confirmed by an independent source and may serve as a basis for marketing and selling services Improved understanding by all process participants for defining objectives, responsibilities and roles Compliance to emerging regulatory regime that may enforce IT standards
NEXT STEPS & WORK IN PROGRESS - 24 -
Next Steps and Work in-progress PRESERVING THE CERTIFICATE We plan to maintain the Certification by sustaining provision and continually improving services in line with the ISO 20000 standard. METRICS AND REVIEWS Monitoring processes have been embedded within IT Governance processes and other mechanisms such as audits of the SMS (internal and external) and management reviews. OPPORTUNITIES FOR IMPROVEMENT All identified opportunities for improvement will be exploited to achieve a better SMS Currently implementing a BSM system to automate ITSM processes PROCESS & SERVICE OWNERS Selected process and service owners have been assigned the task of monitoring and improving compliance to the standard
Conclusion / Wrap up We expect to leverage the ISO 20000 Certification process and subsequent automation of ITSM processes along with other IT Governance & Process improvements including CMMi, ISO 38500, etc. to deliver on the goal of attaining world-class IT Services in First Bank.