iso/iec 20000 present and future - applicable to all it ... · what is iso/iec 20000 service 20000...

37
ISO/IEC 20000 present and future - applicable to all IT enabled services Lynda Cooper BCS SMSG July 2015 8/14/2015 1 Service 20000 Ltd 2015

Upload: ngodiep

Post on 10-Jun-2018

235 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO/IEC 20000 present and future - applicable to all IT enabled services

Lynda Cooper

BCS SMSG

July 2015

8/14/2015 1 Service 20000 Ltd 2015

Page 2: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Lynda Cooper • Project editor ISO/IEC 20000-1

• Chair of BSI committee

• UK representative to ISO committee

• Deputy chief examiner APMG for ISO20000

• Auditor for Exin for ISO20000, ISO27001, ITIL, Agile

• ISO27001 Lead Implementer

• UKAS assessor for ISO20000 and ISO27001 (assess the certification bodies)

• ITIL Master

• Independent consultant and trainer

• MBCS, CITP

8/14/2015 Service 20000 Ltd 2015 2

Page 3: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

What do these have in common?

Service 20000 Ltd 2015 8/14/2015 3

Page 4: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Agenda • Introduction

• ISO20000 overview

• ISO20000 in a changing service environment

• The revision of ISO20000

• Your suggestions for the future of ISO20000

• Make it interactive – please

8/14/2015 Service 20000 Ltd 2015 4

Page 5: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 pedigree • 1995 Book - Code of practice for ITSM

• 1998 Revised smaller edition book o awarded innovation of the year by ITSMF

• 2000 BS15000

• 2005 ISO/IEC 20000-1

• 2011 ISO/IEC 20000-1 • Other parts

o ISO/IEC 20000-2: 2012 : Guidance on the application of service management systems

o ISO/IEC 20000-3: 2012 : Guidance on scope definition and applicability of ISO/IEC 20000-1

o ISO/IEC 20000-5: 2013: Exemplar implementation plan for ISO/IEC 20000-1

o ISO/IEC 20000-9:2015: The application of ISO/IEC 20000-1 to cloud services

o Part 10 concepts and vocabulary o Part 11 – mapping to ITIL (not yet published)

o ISO/IEC 27013, ISO/IEC 90006 – Integration guidelines for 27001 and 9001

8/14/2015 Service 20000 Ltd 2015 5

Page 6: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Scope of ISO20000 • The management of Information, Communication

and Technology Enabled Services

• Examples o IT services

• Infrastructure management

• Application management

• Desktop support

• etc.

o Telecoms

o Media

o Cloud services

o Business process outsourcing

o …………………………….

8/14/2015 Service 20000 Ltd 2015 6

Page 7: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Non-IT Enabled Survey Who has an ISO20000

qualification?

Who works in an organisation with ISO20000 certification?

Who is sceptical about the value of ISO20000?

8/14/2015 Service 20000 Ltd 2015 7

Page 8: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 overview

8/14/2015 Service 20000 Ltd 2015 8

Page 9: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

What is ISO/IEC 20000

8/14/2015 Service 20000 Ltd 2015 9

• What it is: o A standard that includes the

design, transition, delivery and improvement of services that fulfil service requirements and provide value for both the customer and the service provider

o A management system standard (like ISO9001) that can be assessed for compliance

• What it is not: o A product or tool standard o A service standard o A maturity model

Customers

Service Provider Internal or External

Lead Supplier(s) or Supplier(s)

Sub-contracted Supplier(s)

Services

Page 10: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 Myths

8/14/2015 Service 20000 Ltd 2015 10

• Lots of documentation that is purely for the standard

• Only for large organisations

• Only for IT infrastructure

• Based on ITIL, must use ITIL

• Too slow and bureaucratic

Page 11: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Typical benefits • Supports the business to operate more effectively • Improved quality of service

• Increased business/customer confidence

• Controlled costs

• Improved reputation, consistency and interoperability

• Enables better understanding of business, roles and processes

• Staff morale boosted by working in a controlled environment

• Major milestone for a service provider: demonstrates professionalism and serious intent

• Competitive edge for selection of an external service provider • Provides method of review that assures continual

improvement

• Ability to develop integrated management system

• Turns the ‘shoulds’ into ‘shalls’ leading to fully integrated processes

8/14/2015 Service 20000 Ltd 2015 11

Page 12: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO/IEC 20000 processes

8/14/2015 Service 20000 Ltd 2015 12

The generic

management

system

processes

The SM

processes

Service management system (SMS) (4) Management responsibility Governance of processes operated by other parties Establish the SMS Resource management - Scope - PDCA Documentation management Resource management

Service delivery processes (6) Capacity management Service level management Service reporting Service continuity & availability management

Relationship processes (7)

Business relationship management

Supplier management

Resolution processes (8) Incident and service request management Problem management

Information security management

Budgeting & accounting for services

Design and transition of new or changed services (5)

Control processes (9) Configuration management

Change management Release and deployment

management

Page 13: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

PDCA methodology applied to SM

8/14/2015 Service 20000 Ltd 2015 13

Page 14: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Further information • BSI books

o A managers guide to service management

o Introduction to the ISO/IEC 20000 series

• APMG web site ISO20000 blogs

• http://blog.apmg–international.com/author/lynda–cooper/

• Many LinkedIn forums

• Qualifications o BCS ISO20000 Foundation

o APMG ISO20000 Foundation, Practitioner, Auditor

o Exin

o PeopleCert

8/14/2015 Service 20000 Ltd 2015 14

Page 15: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Questions • Can ISO 20000 help you create, deliver,

support and improve technology that enables your business?

• If ISO20000 is based largely on ITIL, then how can ISO20000 be relevant today when ITIL is largely out of date?

• Do you believe that you can use a standard to help drive change and simplify what, how, who, when and why technology for an organisation?

• How can ISO20000 help SIAM, Agile, ITSM and business governance?

8/14/2015 Service 20000 Ltd 2015 15

Page 16: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 and changing service environments

Is ISO20000 applicable for changing services environment

such as Cloud, 'as a service' models, SIAM, Devops,

LeanITSM, Agile and ITIL.

8/14/2015 Service 20000 Ltd 2015 16

Page 17: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 and other frameworks

• Principle: ISO/IEC 20000-1 should allow the use of any framework,

commercial or public, in order to

achieve certification.

• ISO standards are not allowed to

favour one framework

8/14/2015 Service 20000 Ltd 2015 17

Page 18: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 and ITIL

8/14/2015 Service 20000 Ltd 2015 18

• ITIL is the most

common

framework used

with ISO20000

• ITIL and ISO20000

have different

purposes so they will

never be the same Problem

CMDB

Incident

Page 19: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000, Cloud and ‘as a service’ models

• See ISO20000 part 9 – the application of ISO/IEC 20000-1 to cloud services

• A typical cloud services lifecycle is followed with reference to part 1 requirements

• The scope of part 9 states: o This part of ISO/IEC 20000 provides guidance on the use of ISO/IEC 20000-

1:2011 for service providers delivering cloud services. It is applicable to different categories of cloud service, such as those defined in ISO/IEC 17788/ITU-T Y.3500 and ISO/IEC 17789/ITU-T Y.3502, including, but not limited to, the following:

o a) infrastructure as a service (IaaS);

o b) platform as a service (PaaS);

o c) software as a service (SaaS).

o It is also applicable to public, private, community, and hybrid cloud deployment models.

o The applicability of ISO/IEC 20000-1 is independent of the type of technology or service model used to deliver the services. All requirements in ISO/IEC 20000-1 can be applicable to cloud service providers.

8/14/2015 Service 20000 Ltd 2015 19

Page 20: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 and Devops

8/14/2015 Service 20000 Ltd 2015 20

• Devops spans entire

delivery lifecycle

• Origins in Agile

• When preparing for

service delivery and

delivering, what in

ISO20000 is not

relevant?

Page 21: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 and Lean • Lean, 6-Sigma

o great ways to support continual improvement, a

key requirement of ISO20000

• The central concern of Lean is the

elimination of waste, where waste is work

that adds no value to a product or service.

• Just make sure that any proposed changes

to the SMS as a result of LEAN initiatives

retain conformity to ISO20000 requirements

8/14/2015 Service 20000 Ltd 2015 21

Page 22: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 and Agile • Agile – what a great way to

work for changes, and improvements during service delivery

• If Agile has been used for development and results in some early delivery of functionality, then a decision needs to be made if this becomes subject to ISO20000

o is there any reason not to?

8/14/2015 Service 20000 Ltd 2015 22

Page 23: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 and SIAM • Principle: The ISO/IEC 20000 series should be applicable to all

sizes (very small enterprises, medium and large) and types

(public, private, not for profit) of internal or external service

providers.

• Probably only very large organisations will use SIAM

• Many suppliers in SIAM models can achieve ISO20000

• The SIAM broker/lead may only operate a few processes e.g.

SLM, BRM, supplier management. They therefore are not

(currently) eligible for ISO20000

• A study group has been set up to look at the service

management and governance of services provided with

multiple suppliers. This will review the requirements for

additional standards.

8/14/2015 Service 20000 Ltd 2015 23

Page 24: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Not applicable? • Can you think of any service

models where ISO20000 is not

applicable?

8/14/2015 Service 20000 Ltd 2015 24

Page 25: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

The future of ISO20000

8/14/2015 Service 20000 Ltd 2015 25

Page 26: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Drivers for revision • All standards reviewed every 5 years – remove,

keep as is or revise

• All management system standards are moving to a new common high level structure with some common requirements – known as Annex SL

• Changes in services market mean that the standard needs to be updated

• Lessons learned, feedback on current standard

• Other standards that are frequently used with ISO20000 have been revised and changes need to be made to retain alignment (9001 and 27001 primarily)

8/14/2015 Service 20000 Ltd 2015 26

Page 27: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Principles of changes • Benefit for the service providers using the standard

and the customers of the services.

• Take into account the current market for the

standard and allow that market to grow and not be

likely to decline.

• Revision should not be a fundamental change of

direction for those working towards certification or

currently certified organizations. Transition should be

relatively simple and not deter current users of

ISO20000.

8/14/2015 Service 20000 Ltd 2015 27

Page 28: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Expected timeline 2018 Part 1

(Requirements)

Part 10 (Concepts and

vocab)

Max. 6 months later

Part 2 (Guidance)

Part 3 (Scope and

applicability)

Max. 12 months later

Part 5 (Implementation

planning

Part 6 (requirements

for certification)

18 – 24 months later

Other parts

8/14/2015 Service 20000 Ltd 2015 28

Page 29: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

New Annex SL structure related to PDCA

PLAN

4. Context of organization

5. Leadership

6. Planning

7. Support

DO

8. Operation CHECK

9. Performance evaluation

ACT

10. Improvement

Page 30: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Specific requirements from ISO/IEC 20000-1:2011

• 4 – SMS general requirements o requirements of current clause 4 are superceded by or

will be added into standard structure clauses 4 - 10

• 5 – Design and transition

• 6 – Service delivery

• 7 - Relationship

• 8 - Resolution

• 9 - Control

Will be added into standard structure clause 8 - Operation

Page 31: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Changes in Annex SL to current clause 4

• Organisational context

• Risk based approach – more requirements than

currently in ISO20000-1

• Objectives – not only at top level but also at

relevant functions/levels

• More requirements for monitoring, measurement,

analysis and evaluation

8/14/2015 Service 20000 Ltd 2015 31

Page 32: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Terms and definitions • New Annex SL terms

• Some existing terms deleted due to Annex SL same

or similar terms

• Many existing terms have suggestions for

improvement

• Some suggested additions e.g. user

8/14/2015 Service 20000 Ltd 2015 32

Page 33: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Other likely changes • Principle: What, not how

o E.g. budgeting and accounting to be less prescriptive still

requiring control but within the normal financial processes of the

organisation

o E.g. Remove some prescriptive requirements e.g. list of contents

of contracts, to allow for standard contracts with large service

providers and cloud providers

• Principle: Maximum 20 pages of requirements o Avoid duplication

o Combine common items together

• Principle: Minimise customisation of Annex SL text

8/14/2015 Service 20000 Ltd 2015 33

Page 34: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Other likely changes • Simplify DTNCS/clause 5 and relationship with

change management

• More emphasis on delivering business value to the

customer

• Interfaces with governance

8/14/2015 Service 20000 Ltd 2015 34

Page 35: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Integration with 9001 and 27001

• Common structure and some common

requirements

• Alignment with 27001 for information security

process

• But ensure that 20000-1 is not implying that there

needs to be an ISMS within the SMS. This will simplify

the information security requirements in 20000-1

• Review the revised 9001 edition and review for any

changes needed in 20000-1

8/14/2015 Service 20000 Ltd 2015 35

Page 36: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

Suggested further structural changes

• Separate joint processes o Service continuity and availability

o Incident and service request

• Combine o Change and release

• Add processes (or requirements in other

clauses/processes) o Portfolio management

o Knowledge management (some requirements now added to 9001)

o Asset management

o Requirements management

• Delete o Budgeting and accounting

8/14/2015 Service 20000 Ltd 2015 36

Page 37: ISO/IEC 20000 present and future - applicable to all IT ... · What is ISO/IEC 20000 Service 20000 Ltd 2015 8/14/2015 9 • What it is: o A standard that includes the design, transition,

ISO20000 future – what are your suggestions?

Lynda Cooper

[email protected]

8/14/2015 Service 20000 Ltd 2015 37