Implementing Service Quality based on ISO/IEC 20000

Implementing Service Quality based on ISO/IEC 20000: A Management Guide

MICHAEL KUNAS
Copyright Date: 2012
Edition: 3
Published by: IT Governance Publishing
Pages: 109
https://www.jstor.org/stable/j.ctt5hh7xq
  • Cite this Item
  • Book Info
    Implementing Service Quality based on ISO/IEC 20000
    Book Description:

    ISO/IEC 20000 is an important international standard for IT service providers. Implementation and certification will improve your business processes and practices and will reassure your customers that your company is efficient, reliable and trustworthy. Customers will return because they know from experience that your service is second to none. This newly revised, up-to-date, step-by-step management guide will benefit all who have a role in the implementation and certification process. Written for companies of any size, anywhere, it gives a clear and detailed breakdown of the 2011 edition of the Standard and examines its relationship with other related standards, ITIL®, COBIT®, Six Sigma®, CMMI® and ISO/IEC 27000. It offers a considerable amount of practical advice and recommendations on how to prepare for audit and implementation, making your journey to certification as smooth as possible!

    eISBN: 978-1-84928-443-1
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
  2. FOREWORD
    (pp. 5-5)

    2011-12 will be an important time for IT service management, and especially for ISO/IEC 20000, for various reasons. First of all, the new versions of ISO/IEC 20000-1:2011 and ISO/IEC 20000-2: 2012 are available.

    Secondly, we have an increase of RFPs from the US government, which makes ISO/IEC 20000 an obligation for government tenders.

    Recently, the US Air Force required an ISO/IEC 20000 certificate from sourcing providers for their Enterprise Integration and Services Management (EISM) system.

    The RFP required:

    ‘The prime contractor shall provide proof of certification (copy of certificate) of ISO/IEC 20000. This certification must be held at the prime...

  3. PREFACE
    (pp. 6-6)
  4. ABOUT THE AUTHOR
    (pp. 7-7)
  5. ACKNOWLEDGEMENTS
    (pp. 8-8)
  6. Table of Contents
    (pp. 9-11)
  7. INTRODUCTION
    (pp. 12-12)

    This management guide provides an overview of the requirements of the implementation of a service management system that conforms to the requirements of ISO/IEC 20000-12011.

    Implementing Service Quality based on ISO/IEC 20000is aimed at CIOs, project managers, ISO/IEC 20000 consultants, auditors and implementers in IT consulting, IT service, and other companies which offer IT services and want to implement the Standard to show to their clients that they offer the highest standard of quality in their services.

    This book is intended as a management guide on ISO/IEC 20000, so it has little information about the background and history of...

  8. CHAPTER 1: INTRODUCTION TO ISO/IEC 20000
    (pp. 13-15)

    The ISO/IEC 20000 Service Management Standard, first published by the organisations, ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) on 14 December 2005 and revised on 15 April 2011, is the internationally recognised standard in IT service management. The ISO/IEC 20000 series is based on the BS 15000 series developed by the British Standards Institution (BSI).

    The goal of ISO/IEC 20000 is to establish a common reference standard for all companies which provide IT services for internal or external customers. Another goal is to promote a common terminology. Thus, the Standard has a significant contribution in the communication...

  9. CHAPTER 2: SERVICE QUALITY AND ISO/IEC 20000
    (pp. 16-17)

    According to the American Society for Quality (ASQ), it is defined as follows: ‘A subjective term for which each person or sector has its own definition. In technical usage, quality can have two meanings:

    1. The characteristics of a product or service that bear on its ability to satisfy stated or implied needs.

    2. A product or service free of deficiencies.’

    The Standard ISO9000 defines quality in the following way: ‘Degree to which a set of inherent characteristics fulfils requirements’. (Note: The term ‘quality’ can be used with adjectives, such as poor, good or excellent. ‘Inherent’, as opposed to ‘assigned’,...

  10. CHAPTER 3: THE ISO/IEC 20000 FAMILY AND EMERGING RELATED STANDARDS
    (pp. 18-27)

    The Standard is organised in the following five parts:

    1. Part 1: ISO/IEC 20000-1:2011 – Service Management System Requirements

    2. Part 2: ISO/IEC 20000-2:2012 – Guidance on the Application of Service Management Systems

    3. Part 3: ISO/IEC20000-3:2012 – Guidance on Scope Definition and Applicability of ISO/IEC 20000-1

    4. Part 4: ISO/IEC TR 20000-4:2010 – Process Reference Model

    5. Part 5: ISO/IEC TR 20000-5:2010 – Exemplar Implementation Plan for ISO/IEC 20000-1.

    All five parts can be found on the IT Governance website,www.itgovernance.co.uk/catalog/47.

    In the meantime, several other parts are currently under development within the ISO/IEC 20000 series, as well as other standards relating to the...

  11. CHAPTER 4: FRAMEWORKS AND MANAGEMENT SYSTEM INTEGRATION
    (pp. 28-36)

    ISO/IEC 20000 is designed to harmonise with management systems based on the Deming Cycle, like ISO9001, ISO14001 and ISO27001. This makes it possible to develop a completely integrated management system that can achieve certification to ISO/IEC 20000, ISO9001, ISO14001 and ISO27001.

    ISO9000 refers to a set of standards of quality and continuous quality management, established by the International Organization for Standardization (ISO). They can be applied to any organisation or activity producing goods or services.

    The rules include both the minimum contents and the specific guidelines and implementation tools, such as audit methods. ISO9000 specifies how an organisation operates, its...

  12. CHAPTER 5: REQUIREMENTS FOR A SERVICE MANAGEMENT SYSTEM
    (pp. 37-48)

    In order to successfully realise service quality, the first process group of the ISO/IEC 20000 Standard defines the principles of a successful implementation of the service management system. This service management system allows us to manage and implement our IT services effectively.

    The Standard is asking for a service management system which satisfies the following:

    Management responsibility

    Governance of processes operated by other parties

    Documentation management (policies and plans, service documentation, procedures, process and process control records)

    Resource management.

    How can we build such a service management system that covers the above requirements? In which documents/process descriptions do we have...

  13. CHAPTER 6: SCOPE DEFINITION
    (pp. 49-51)

    When seeking certification, a service provider has to decide on the scope of the service to be audited, and agree this with the ISO/IEC 20000 auditor, in advance of the audit. For certification audits, an RCB (Registered Certification Body) is responsible for validating the scope, as a prerequisite to the certification process.

    The scoping requirement for a service management system (SMS) is contained in clause 4.5.1 of the ISO/IEC 20000-1:2011 specification. Detailed information and guidance on creating the scope statement can be found in ISO/IEC 20000-3 (Guidance on Scope Definition and Applicability of ISO/IEC 20000-1).

    An organisation can seek certification...

  14. CHAPTER 7: GAP ANALYSIS
    (pp. 52-53)

    As with all large projects that are carried out in a company, we have to first show the objectives of the project (the ‘What’). On the other hand, the advantages and benefits for the enterprise (the ‘Why’) need to be presented to the top management, before starting the ISO/IEC 20000 project.

    ISO/IEC 20000 should not be seen as an end in itself. Left like this, the IT staff would be only stressed out, without creating any value for them. The ISO/IEC 20000 certification has to be seen rather as the result of a larger IT service management programme. This overall...

  15. CHAPTER 8: PLANNING AND IMPLEMENTING SERVICE MANAGEMENT
    (pp. 54-58)

    During planning and implementation of the service management requirements, processes and defined responsibilities have to be taken into account. A service management system (SMS) is the basis for this. The development of a SMS is a demanding task and requires an understanding of the purpose, policies and objectives, and the processes involved. This relationship is understood as planning and implementation of service management. For a successful implementation of the service management system, the Standard makes reference to the established Deming Cycle: Plan, Do, Check, Act.

    The Deming Cycle is not only to apply as the overall service management system, but...

  16. CHAPTER 9: DESIGN AND TRANSITION OF NEW OR CHANGED SERVICES
    (pp. 59-61)

    ISO/IEC 20000 has a separate process for planning and implementation of new, or changed, services. The objective here is the guarantee, to provide new and changed services for an agreed price and at the desired quality of service.

    For new and modified services the following procedures apply:

    All new or changed services are implemented according to the PDCA cycle.

    The impact on costs and profitability has to be taken into account, for all new or changed services.

    The implementation of new or changed services, including the cancellation of a service, must be planned and formally approved by the change management....

  17. CHAPTER 10: SERVICE DELIVERY PROCESSES
    (pp. 62-78)

    The service delivery core area includes the planning, and the tactical level, of IT service management. In this area, the actual service levels are defined and agreed, and reports on the services, provided.

    Service delivery includes the following processes: service level management, service reporting, capacity, service continuity and availability, information security management, and budgeting for IT services and accounting.

    Service level management aims to define, agree, record and manage service levels. The service level management process must ensure that the entire scope of the services is agreed and documented:

    All IT services, with corresponding service level objectives and utilisation characteristics,...

  18. CHAPTER 11: RELATIONSHIP PROCESSES
    (pp. 79-85)

    The relationship processes describe the two aspects of business relationship management and supplier management. The Standard focuses on the role of the service provider (often the IT organisation of a company), which is logically set between customers and suppliers.

    Both customers and suppliers may be within, or outside, the service provider organisation. The contracts are generally distinguished by the following three levels:

    The agreements between the customer and the service providers are called Service Level Agreement (SLAs).

    Necessary external support (suppliers) for the agreed IT services is formalised with Underpinning Contracts (UC).

    Operational Level Agreements (OLA) govern the relations within...

  19. CHAPTER 12: RESOLUTION PROCESSES
    (pp. 86-90)

    The resolution processes include incident and service request management and problem management. These are separate processes, even if they are closely linked. Incident management deals with the recovery of the service for service users. Secondly, service request management is grouped here to include management of information requests or requests for standard services. Problem management is similar, yet contrasts with incident management, as it focuses on the determination and removal of causes for large or recurrent problems, thus ensuring a sustainable and stable service infrastructure.

    Incident management has the following objective: to recover the agreed service to the business as quickly...

  20. CHAPTER 13: CONTROL PROCESSES
    (pp. 91-102)

    The control processes create essential conditions for a stable and secure IT operation, through sound management of the IT inventory and ensuring orderly change in IT. Three processes are included: change management, configuration management and release and deployment management.

    While change management focuses on the control and coordination of changes, release and deployment management prepares the planned changes for their deployment. Configuration management provides the necessary information to not only assess change impact, but also control the information about the components affected by the change. Release and deployment management has to be integrated into the configuration and change management processes,...

  21. CHAPTER 14: PREPARING FOR THE AUDIT
    (pp. 103-104)

    As the very latest stage in the preparation for the certification audit, the final scope of the audit should be defined with the auditor, in order to outline the framework for the upcoming certification. The IT service manager must also monitor the readiness of the IT service organisation, clean up the documents for the certification audit, and compile them in a dossier for the auditor. Finally, the exact timing and resources required for the certification audit must be agreed with the certification company.

    The certification audit is an essential indicator of the situation of the management system.

    Drawing on the...

  22. APPENDIX A: BIBLIOGRAPHY
    (pp. 105-105)
  23. ITG RESOURCES
    (pp. 106-109)