itSMF Finland Conference 2015 · itSMF Finland Conference 2015 ... Problem management. Business...
Transcript of itSMF Finland Conference 2015 · itSMF Finland Conference 2015 ... Problem management. Business...
itSMF Finland Conference 2015It Feels Good!
Name of the presenter: Suresh GPTitle of the presentation: Challenges, Pitfalls and Lessons learnt from yourISO20000 Journey
Pitfalls, Challenges and Lessons Learnt in your ISO/IEC 20000 JourneySuresh GP, ITIL V3 Expert,PMP, CGEITManaging Director, TaUB Solutions
5
ISO20000-2: 2011Part2:Code of Practice
ISO 20000-1: 2011Part 1: Specification
• Provides guidance and recommendations on how to meet requirements in Part 1
• Best Practice, uses theword “should”• Guidance to Auditor
• Defines requirement for a service provider to deliver managed services of an acceptable quality
• Minimum requirements• Auditable standard, uses theword “shall”
What is ISO/IEC 20000?Parts 1 and 2
ISO 20000
Part I
Objective to Achieve
Process Definition
Deploy Solution
Code of Practice
Management Overview
Internal Processes and Procedures
ITIL
ISO 20000
Part II
Self Assessment
Inter Relationships
8
What is ISO/IEC 20000?Planning and implementing service management (4)
Business results
Customersatisfaction
New or changedservice
Other processese.g. businesssupplier, customerTeam and peoplesatisfaction
PLAN
ACTDO
CHECK
Management responsibility
Manage servicesBusiness requirementsCustomer requirementsRequest for new/Changed serviceOther processese.g. businesssupplier, customerService DeskOther teams e.g. SecurityIT Operations
10
• Any organization can claim to meet the standard• Independent certification can:
• Provide independent verification that the standard has been met
• Allow use of recognized logo• Provide an incentive to meet all of the standards• Ensure that the same criteria has been applied to all certified
organizations
The itSMF Certification SchemeWhy is a scheme needed
11
• Must include all processes• Can’t be certified if one or more processes out of scope
• Must have management control of all processes• Outsourcing is OK, if you own the inputs, outputs, metrics
and accountability – including service improvement• Must have control of all suppliers and sub-suppliers• Certification will be issued to single legal entity
• No need to control infrastructure, Service Desk etc.• But need to know how these effects processes in scope
The itSMF Certification SchemeEligibility requirements
12
• Must be an entire “management system”
• Does not need to include all customers, or all services, or all sites, or all datacenters etc.
• Boundaries must make business sense and be justified• Must be able to provide evidence that you control all
the processes for the entire scope• Must be clear about who is responsible for what• The scope will appear on the certificate
The itSMF Certification SchemeScope
13
• Adopt a Registered Certification Body (RCB)• Confirm the scope of the audit• Carry out initial assessments to determine readiness• Develop an overall plan and get commitment• Carry out detailed reviews and assessments• Create and manage a Service Improvement Plan, SIP (Plan, Do, Check,
Act)• Implement improvements• Book a formal audit with the RCB.
The itSMF Certification SchemeCertification Process
14
• Agreement on terms of reference and scope• Agreement on dates, time-scales, locations, etc• Possible off-site assessment of process documentation• On-site audit of staff and process compliance• Presentation of the audit findings• Certification
The itSMF Certification Scheme..certification process (main steps with RCB)
15
Post Certification Process•Certification is valid for three years
•Periodic surveillance audits are required
•Internal audits are mandatory
•Full re-audit will be carried out on the third anniversary of Certification being awarded
16
How do we sustain the Certification?To be compliant with the standard:
• Have a process for managing improvements on an ongoing basis
• Audit program should be planned
To keep realizing the benefits of certification
• We must carry out periodic audits and continuously improve
17
Registered Certification Bodies (RCBs)• RCBs are assessed and approved by the certification scheme owner
• RCB applications are accepted only from certification bodies accredited by their relevant national accreditation body
• RCBs must be independent from any consultancy services
• Their auditors must be specifically trained in IT Service Management• Examples of RCBs :
Bureau of Indian standards, BIS (India)British Standards Institution, BSI (United Kingdom)American National Standards Institute, ANSI (USA)
"Here is Edward Bear, coming downstairs now, bump, bump, bump, on the back of his head, behind Christopher Robin. It is, as far as he knows, the only way of coming downstairs, but sometimes he feels that there really is another way, if only he could stop bumping for a moment and think of it."— A.A. Milne (Winnie the Pooh and the House At Pooh Corner)
ISO/IEC 20000ISO/IEC 20000
Service Management System (SMS)
4. Service Management System (SMS)Management responsibility
Governance of processes operated by other partiesDocumentation management
Resource management
Establish the SMSPlan the SMS (Plan)Implement and operate the SMS (Do)Monitor and review the SMS (Check)Maintain and improve the SMS (Act)
5. Design and Transition of new or changed services6. Service Delivery Processes
Capacity managementService continuity & availability management
Service level managementService reporting
Information security management
Budgeting & Accounting for services9. Control Processes
Configuration managementChange managementRelease and deployment mgmt 7. Relationship Processes8. Resolution Processes
Incident and service request Management
Problem management
Business relationship management
Supplier management
23
GD ITO-GCI Scope StructureOutsourcing Services
Services PortfolioRemote
Management Center
(RMC)
InfrastructureManagement
Services (IMS)
End User Workplace
Management(EUWM)
ITO-GCI Delivery Infrastructure
HP - IT ITO-GCI Support Functions
Bangalore EC 1 Bangalore Y1 Chennai CenterITO-GCI Certification Centers:
24
ISO20000 Road Map – ITO GCI
April•Project Charter•Core team preparation•Identify high level milestones•Identify key stakeholders
Plan
June July Aug Sep Oct’07 Nov.May
May•Gap analysis•Finalize gap analysis report•Scoping review•Detailed roles and responsibilities•Improvement plan
Jun•Implement / close gaps•Training
Jul
•Implement the revised Quality Management System
AugPre assessment from the Registrar
Sept•Host the Certification Audit
•Site certification
OctDocument reusable methodology
Apr’07
Do Check Act
Typical Implementation tasks •Project Kick off & Initiation •Project Planning•Raise awareness and Conduct Training•Assess Capability and Conduct Gap Analysis •Build a Service Improvement Plan•Implement Improvements on closing gaps
•Internal Audit – Dry run Conducted by internal auditors
•Pre- Audit by External Auditor
•Work on audit findings and close gaps
•Host Certification Audit
•Certification Audit – Conducted by External auditors
Scoping Best Practice
LowMediumHigh
Risk
Not Assessed
IT GovernanceBusiness Relationship Mgmt Workforce & Organisation
Service Management System
Service Planning
Technology
Physical Environment
Server & Storage
System Software
Application & Database
Network
Client & Printer
Service Support
Service Desk & Incident Management
Problem Management
Ops Bridge & Monitoring
Configuration Management
Change ManagementRelease Management & Testing
Service Level MgmtFinancialManagement
Availability ManagementSecurity Management
Capacity Management
Service Continuity Management
Service Delivery
Supplier ManagementBusiness Continuity Management
Client Risk Summary ‘Day 1’
LowMediumHigh
Risk
Not Assessed
IT GovernanceBusiness Relationship Mgmt Workforce & Organisation
Service Management
System
Service Planning
Technology
Physical Environment
Server & Storage
System Software
Application & Database
Network
Client & Printer
Service Support
Service Desk & Incident Management
Problem Management
Ops Bridge & Monitoring
Configuration Management
Change ManagementRelease Management & Testing
Service Level MgmtFinancialManagement
Availability ManagementSecurity Management
Capacity Management
Service Continuity Management
Service Delivery
Supplier ManagementBusiness Continuity Management
based in general understanding of further work required – not base on Audit – for illustration only
Hospital & Healthcare Industry
SCM
•What are the service offered by the hospital?•Do they have Trauma Care?•What are the specialized doctors, frequency of visit and timings
ITSCM
•What are the preventive measures for power, equipment, virus outbreak•How are the equipment instruments and facilities handled during emergency/disaster•How flexible is the hospital to accommodate sudden surge in emergency beds
AVM
•Are the critical services available 24*7?•Are there duty doctors, nurses and medicines available on demand•Do we have all the medications, pills, oxygen support available anywhere, anytime
Facilities Department
InM• How does one log an issue when some equipment like Phone, PC or conference speakers not
working?• What is the process steps of logging an issue until resolution and timelines
CHM• How is the DG set movement happen from one location to another• How are assets in facilities repaired and kept up-to-date in usable condition (AC, DG, Heaters, Gas
Cylinders and other materials)
ITSCM• What is the back up for power/AC/Generator and Food Supplies? How quickly can they resume
operations • What are the critical services and redundancy available during Threat, Flood, Earthquakes?
CERN – Large Hardron ColliderApplied Service Management practices to waste, fire brigade, people, transport1. Started with BSC2. IT had to change from Functional view to Customer view3. Implement for Facilities management
How to facilitate movement beyond IT?Prospect Drivers Nurture
Industry Benchmark
Value of Proposition
Common PitfallsExisting processes and procedures do not align.Some processes do not exist, others are not being used
4.3 (monitoring, measuring and reviewing)The audit criteria, scope, frequency and methods must be defined in a procedure
Staff members still need to perform “day-job” responsibilitiesunderstand the importance of making the management system a way of life on the jobnot just an extra task.
Staff members are reluctant to admit their level of understanding of the requirementsNot everything is recorded or measured, especially performance of identified improvements
Conform with the service management plan and to the requirements of this standard;Are effectively implemented and maintained
Lessons Learnt It is not about Process but more focused about Management
SystemApply the process in context of the Organization Internal Audits done by members within organization (Of
course other Dept) Invest on Reasonable Service Management Tool ( Fit for
Purpose)
Lessons Learnt Be Realistic about timelines ( 6 months – 1 Year) ISO 20000 is a Journey and not a destination Focus on Internalization and Drive within Training and Awareness is crucial and has to cascade
throughout the organization
Best Practices of Implementing ISO 200001. Understand the Overall Objective and Intent of your Certification2. ISO 20000 is a Journey and not a destination3. Familiarize and mature your operational Process4. Follow a Phased Manner with Management of Organizational Change5. Get your ISO 20000:2011 Part 2 to obtain necessary guidance6. Management Responsibility, Document Management and Resource Management are crit7. Be stringent in your Internal Audits8. Training and Communication of all Stakeholders9. Collaboration and Reusable Templates.10. Improve overall Service Delivery to End Customers.
Coordinates
Email : [email protected]: @sureshgpLinkedIn: https://www.linkedin.com/in/sureshgp