p - ITIL v3 - Impact on ISO IEC 20000

p - ITIL v3 - Impact on ISO IEC 20000 - ITIL & ISO/IEC...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ITIL & ISO/IEC 20000 What is the relationship between ITIL and ISO/IEC 20000? We are ISO/IEC 20000 certified. How will the transition of ITIL to V3 impact us? “We are planning for ISO/IEC 20000 certification . How will the transition of ITIL to V3 impact us? Evolution of the Standard ISO/IEC 20000 The Need: 1998-99 1989 onwards An auditable standard for IT Service Management ITIL V2 – Documented best practices for ITSM OGC and itSMF assigns the responsibility to BSi 2003 Basic concepts and processes of ITSM BS15000 certification scheme 2005 ISO/IEC 20000 Standard & ITIL V3 ISO 9000 standard Standard & Fast track adoption 2007 Mgmt system & PDC cycle certification scheme Information Security Controls ISO/IEC 27001 standard ISO/IEC 20000 and ITIL – OGC’s view: Standard Part 1: ISO/IEC 20000 part 1 Compulsory requirements Standard Part 2: ISO/IEC 20000 part 2 ITIL In house Policies, Processes, Procedures and Practices Code of Practice guidance and explanation of Part 1 Best Practice Guidance ISO/IEC 20000 – A more pragmatic view Standard Part 1: ISO/IEC 20000 part 1 Compulsory requirements Standard Part 2: ISO/IEC 20000 part 2 Code of Practice guidance and explanation of Part 1 ITIL or any other framework In house Policies, Processes, Procedures and Practices Best Practice Guidance Additional Best practice guidance on ‘how to’ plan and implement the practices required by the standard ISO/IEC 20000 & ITIL V2 – A High level mapping ITIL V2 Infrastructure Mgmt (?) Application Mgmt (?) Management Requirements Planning to Introduce new / changes services Planning to Implement Service Management ISO/IEC 20000 requirements Service Delivery Processes Control Processes Release Process Resolution Processes Relationship Processes ITIL V2 ITIL V2 Service Delivery Security Mgmt (?) Service Support ITIL V2 Business Perspective ISO/IEC 20000 & ITIL V3 – A High level mapping Service Design Continual Service Improvement Management Requirements Planning to Implement Service Management Service Transition Planning to Introduce new / changes services ISO/IEC 20000 requirements Service Delivery Processes Service Strategy Service Design Service operations Continual Service Improvement Control Processes Release Process Resolution Processes Relationship Processes Service Strategy Service Transition Service Operations Service Operations Service Design Operational ITSMS Plan service management Understand business processes - Gain management commitment - Scope of the ITSMS - Objectives of ITSMS - Resources required - Service level requirements - Roles and responsibilities - ITSMS in-charge Continual Improvement - Corrective and preventive actions - Identify, plan and implement improvements - Measure, report and communicate the Act Plan Plan service improvements - Revise the policies, processes, Continual procedures and plans Improvement Implement service management -Policies, plans, procedures and processes -Risk management for ITSMS -Report progress Do Monitor, measure and review - Monitor and Check effectiveness measure the - Conduct reviews at planned intervals - Plan an audit programme Mandatory requirements of a documented ITSMS Objectives Scope Service management policies ITSMS In-charge Service delivery processes Control processes Procedures Information security management Roles and responsibilities Staff competencies and training needs Service management plans ITSMS audits at planned intervals Service Level Agreements Records ISO 20000 certification eligibility The organisation should be providing IT service to its customers, whether internal or external Eligibility is based on the extent and degree of management control that the service provider has over the ISO/IEC 20000 processes “Management control” of process consists of - Knowledge and control of inputs - Knowledge, use and interpretation of outputs - Definition and measurement of metrics - Demonstration of objective evidence of accountability for process functionality in conformance to the ISO/IEC 20000 standard - Definition, measurement and review of process improvements The summary For organizations which are already certified to ISO/IEC 20000: They need not necessarily migrate to ITIL V3 – as there is no direct linkage of ITIL transition to the standard Migrating from ITIL V2 to V3 as the additional guiding best practice framework will not impact the certification status – as long as the control specifications of the standard are still complied to. For organizations which are planning to get certified to ISO/IEC 20000: Organizations can choose to use ITIL V2, V3 or any other framework as additional best practice guidance – as long as the control specifications of the standard are complied to. When can certification take place? Certificate Certificate Confidentiality Agreement Pre-Study/ Implementation Consultant(s) Company / DNV ITSM PreAssessment Initial Audit Auditor(s) Awareness creation Follow Up Periodical Audits Initial Audit Process Confidentiality Agreement Certificate ITSM Follow-up Activity Desk Review IA, Step 1 IA, Step 2 <13 weeks Audit Team, Incl. Technical Expert < 13 weeks <2 weeks Audit Process • Pre – Assessment * Timeline between the stages, depending on the preparedness and maturity. 1 to 13Weeks * • Stage 1 ( Document Review and Initial Visit ) Findings to be addressed before Stage 2 Identify Focus Areas • 1 to 13Weeks * Stage 2 ( Certification Audit ) Closure of all Findings Issue of Certificate ( Normally – 8 weeks after recommendation ) • Periodic Audits ( 6 OR 9 monthly) Registration valid for 3 years ...
View Full Document

This note was uploaded on 10/15/2011 for the course COMPUTER 40443 taught by Professor Safari during the Spring '10 term at Sharif University of Technology.

Ask a homework question - tutors are online