Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC 20000-1

Benefits to the Quality System in implementing an IT Standard ISO/IEC 20000-1 Presentation to: ASQ North Jersey September 15, 2010 Subrata Guha Director IT s UL DQS Inc. A New Global Alliance for Systems Solutions

Introduction Over 25 years experience in the areas of Information Security, Risk Assessment, IT, Software Engineering, Project Consultant to fortune 500 companies in USA, Japan and South Korea Authorized Lead Auditor Industrial scholar at Carnegie Mellon University. A New Global Alliance for Systems Solutions 2

Agenda ISO/IEC 20000 overview management context Impact of service quality on product quality requirements A New Global Alliance for Systems Solutions 3

ISO IEC 20000 ISO IEC 20000-1: Information Technology - Specification ISO IEC 20000-2: Information Technology - Code of Practice Released in 2005 Fast track adoption of BS 15000 Certification standard for ITIL (IT Infrastructure Library) Currently under revision A New Global Alliance for Systems Solutions 4

Hierarchy of Documents ISO/IEC Specification 20000-1 ISO/IEC20000-2 Guideline ITIL / MOF Best Practices Organization s policies, procedures, work instructions QMS A New Global Alliance for Systems Solutions 5

Introduction to Economics Goods Goods Value add Product Package A New Global Alliance for Systems Solutions 6

Characteristics are Complex Highly intangible s are produced and consumed at the same time High variability of service quality User is often involved in the delivery of service Satisfaction is subjective A New Global Alliance for Systems Solutions 7

Business Requirements Strategy Improvement Lifecycle Design Operation Transition A New Global Alliance for Systems Solutions 8

Delivery Key Process in Capacity Level Continuity & Availability Security Budgeting & Accounting Support Business Incident Problem Business Relation Control Configuration Change Design Transition Initiation Reporting Release Suppliers / Subcontractors Supplier A New Global Alliance for Systems Solutions 9

ISO 20000-1 Requirements 3. Requirements for a management system 3.1 3.1 Responsibility Responsibility 3.2 3.2 Documentation Documentation Requirements Requirements 3.3 3.3 Competency, Competency, Awareness, Awareness, & training & training 10 10 Release Release 9. Control Processes Change Change Configuration Configuration 4. Planning & implementing SM 4.1 4.1 Plan SM Plan SM 4.3 4.3 Monitoring, Monitoring, Measuring Measuring & reviewing & reviewing 4.2 4.2 Implement SM Implement SM & provide & provide services services 4.4 4.4 Continual Continual Improvement Improvement 8. Resolution processes 8.1 8.1 Background Background 8.2 8.2 Incident Incident 8.3 8.3 Problem Problem 5 5 Planning & Planning & Implementing Implementing New or New or changed changed s s 7. Relationship Processes 7.1 7.1 General General 7.2 7.2 Business Business Relationship Relationship 7.3 7.3 Supplier Supplier 6. delivery process 6.1 6.1 Level Level 6.2 6.2 Reporting Reporting 6.3 6.3 Continuity & Continuity & Availability Availability 6.4 6.4 Budgeting & Budgeting & Accounting Accounting For IT services For IT services 6.5 6.5 Capacity Capacity 6.6 6.6 Information Information Security Security A New Global Alliance for Systems Solutions 10

ISO 20000-1 Requirements 3. Requirements for a management system 3.1 3.1 Responsibility Responsibility 3.2 3.2 Documentation Documentation Requirements Requirements 3.3 3.3 Competency, Competency, Awareness, Awareness, & training & training 10 10 Release Release ISO 9001 9. Control Processes Change Change Configuration Configuration 4. Planning & implementing SM 4.1 4.1 Plan SM Plan SM 4.3 4.3 Monitoring, Monitoring, Measuring Measuring & reviewing & reviewing 4.2 4.2 Implement SM Implement SM & provide & provide services services 4.4 4.4 Continual Continual Improvement Improvement 8. Resolution processes 8.1 8.1 Background Background 8.2 8.2 Incident Incident 8.3 8.3 Problem Problem 5 5 Planning & Planning & Implementing Implementing New or New or changed changed s s 7. Relationship Processes 7.1 7.1 General General 7.2 7.2 Business Business Relationship Relationship 7.3 7.3 Supplier Supplier 6. delivery process 6.1 6.1 Level Level 6.2 6.2 Reporting Reporting 6.3 6.3 Continuity & Continuity & Availability Availability 6.4 6.4 Budgeting & Budgeting & Accounting Accounting For IT services For IT services 6.5 6.5 Capacity Capacity 6.6 6.6 Information Information Security Security A New Global Alliance for Systems Solutions 11

ISO 20000-1 Requirements 3. Requirements for a management system Strategy Strategy 3.1 3.1 Responsibility Responsibility 3.2 3.2 Documentation Documentation Requirements Requirements Improvement Improvement 3.3 3.3 Competency, Competency, Awareness, Awareness, & training & training 10 10 Release Release Control Control 9. Control Processes Change Change Configuration Configuration 4. Planning & implementing SM 4.1 4.1 Plan SM Plan SM 4.3 4.3 Monitoring, Monitoring, Measuring Measuring & reviewing & reviewing 4.2 4.2 Implement SM Implement SM & provide & provide services services 4.4 4.4 Continual Continual Improvement Improvement 8. Resolution processes 8.1 8.1 Background Background Support Support 8.2 8.2 Incident Incident 8.3 8.3 Problem Problem Initiation Initiation 5 5 Planning & Planning & Implementing Implementing New or New or changed changed s s Delivery Delivery 7. Relationship Processes 7.1 7.1 General General 7.2 7.2 Business Business Relationship Relationship 7.3 7.3 Supplier Supplier 6. delivery process Relationship Relationship 6.1 6.1 Level Level 6.2 6.2 Reporting Reporting 6.3 6.3 Continuity & Continuity & Availability Availability 6.4 6.4 Budgeting & Budgeting & Accounting Accounting For IT services For IT services 6.5 6.5 Capacity Capacity 6.6 6.6 Information Information Security Security A New Global Alliance for Systems Solutions 12

Integrated View of Development and Business Performance Improvement Resource Project/Program S D L C Requirement Design Build Test Verification Validation Quality Assurance Configuration Release Incident Problem Change Config. Level Capacity Availability Training Supplier Internal Audit A New Global Alliance for Systems Solutions 13

Impact of Quality on Product Requirement Derived Requirements Expectations Development Team Team Quality, Reliability, Maintainability Requirements Design Design Build Build Test Test Deploy Deploy Operate Operate Optimise Optimise Retire Retire Requirement traceability Change requests Verifications & Validations A New Global Alliance for Systems Solutions 14

Plan OBJECTIVE: To plan the implementation and delivery of service management Scope of service Objectives & requirements Workflow framework Interface with other functions Resource requirement Measurement A New Global Alliance for Systems Solutions 15

Implementing New or Changed s OBJECTIVE: To ensure new/changed services can be delivered and managed Proposal for new or changed services o Impact analysis o Business case Plan for service implementation o Roles and responsibilities o Description of changes o Changes in contract o Resource o Training o Budget and schedule o acceptance criteria Post implementation review A New Global Alliance for Systems Solutions 16

Level OBJECTIVE: To define, agree, record and manage levels of service Full definition of service o characteristics o Target customers o Workload o level targets level agreement (SLA) Supplier contract SLA monitoring A New Global Alliance for Systems Solutions 17

Reporting OBJECTIVE: To produce accurate reports for informed decision making Performance against service level targets Non compliance and issues Workload Performance trend Satisfaction analysis A New Global Alliance for Systems Solutions 18

Continuity & Availability OBJECTIVE: To ensure agreed service levels are maintained in all circumstances Business impact analysis continuity plan Plan testing Impact of changes Measurement of availability A New Global Alliance for Systems Solutions 19

Budgeting & Accounting OBJECTIVE: To budget and account for the costs of service provision Budgeting and accounting for all components of service Direct and indirect costs Financial control and authorization Monitoring and reporting of cost against budget Cost of service changes A New Global Alliance for Systems Solutions 20

Capacity OBJECTIVE: To ensure sufficient capacity to meet current and future business demand Capacity Planning o Current capacity o Future capacity requirements o Capacity threshold o Predicted impact of external changes Predictive analysis Monitoring of capacity utilization Tuning of service performance A New Global Alliance for Systems Solutions 21

Information Security OBJECTIVE: To manage information security effectively Information security policy Risk assessment Security controls o Implement requirements of policy o Manage associated risks Security incidents Measure effectiveness of security controls A New Global Alliance for Systems Solutions 22

Business Relationship OBJECTIVE: To establish and maintain good relationship between business and service provider Customer account managers Identify customers and end users of service Joint service review meetings Changes to SLA and contract Customer complain process A New Global Alliance for Systems Solutions 23

Supplier OBJECTIVE: To manage supplier relationship to ensure seamless quality of service Vendor contract managers Alignment of supplier SLAs with customer SLAs Defined relationship between lead and subcontracted suppliers Supplier performance review A New Global Alliance for Systems Solutions 24

Incident OBJECTIVE: To restore services as soon as possible Recording of Incidents Incident classification o Severity o Priority Incident resolution Escalation Customer communication THIS IS A REACTIVE MEASURE A New Global Alliance for Systems Solutions 25

Problem OBJECTIVE: Proactive identification of the cause of incidents to minimize incidents Recording of problems Analysis and identification of the root cause of incidents Problem resolution often requires change management Review effectiveness THIS IS A PROACTIVE MEASURE A New Global Alliance for Systems Solutions 26

Configuration OBJECTIVE: To define and control the components of services and infrastructure Configuration identification Configuration baseline Configuration audits Configuration status accounting CMDB A New Global Alliance for Systems Solutions 27

Change OBJECTIVE: To ensure all changes are implemented in a controlled manner Change request Types of change (e.g. emergency change) Change approval Implementation of change Verification of change A New Global Alliance for Systems Solutions 28

Release OBJECTIVE: To control release of new and/or changed services to live environment Release policy Release plan Rollback mechanism Acceptance test environment Measurement of success and failure of releases A New Global Alliance for Systems Solutions 29

Thank You Subrata Guha Subrata.Guha@us.dqs-ul.com 874-749 5397 A New Global Alliance for Systems Solutions