itSMF Finland Conference 2015It Feels Good!

Name of the presenter: Suresh GPTitle of the presentation: Challenges, Pitfalls and Lessons learnt from yourISO20000 Journey

Pitfalls, Challenges and Lessons Learnt in your ISO/IEC 20000 JourneySuresh GP, ITIL V3 Expert,PMP, CGEITManaging Director, TaUB Solutions

3

Why are we here today?

4

What is ISO/IEC 20000?

5

ISO20000-2: 2011Part2:Code of Practice

ISO 20000-1: 2011Part 1: Specification

• Provides guidance and recommendations on how to meet requirements in Part 1

• Best Practice, uses theword “should”• Guidance to Auditor

• Defines requirement for a service provider to deliver managed services of an acceptable quality

• Minimum requirements• Auditable standard, uses theword “shall”

What is ISO/IEC 20000?Parts 1 and 2

ITSM Standards and Best Practice Framework

ISO 20000

Part I

Objective to Achieve

Process Definition

Deploy Solution

Code of Practice

Management Overview

Internal Processes and Procedures

ITIL

ISO 20000

Part II

Self Assessment

Inter Relationships

8

What is ISO/IEC 20000?Planning and implementing service management (4)

Business results

Customersatisfaction

New or changedservice

Other processese.g. businesssupplier, customerTeam and peoplesatisfaction

PLAN

ACTDO

CHECK

Management responsibility

Manage servicesBusiness requirementsCustomer requirementsRequest for new/Changed serviceOther processese.g. businesssupplier, customerService DeskOther teams e.g. SecurityIT Operations

9

Certification Scheme

10

• Any organization can claim to meet the standard• Independent certification can:

• Provide independent verification that the standard has been met

• Allow use of recognized logo• Provide an incentive to meet all of the standards• Ensure that the same criteria has been applied to all certified

organizations

The itSMF Certification SchemeWhy is a scheme needed

11

• Must include all processes• Can’t be certified if one or more processes out of scope

• Must have management control of all processes• Outsourcing is OK, if you own the inputs, outputs, metrics

and accountability – including service improvement• Must have control of all suppliers and sub-suppliers• Certification will be issued to single legal entity

• No need to control infrastructure, Service Desk etc.• But need to know how these effects processes in scope

The itSMF Certification SchemeEligibility requirements

12

• Must be an entire “management system”

• Does not need to include all customers, or all services, or all sites, or all datacenters etc.

• Boundaries must make business sense and be justified• Must be able to provide evidence that you control all

the processes for the entire scope• Must be clear about who is responsible for what• The scope will appear on the certificate

The itSMF Certification SchemeScope

13

• Adopt a Registered Certification Body (RCB)• Confirm the scope of the audit• Carry out initial assessments to determine readiness• Develop an overall plan and get commitment• Carry out detailed reviews and assessments• Create and manage a Service Improvement Plan, SIP (Plan, Do, Check,

Act)• Implement improvements• Book a formal audit with the RCB.

The itSMF Certification SchemeCertification Process

14

• Agreement on terms of reference and scope• Agreement on dates, time-scales, locations, etc• Possible off-site assessment of process documentation• On-site audit of staff and process compliance• Presentation of the audit findings• Certification

The itSMF Certification Scheme..certification process (main steps with RCB)

15

Post Certification Process•Certification is valid for three years

•Periodic surveillance audits are required

•Internal audits are mandatory

•Full re-audit will be carried out on the third anniversary of Certification being awarded

16

How do we sustain the Certification?To be compliant with the standard:

• Have a process for managing improvements on an ongoing basis

• Audit program should be planned

To keep realizing the benefits of certification

• We must carry out periodic audits and continuously improve

17

Registered Certification Bodies (RCBs)• RCBs are assessed and approved by the certification scheme owner

• RCB applications are accepted only from certification bodies accredited by their relevant national accreditation body

• RCBs must be independent from any consultancy services

• Their auditors must be specifically trained in IT Service Management• Examples of RCBs :

Bureau of Indian standards, BIS (India)British Standards Institution, BSI (United Kingdom)American National Standards Institute, ANSI (USA)

18

Implementation

Case Study 1

"Here is Edward Bear, coming downstairs now, bump, bump, bump, on the back of his head, behind Christopher Robin. It is, as far as he knows, the only way of coming downstairs, but sometimes he feels that there really is another way, if only he could stop bumping for a moment and think of it."— A.A. Milne (Winnie the Pooh and the House At Pooh Corner)

ISO/IEC 20000ISO/IEC 20000

Service Management System (SMS)

4. Service Management System (SMS)Management responsibility

Governance of processes operated by other partiesDocumentation management

Resource management

Establish the SMSPlan the SMS (Plan)Implement and operate the SMS (Do)Monitor and review the SMS (Check)Maintain and improve the SMS (Act)

5. Design and Transition of new or changed services6. Service Delivery Processes

Capacity managementService continuity & availability management

Service level managementService reporting

Information security management

Budgeting & Accounting for services9. Control Processes

Configuration managementChange managementRelease and deployment mgmt 7. Relationship Processes8. Resolution Processes

Incident and service request Management

Problem management

Business relationship management

Supplier management

22

ISO/IEC 20000Certification Program in ITO-GCI

23

GD ITO-GCI Scope StructureOutsourcing Services

Services PortfolioRemote

Management Center

(RMC)

InfrastructureManagement

Services (IMS)

End User Workplace

Management(EUWM)

ITO-GCI Delivery Infrastructure

HP - IT ITO-GCI Support Functions

Bangalore EC 1 Bangalore Y1 Chennai CenterITO-GCI Certification Centers:

24

ISO20000 Road Map – ITO GCI

April•Project Charter•Core team preparation•Identify high level milestones•Identify key stakeholders

Plan

June July Aug Sep Oct’07 Nov.May

May•Gap analysis•Finalize gap analysis report•Scoping review•Detailed roles and responsibilities•Improvement plan

Jun•Implement / close gaps•Training

Jul

•Implement the revised Quality Management System

AugPre assessment from the Registrar

Sept•Host the Certification Audit

•Site certification

OctDocument reusable methodology

Apr’07

Do Check Act

Typical Implementation tasks •Project Kick off & Initiation •Project Planning•Raise awareness and Conduct Training•Assess Capability and Conduct Gap Analysis •Build a Service Improvement Plan•Implement Improvements on closing gaps

•Internal Audit – Dry run Conducted by internal auditors

•Pre- Audit by External Auditor

•Work on audit findings and close gaps

•Host Certification Audit

•Certification Audit – Conducted by External auditors

Assessment and Gap Analysis

Scoping Best Practice

LowMediumHigh

Risk

Not Assessed

IT GovernanceBusiness Relationship Mgmt Workforce & Organisation

Service Management System

Service Planning

Technology

Physical Environment

Server & Storage

System Software

Application & Database

Network

Client & Printer

Service Support

Service Desk & Incident Management

Problem Management

Ops Bridge & Monitoring

Configuration Management

Change ManagementRelease Management & Testing

Service Level MgmtFinancialManagement

Availability ManagementSecurity Management

Capacity Management

Service Continuity Management

Service Delivery

Supplier ManagementBusiness Continuity Management

Client Risk Summary ‘Day 1’

LowMediumHigh

Risk

Not Assessed

IT GovernanceBusiness Relationship Mgmt Workforce & Organisation

Service Management

System

Service Planning

Technology

Physical Environment

Server & Storage

System Software

Application & Database

Network

Client & Printer

Service Support

Service Desk & Incident Management

Problem Management

Ops Bridge & Monitoring

Configuration Management

Change ManagementRelease Management & Testing

Service Level MgmtFinancialManagement

Availability ManagementSecurity Management

Capacity Management

Service Continuity Management

Service Delivery

Supplier ManagementBusiness Continuity Management

based in general understanding of further work required – not base on Audit – for illustration only

Hospital & Healthcare Industry

SCM

•What are the service offered by the hospital?•Do they have Trauma Care?•What are the specialized doctors, frequency of visit and timings

ITSCM

•What are the preventive measures for power, equipment, virus outbreak•How are the equipment instruments and facilities handled during emergency/disaster•How flexible is the hospital to accommodate sudden surge in emergency beds

AVM

•Are the critical services available 24*7?•Are there duty doctors, nurses and medicines available on demand•Do we have all the medications, pills, oxygen support available anywhere, anytime

Facilities Department

InM• How does one log an issue when some equipment like Phone, PC or conference speakers not

working?• What is the process steps of logging an issue until resolution and timelines

CHM• How is the DG set movement happen from one location to another• How are assets in facilities repaired and kept up-to-date in usable condition (AC, DG, Heaters, Gas

Cylinders and other materials)

ITSCM• What is the back up for power/AC/Generator and Food Supplies? How quickly can they resume

operations • What are the critical services and redundancy available during Threat, Flood, Earthquakes?

CERN – Large Hardron ColliderApplied Service Management practices to waste, fire brigade, people, transport1. Started with BSC2. IT had to change from Functional view to Customer view3. Implement for Facilities management

ITSM runs CERN facilities helpdesk

How to facilitate movement beyond IT?Prospect Drivers Nurture

Industry Benchmark

Value of Proposition

Running a Marathon

Credit – www.sportsrediscovered.com

About your ISO 20000 journey

Tools & Resources

Credit: www. Allerdice.com

Internalization and CommCommunication

Credit – www.scoop.it

Common PitfallsExisting processes and procedures do not align.Some processes do not exist, others are not being used

4.3 (monitoring, measuring and reviewing)The audit criteria, scope, frequency and methods must be defined in a procedure

Staff members still need to perform “day-job” responsibilitiesunderstand the importance of making the management system a way of life on the jobnot just an extra task.

Staff members are reluctant to admit their level of understanding of the requirementsNot everything is recorded or measured, especially performance of identified improvements

Conform with the service management plan and to the requirements of this standard;Are effectively implemented and maintained

Lessons Learnt It is not about Process but more focused about Management

SystemApply the process in context of the Organization Internal Audits done by members within organization (Of

course other Dept) Invest on Reasonable Service Management Tool ( Fit for

Purpose)

Lessons Learnt Be Realistic about timelines ( 6 months – 1 Year) ISO 20000 is a Journey and not a destination Focus on Internalization and Drive within Training and Awareness is crucial and has to cascade

throughout the organization

Best Practices of Implementing ISO 200001. Understand the Overall Objective and Intent of your Certification2. ISO 20000 is a Journey and not a destination3. Familiarize and mature your operational Process4. Follow a Phased Manner with Management of Organizational Change5. Get your ISO 20000:2011 Part 2 to obtain necessary guidance6. Management Responsibility, Document Management and Resource Management are crit7. Be stringent in your Internal Audits8. Training and Communication of all Stakeholders9. Collaboration and Reusable Templates.10. Improve overall Service Delivery to End Customers.

Coordinates

Email : gps@taubsolutions.comTwitter: @sureshgpLinkedIn: https://www.linkedin.com/in/sureshgp

43

Thank you!