Service Management System Introduction Introduction The foundation of

Service Management System Introduction

Introduction The foundation of the ISO/IEC 20000 standard is the service management system: which is responsible for managing the IT service management processes in such a way that the services delivered to the customer provide the outcomes desired and needed by the customer’s business processes. The standard defines conditions for an effective service management system in the areas of: – – – Management Responsibilities Process Governance Documentation Management Resource Management Establishing and improving the SMS

Service Management System Identify Understand Manage

Management Responsibility Who is management? Types of Service Providers: – – – Internal Service Providers External Service Providers Suppliers Internal Groups Customer

Key Stakeholders Top Management is a person or group of people who direct and control the service provider at the highest level. The Customer is the person who is authorized to make an agreement with the IT organization about the provision of IT Services, and who is responsible for ensuring that the IT services are paid for. A Service Provider is an organization or part of an organization that manages and delivers a service or services to the customer.

Management Responsibility (4. 1) Establish SM scope, policies, and objectives Establish service management plan SM policy, objectives, and plans Provision resources Communicate service requirement importance Communicate regulatory requirement importance Communication procedures and records Conduct management reviews Assess and manage risks Establish authorities and responsibilities Documented roles and responsibilities Assign management representative Appoint responsible Manager 6

Management Commitment (4. 1. 1) Management must demonstrate a commitment to: – – – – Establish scope, policy, and objective Ensure creation and maintenance of service management plan Communicate importance of fulfilling service requirements Communicate importance of fulfilling requirements from statutes, regulations, and contracts Provision resources Regularly conduct management reviews Assess and manage risks

Fulfilling Commitment l l Ensure review and approval of all key documents by top management Ensure major communications from management include importance of requirement fulfillment Ensure management receives and reviews major reports, particularly resource utilization and risks Ensure participation in regularly scheduled management reviews

Service Management Policy (4. 1. 2) The service management policy should reflect the circumstances and objectives of the service provider, be customer-focused, and provide clear direction for decisions by managers and personnel of the service provider.

Authority, Responsibility, and Communication (4. 1. 3) Service Desk Human Resources System IT Security Manager Administrator User Log service request RACI - - I RC Classification of request RACI C - I CI Verification of access levels RI C AC C C Provide access rights to user(s) RI I A R I Example process: Managing a service request to modify user access levels

Management Representative (4. 1. 4) Top Management is defined in Part 2 as “the management who direct, monitor, and control the service provider at the highest level. " Management Representative is defined in Part 1 as “a member of the service provider’s management. "

Business and Customer Business Management Representative Service Provider Customer Business Relationship Manager

Process Governance From COBIT 5: “Governance ensures that stakeholder needs, condition and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. ” “Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. ”

Processes and Procedures ISO/IEC 20000 defines a process as: A structured set of activities designed to accomplish a defined objective.

Generic Process Measurable Activities Measurable Trigger Specific Result Customer

Supply Chains Service providers should be aware that the relationships between the organizations in a supply chain can influence both the scope for the SMS and the scope statement. 16

Suppliers, Lead Suppliers, & Sub-Contractors Organization X Customer A External service provider Lead supplier Sub-contracted supplier 17 Supplier Sub-contracted supplier

Demonstrating Conformity The service provider is required to demonstrate conformity to the requirements for control of suppliers, as specified in Part 1 of the standard. 18

Governance of Process (4. 2) The service provider may develop and execute any of the processes required by ISO 20000 -1 directly, or they may have any other party perform the process fully or in part. Other parties may be an internal group, customer, or supplier. ISO 20000 -1 states: The service provider shall demonstrate governance of processes operated by other parties. 19

Fulfilling Governance l l Document process definitions and interfaces Ensure reports are provided on process performance and effectiveness Perform audits of other parties’ adherence to service provider processes Review performance with parties on a regular basis which results in improvements beneficial and approved by the service provider

Documentation Management (4. 2) ISO/IEC 20000 -1 states: The service provider shall establish and maintain documents, including records, to ensure effective planning, operation, and control of the service management system. Documents required by the service management system shall be controlled. Records shall be kept to demonstrate conformity to requirements and the effective operation of the service management system. 21

Support Tools: Document Management The ISO standard requires: The service provider shall establish and maintain documents, including records, to ensure effective planning, operation, and control of the service management system. Documents required by the service management system shall be controlled. 22

Support Tools: Service Management Tools Any tool used to fulfill the goals and objectives of a particular service management processes, such as: l Change Management l Incident and Service Request Management l Problem Management Records shall be kept to demonstrate conformity to requirements and the effective operation of the service management system.

Processes and Procedures Service providers shall provide documents and records to ensure effective planning, operation, and control of Service Management. 24

Resource Management (4. 4) ISO/IEC 20000 -1 states: The service provider shall determine and provide the human, technical, information, and financial resources needed. 25

Establishing and Improving the SMS The development of the SMS includes: l Defining scope l Planning l Implementing l Monitoring l Maintaining and improving

The Deming Cycle Plan Act Consolida tion Do Check Improvements

Establishing Scope (4. 5. 1) ISO/IEC 20000 -1 states: The service provider shall define and include the scope of the service management system in the service management plan. 28

The Basics of Scope l l l The scope of the delivered service must be described in a scope statement. The scope statement validates the certification for a specific situation. A service provider can get certification for: a) part of all services that it delivers b) a specific country or customer 29

Scope The typical structure of a scoping statement is: The <service> provided by <name of service provider organizational unit> to <customer organizational name and/or name of organizational unit> from <geographical area and/or location>.

Limits to Scope Where the service provider intends to include an entire business area in the SMS, defining the scope of the SMS is relatively simple.

Currency of Parameters The parameters used in scope statements can become out of date. The service provider should review the scope of the SMS and the scope statements on a regular basis to check that everything is valid.

4. 5. 2: Plan l Part 1: – States that Service Management shall be planned – Explains what the plan shall define – Plans for specific processes shall be aligned with the service management plan and reviewed at regular intervals l Part 2: – Aspects of Service Management System – Planning approaches – Management roles and responsibilities – Understanding process interfaces

Service Management Plan What does the Service Management Plan Include? l l l l l Objectives Requirements Known limitations Policies Standards Regulations and statutes Contractual obligations Authorities, responsibilities and process roles Required human, technical, information and financial resources l l l Approaches for handling other parties Approaches for integrating service management processes Risk management approaches Technologies used Approaches to measurements, reports, audits, and improvement

Process Implementation Plans Each service management process should have a plan for implementation, operation, and improvement. Each plan should be aligned with the service management plan. Reviews of these plans for processes should be reviewed at regular intervals.

4. 5. 3: DO • Part 1: • Service Provider shall implement SMS for design, transition, delivery, and improvement • Activities shall be in accordance with Service Management Plan • Part 2: • Ensure original services meet requirements outlined in Part 1 of the standard. • Document roles and responsibilities. • Implement SMS and maintain it!

SMS Implementation What must be done? – – – Financial management and allocation Assignment of authority, responsibility, and roles Resource management Risk management Process management Performance monitoring and reporting

4. 5. 4: CHECK • Part 1: • Suitable methods for monitoring and measurement of the SMS and services shall be used. • Internal audits shall be conducted at regular intervals. • Review of the SMS and services by top management shall be conducted at regular intervals. • Opportunities for improvements and changes shall be assessed. • Part 2: • Auditors should be knowledgeable and independent from the areas they are auditing. • Audits should be planned and should include an assessment of the SMS’ scope. • Management reviews should focus on maintaining the SMS capability to fulfill changing business needs and service requirements.

Internal Audits ensure the effective implementation, fulfillment, and maintenance: l ISO/IEC 20000 requirements l Agreed service requirements l SMS requirements Internal Audits are performed by the service provider and are required for conformance to ISO/IEC 20000.

Management Reviews Top Management must regularly review the service management system and services. The purpose of the review is to determine continued suitability and effectiveness of the targeted area. The review may include: – – Assessment of improvement opportunities Assessment of SMS changes, including strategic and policy changes

4. 5. 5: ACT • Part 1: • There shall be a published policy on continual improvement with clearly defined evaluation criteria and roles and responsibilities. • ALL suggested service improvements shall be assessed, recorded, prioritized, and authorized in accordance with plan. • Approved improvements shall be planned. • Part 2: • There should always be a way to improve on efficiency and effectiveness. This should be described in the policy. • There should be a record of the current service quality and service levels (baseline) BEFORE service improvement activities are implemented. • All improvement targets should be measurable, linked to business objectives, and documented.

Internal Audits The key attributes of an audit program are: – – Regularly scheduled audits More attention on priority areas Impartial auditors Management responsible for corrective actions

Management Reviews What is reviewed? – – The suitability and effectiveness of the service management system The suitability and effectiveness of the services managed by the SMS Opportunities for improvement Changes to SMS or service management plan Who reviews? – Top Management

4. 5. 5: Continual Improvement Objective: To improve the effectiveness and efficiency of service delivery and management You shall perform activities: collect & analyze data identify, plan & implement improvements, set targets, etc. There shall be a published policy. Non-compliance shall be remedied. R&R for service improvement shall be clearly defined. Improvements on one process Improvements across processes

The Toolkit is designed to be holistic and comprehensive to ISO/IEC 20000. The parts of the standard provide guidance on what to implement, not how to implement the standard: where the standard lacks in this area, the toolkit will attempt to complete. The goal of the ISO/IEC 20000 Toolkit is to define the contributing factors, major components, and their relationships as defined by the ISO/IEC 20000, while providing the basic tools to take action based on the organization’s needs.

Moving Forward The presentations found within the Toolkit provide education about the different facets of ISO/IEC 20000: they can be used for self-edification or as the foundation for presenting a case to different levels of the organization. The process document, Developing SMS capabilities, is intended to be a step by step guide in creating service management system foundation in your organization based on the ISO/IEC 20000 standard. Multiple templates have been created to support the process and aid organizations in their efforts to improve their capabilities.