Name: Lynda Cooper Date: November 24th. Revising ISO/IEC to fit the future of service management

Transcription

1 Name: Lynda Cooper Date: November 24th Revising ISO/IEC to fit the future of service management

2 Agenda Brief overview of ISO20000 Changes Why and How What Your views and how you can influence the changes

3 Lynda Cooper Project editor ISO/IEC , Chair of BSI committee, UK representative to ISO committee APMG - Deputy chief examiner ISO20000, Member of ISO27001 exam panel EXIN - Auditor for ISO20000, ISO27001, ITIL, Agile BSI Training and Quint trainer in ISO20000 and ISO27001 UKAS assessor for ISO20000 and ISO27001 (assess the certification bodies) ITIL Master, assessor for ITIL Master for APMG and Exin Independent consultant

4 BRIEF OVERVIEW OF ISO20000

5 ISO/IEC What is it? A standard that includes the design, transition, delivery and improvement of services that fulfil service requirements and provide value for both the customer and the service provider A management system standard (like ISO9001) that can be used to assess for compliance What it is not: A product or tool standard A service standard A maturity model

6 Scope of ISO20000 The management of Information, Communication and Technology Enabled Services Examples IT services Infrastructure management Application management Desktop support etc. Telecoms Media Cloud services Business process outsourcing.

7

8 ISO/IEC Series ISO/IEC consists of multiple parts: ISO/IEC : 2011: Service management system requirements ISO/IEC : 2012 : Guidance on the application of SMS ISO/IEC : 2012 : Guidance on scope definition and applicability ISO/IEC : 2013: Exemplar implementation plan for ISO/IEC ISO/IEC :2015: The application of ISO/IEC to cloud services Part 10 concepts and vocabulary Part 11 mapping to ITIL (ready for publication) Part 12 mapping to CMMi-SVC (in development due out late 2016) ISO/IEC 27013, ISO/IEC Integration guidelines

9 Further information BSI books A managers guide to service management Introduction to the ISO/IEC series APMG web site ISO20000 blogs international.com/author/lynda cooper/ Many LinkedIn forums Qualifications APMG, BCS, Exin, Peoplecert

10 CHANGES TO ISO20000 WHY? HOW?

11 Why - Drivers for revision All standards reviewed every 5 years remove, keep as is or revise All management system standards are moving to new common high level structure with common requirements known as Annex SL Changes in services market Lessons learned, feedback on current standard Other standards have been revised and changes need to be made to retain alignment 9001 and primarily

12 How - Approach Principles of the ISO20000 series agreed Study group on revision National body comments Survey

13 How - Timeline ISO processes are slow. They need to take into account the views of all countries and gain consensus on the updates made. Standards cannot change too frequently as it would be difficult for the users of the standards. Start revision 2015 Publish Part Publish other parts

14 CHANGES TO ISO DEFINITE

15 Structure of ISO/IEC Current contents Part 1 1. Scope 2. Normative references 3. Terms and definitions 4. Service management system general requirements 5. Design and transition of new or changed services 6. Service delivery processes 7. Relationship processes 8. Resolution processes 9. Control processes Future contents Part 1 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the service provider 5. Leadership 6. Planning 7. Support of the SMS 8. Operation of the SMS and the services 9. Performance evaluation 10. Improvement

16 Current Part 1 mapped to new structure 4 SMS general requirements requirements of current clause 4 are superceded by or will be added into standard structure clauses Design and transition 6 Service delivery 7 - Relationship 8 - Resolution 9 - Control Will be added into standard structure clause 8 - Operation

17 Changes to current clause 4 Organisational context Risk based approach more than currently in ISO , preventive action gone PLAN DO 8. CHECK 9. ACT 10. Objectives at top level and also at relevant functions/levels 7. More requirements for monitoring, measurement, analysis and evaluation PDCA is not emphasised now although implicit other methods of continual improvement can be used

18 Terms and definitions New terms from Annex SL Policy Objective Competence Performance Outsource Monitoring Measurement Audit Conformity Potential additions User Value Asset

19 CHANGES TO ISO20000 NOTE NOTHING IS FINALISED

20 What, not how Budgeting and accounting to be less prescriptive Simplify the requirements around governance of processes operated by other parties, add in provision of service components by other parties Reduce the number of procedures and concentrate on the actual requirements instead The detail if removed from part 1 will go to part 2 so will not be lost

21 Maximum 20 pages of requirements Avoid duplication risk management approach in one place only - SM plan and not info sec process Evaluation of other parties in one place not both DTNCS and supplier management Combine common items together requirements scattered throughout the standard to control changes to documents using change management to be put into one place requirements scattered throughout the standard to do impact assessment of RFCs to be put into change management

22 Simplify/clarify the difficult areas DTNCS/clause 5 requirements and the relationship with change management Internal audit, info sec audit, configuration audit - clarify Review of service in SLM and BRM clarify differences 12/2/2015 Service Ltd 2015

23 Future looking Remove some requirements which are not working well for commodity services. For example: List of contents of contracts, to allow for standard contracts with large product suppliers and cloud providers Agree definitions of major incident, service complaint, emergency change/release with customers remove agree Agree service catalogue with customers many service providers have a standard catalogue of services which the customer chooses from, remove agree

24 Customer perspective More on understanding value of the services to various parties Clear distinction between customers and users Possible new part in the future on guidance for customers on what to expect from an ISO20000 certified service provider

25 Integration with 9001 and Common structure and many common requirements Alignment with for information security process ensure that is not implying that there needs to be an ISMS within the SMS. This will simplify the information security requirements in Review the revised 9001 edition due out Sept 2015 and check for any changes needed in

26 Structural changes Separate out joint processes Service continuity and availability Incident and service request Service catalogue and Service level management Plan/design/develop new or changed services and transition of new or changed services

27 Suggested additions Add processes or requirements in other clauses/processes Plan the service (incorporating aspects of portfolio mgt) Knowledge management (as in 9001) Asset management Requirements management Understanding value Governance Service integration

28 SIAM Can suppliers working in a SIAM environment gain certification to ISO20000? What about the SIAM lead who is only doing SLM, BRM and supplier mgt? What about the towers of supplier activity? Scenarios to be added to part 3 Study group at ISO level looking into governance and service management of services provided with multiple suppliers

29 YOUR VIEWS AND HOW YOU CAN BE INVOLVED

30 What do you think and why? What needs to stay the same? What needs to change? Does anything need to be deleted? Does anything need to be added?

31 How you can get involved Send your input to the ITSMF representative to the BSI committee on service management Mark Lillycrop This can then be input to the UK BSI committee and, if agreed, can go forward for consideration at international level Join the BSI committee we are looking for more knowledgeable and active members

32 Thank you

33