Due to the development of IT technologies use, many organizations started focusing on service rendering quality. Availability of IT-services management system in compliance with ISO 20000-1:2011 will help organization determine main directions for rendering quality services taking into account stakeholders.
Service management system (SMS, ITSMS) – management system used for determination of service direction and control of service provider activities in respect of service management.
ISO 20000 standard sets requirements for organization rendering any kind of IT-services, regardless of its size, area of activity and geographical location. It is worth noting that this standard can be recommended for high-technology organizations – system integrators, banks, insurance companies, Internet providers, software developers, etc.
HISTORY OF THE STANDARD
ISO/IEC 20000 standard was first issued on December 15, 2005, and was based on British BS 15000 standard. British standard determined requirements for management system with application of ISO 9000 approach, but emphasizing controls, necessary to successfully manage IT-services.
ITIL library was the base for the development of the standard. ITIL materials, global interest in their studying and practical application have formed an integrated system in respect of IT-services management; general understanding of required level of IT-services management system maturity, which afterwards resulted in official standardization. It should be noted that during standard development into process model, proposed by ITIL v2, a number of amendments and additions were introduced. The main emphasis was made on creation of integral management system (and not a set of separate processes) and implementation of idea of control and improvement throughout the whole IT-service life cycle based on PDCA (Plan-Do-Check-Act) cycle. Some amendments and additions were taken into account by ITIL v3 authors.
STRUCTURE OF THE STANDARD
International ISO 20000-1:2011 standards determines requirements for service management system in compliance with which ITSMS shall be based on the following key components:
ISO/IEC 20000-1:2011 standard determines requirements for 13 major processes, combined into four key groups:
- Service rendering processes include service level management, continuity and availability management, capacity management;
- Relationship processes include management of interrelations between service provider, customers and suppliers;
- Resolution processes are focused on incidents, which were prevented or successfully resolved;
- Control processes include changes, assets and configurations management processes.
ISO/IEC 20000-1 standard requires all processes to be implemented without exception.
The standard determines service management processes, that help organizations:
- determine that there is an interrelation between processes and that this interrelation depends on application of processes within an organization;
- provide that objectives and controls enable an organization to deliver required services;
- improve efficiency and provide opportunities for improvement;
- ensure IT-services are aligned with business needs and demands;
- improve system reliability and availability;
- provide a basis for service level agreement;
- provide the ability to measure IT-service quality
INTEGRATION WITH OTHER STANDARDS
Information service management system can be integrated with other management systems, e.g. with quality management system in compliance with ISO 9001, environmental management system in compliance with ISO 14001, information security management system in compliance with ISO 27001, etc.
ISO 20000 series of standards includes:
1. ISO/IEC 20000-1:2011 Section 1. Service management system requirements. ISO/IEC 20000-1:2011 standard specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve service management system. The requirements include the design, transition, delivery and improvement of services to fulfill service requirements.
2. ISO/IEC 20000-2:2005 – Code of Practice. ISO/IEC 20000-2:2005 offers summary of practical guidelines to auditors and assistance to service providers in planning service management system improvements or in being audited for compliance to the requirements of ISO/IEC 20000-1. ISO/IEC 20000-2:2005 standard is based on British BS 15000-2 standard.
3. ISO/IEC TR 20000-3:2009 – Technical Report Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1. ISO/IEC TR 20000-3:2009 supplements ISO/IEC 20000-2 standard and provides guidance on scope definition, applicability and demonstration of conformity for service providers aiming to meet the requirements of ISO/IEC 20000-1, or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as management tool. It can also help service providers who use ISO/IEC 20000-1 for implementing a service management system and who need advice on whether ISO/IEC 20000-1 requirements are applicable to their organizations and how to define the scope of their management services.
4. ISO/IEC TR 20000-4:2010 – Technical Report Part 4: Process reference model. The purpose is to facilitate the development of a process assessment model according to ISO/IEC 15504 process assessment principles. ISO/IEC 15504-1 describes the concepts and terminology used for process assessment, ISO/IEC 15504-2 describes the requirements for the conduct of an assessment and a measurement scale for assessing process capability. The process reference model provided in ISO/IEC TR 20000-4:2010 is a logical representation of the elements of the processes within service management system that can be performed at a basic level. Using the reference model in a practical application might require additional elements suited to the environment and circumstances. Process reference model is not an ISO/IEC 20000-1 requirement.
5. ISO/IEC TR 20000-5:2010 Technical Report Part 5: Exemplar implementation plan for the first part of the standard. ISO/IEC TR 20000-5:2010 includes practical guidance to service providers on the order of improvements planning and implementation. It is recognized that a standard three-phase approach is used to implement a service management system. The approach provides a structured framework to prioritize and manage the implementation activities. ISO/IEC TR 20000-5:2010 is a Guidance.
BENEFITS FROM IMPLEMENTATION AND CERTIFICATION
- enhancement of customer, partner and other stakeholders’ trust;
- receiving international recognition and promotion of company’s image on internal and external market;
- increase of efficiency and reliability of IT-services provision;
- mitigation of risks, effects and damage, caused by IT and IS incidents;
- reduction of costs for promotion and regular development of information technologies in general;
- broadening company’s options for participation in government contracts.