Technology Trends & Management Consulting

April 9, 2007

ISO 20000 Background, Audit, and Assessment (Plan-Do-Check-Act)

Filed under: ISO 20000, ITIL — Daniel Ruggles @ 4:00 pm

ISO 20000 is based upon an original pair of documents, BS15000-1/2, which were published in 2002 and 2003 respectively.  ISO 20000 is the international standard for IT Service management and is comprises two parts: ISO/IEC 20000-1 and ISO/IEC 20000-2. ISO 20000-1 is the ‘Specification for Service Management, and it is this which is certifiable against. ISO 20000-2 is the ‘ Code of practice for Service Management’, and describes best practices, and the requirements of Part 1.

ITIL is the process defined framework for IT operations.  ISO 20000-2 is the code of practice built on top of ITIL tailored processes.   ISO 20000-1 is the specification for ITSM that would facilitate the audit.  The framework had been harmonized with other international standards, to embrace the familiar PDCA (Plan-Do-Check-Act).

plan-check-do-act.pdfManaged Services illustrated in the diagram could be internal IT services or externally supplied services.  Aligning processes and procedures is accomplished in the planning and implementation phase. The methodology, known as Plan-Do-Check-Act (PDCA), can be applied to all processes, as follows:

  • Plan: Establish the objectives and processes necessary to deliver results in accordance with customer requirements and the organization’s policies.
  • Do: Implement the processes.
  • Check: Monitor and measure processes and services against policies’ objectives and requirements and report the results;.
  • Act: Take actions on the differences and continually improve process performance.

Multiple service management plans may be used in place of one large plan or program. Where this is the case, the underlying service management processes should be consistent with each other. It should also be possible to demonstrate how each process and requirement is managed by linking it to the corresponding roles, responsibilities and procedures. ISO 20000 section 4.3 (monitoring, measuring and reviewing) states that in order to identify these process areas and improve upon them, a regular audit program must be planned. Users also need to take into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods must be defined in a procedure. The selection of auditors and conduct of audits must ensure objectivity and impartiality of the audit process. Auditors must not audit their own work. Any significant areas of noncompliance or concern should be communicated to relevant parties and corrective action taken.

Scope creep

As organizations change and grow, the scope of the services provided under the ISO 20000 standard expands. However, the organization often times fails to expand their certification activities to cover any new services. This is known as an “extension to scope.” This can be addressed by following the rules set forth in section 7.2. ISO 20000 section 7.2 (business relationship) requires the service provider and customer to attend a review to discuss any changes to the scope, service-level agreement, contract (if present) or the business needs at least annually and shall hold interim meetings at agreed intervals to discuss performance, achievements, issues and action plans. These meetings shall be documented.

Not everything is recorded or measured

According to ISO 20000 section 4.3 (monitoring, measuring and reviewing), the organization must apply suitable methods for monitoring and, where applicable, measuring service management processes. These methods must demonstrate the suitability of the processes to achieve planned results. Management must then conduct reviews at planned intervals to determine whether the service management requirements:

  • Conform with the service management plan and to the requirements of this standard;
  • Are effectively implemented and maintained.

Additionally, under section 4.4.2 (management improvements), all suggested service improvements shall be assessed, recorded, prioritized and authorized. The service provider must have a process in place to identify, measure, report and manage improvement activities on an ongoing basis.

”RSS”
Technorati

March 15, 2007

IT Framework Relationships

Filed under: CMM, COBIT, ISO 17799, ISO 20000, ITIL — Daniel Ruggles @ 3:51 pm

There are numerous processes designed to enhance the overall effectiveness of IT and often times what gets overlooked is how they might fit together.  Described below are the various frameworks and their relationship to one another and when you might adopt these frameworks over time.  Each of the frameworks has their set of implementation issues and problem areas for adoption.

  • ITIL maps service delivery to process execution and technical aspects of process control.
  • PMBOK primarily focuses on project management.
  • CMM primarily focuses on software delivery, but can be used to assess maturity of process execution.
  • ISO 20000 is a process to measure the effectiveness and points towards improvements for ITIL.
  • ISO 17799 primarily deals with an overall security process, awareness, standards and measures of control
  • COBIT focuses on process control as well as strategic control in an enterprise
    • Strongly focused on control and less on execution.
      • Helps optimize IT-enabled investments,
      • Ensures service delivery
      • Provides a measure against which to judge when things do go wrong.
  • Six Sigma methodology is the implementation of a measurement-based strategy that focuses on process improvement and variation reduction through the application of Six Sigma improvement

 IT Framework Relationships

 IT Framework Relationships
”RSS”

Technorati

What is ITIL?

Filed under: Availability Management, Capacity Management, Change Management, Configuration Management, Financial Management, ISO 20000, IT Service Continuity Management, ITIL, Incident Management, Problem Management, Release Management, Security Management, Service Delivery, Service Desk, Service Level Management, Service Support — Tags: — Daniel Ruggles @ 3:13 pm

The IT Infrastructure Library (ITIL) is a series of eight books and is referred to as the only consistent and comprehensive best practice for IT service management to deliver high-quality IT services. Although produced and published by a single governmental body, ITIL is not a standard and is generally referred to as a framework.  There is a lot of work involved in tailoring an implementation to any organization. The published books (subject to change my mid-2007) are:

  • Software Asset Management
  • Service Support
  • Service Delivery
  • Planning to Implement Service Management
  • ICT Infrastructure Management
  • Application Management
  • Security Management
  • Business Perspective, Volume II

There are two main operational components or logical groupings within ITIL, with Security Management completing the underpinning for both groups are:

  • Service Support (activities that are more or less performed daily)
  • Service Delivery (activities that tend to take place monthly or quarterly, but at a minimum annually)

ITIL Process Overview

 ITIL Process Overview

BUSINESS DRIVERS FOR IMPLEMENTING

ITIL is usually implemented subject to one or more of the following business cases:

  • Defining of service processes within the IT organization
  • Defining and improving the quality of services
  • Need to focus on the customer of the IT
  • Implementation of a central help desk function

There are several methods in approaching an implementation of ITIL and having done several operations assessments, I can attest that the two main building blocks that have to be solid are Configuration Management and Change Management.  Both gear their activities off a Configuration Management Data Base (CMDB).  If the CMDB does not exist or if Change Management is a haphazard process, then the other processes within ITIL tend to fail on a regular basis.  Recently more and more vendors are creating products geared specifically towards CMDB (e.g., HP, CA, BMC, etc.) that address a method to collect all of the configuration specifics of your environment.  If you don’t know what you have, it will be problematic when implementing any change, but you can never been certain of the effect of the change.Two principal concepts characterize the basic thinking of ITIL:

  • Service management—IT service managers:
    • Assure the consideration of requirements for operations and maintenance
    • Develop test plans
    • Identify the effects on existing infrastructure caused by new or modified systems
    • Define future requirements
  • Customer orientation—IT services are to be provided at a level of quality that allows permanent reliance on them. To assure this quality, responsibility is assigned to individuals who:
    • Consult the users and help them use the services in an optimal approach
    • Collect and forward opinions and recommendations of users
    • Track complaints
    • Monitor the users’ appraisals of the services delivered
    • Support internal user groups

      • Technorati
      ”RSS”

Blog at WordPress.com.