DIGANO - Making a Difference

What is ISO/IEC 20000?

ISO/IEC 20000 is the worldwide standard for implementing and managing IT Service Management.

ISO/IEC 20000 is a direct offspring of BS15000 (British Standard) and is basically a standard maintained by the following two organisations:

• ISO: The International Organisation for Standardisation (http://www.iso.ch)
• IEC: The International Electrotechnical Commission (http://www.iec.ch)

Together they have formed ISO/IEC JTC 1 (The Joint Technical Committee)

The ISO/IEC 20000 standard exists of 2 main parts:

• Part 1: Specification (18 pages)
• Part 2: Code of practice (36 pages)

The standard can be purchased (CHF210 "Swiss francs") and downloaded from http://www.iso.org which is the same website as http://www.iso.ch. The downloaded documents will have your organisation's name on it as to protect it from illegal copying.

The standard recognises the need to manage the following 5 areas, each containing one or more processes:

• Service Delivery Processes:

1. Service Level Management
2. Service Reporting
3. Capacity Management
4. Service Continuity and Availability Management
5. Information Security Management
6. Budgeting and Accounting for IT Services

• Resolution Processes:

1. Incident Management
2. Problem Management

• Control Processes:

1. Configuration Management
2. Change Management

• Release Processes:

1. Release Management

• Relationship Processes:

1. Business Relationship Management
2. Supplier Management

Why do we need it?

The standard is useful for organisations that:

• Need to go out for tender;
• Need a consistent approach in managing their processes;
• Need a consistent approach in dealing with their customers;
• Need to benchmark the maturity of their environment;
• Need an independent assessment;
• Need to demonstrate their capability to deliver; or
• Need to improve their services.

Who uses it?

The standard is still relatively new compared to other existing standards, but it is very likely that the standard will be adopted by IT outsourcers like IBM, HP, EDS, Fujitsu and the like. It's also more than likely that Government will adopt the standard to benchmark its services against, so it can aim for obtaining a national baseline. Furthermore it is not unlikely that medium to large sized private organisations (of all kinds) will adopt the standard to leverage from its benefits which are plentiful. Increased quality of services, decreased (or stabilised) costs, and aligned IT and business environments are tangible benefits of applying this standard.

When do we need it?

As organisations become more and more dependent on their IT infrastructures, outages of IT services start to have an ever increasing impact on these organisations and their internal and/or external customers. As such it becomes vitally important to manage and control all aspects of the IT infrastructure. People, processes, technology, and information need to be managed and accounted for. As such, the standard deals with documents and records in all its forms. Being accountable for decisions made, and being able to keep a clear audit trail of what has happened and why it has happened is the only professional way of doing business in today's and tomorrow's world. Acts like the Sarbanes-Oxley act are putting more pressure on organisations to keep their IT infrastructure/s under control and to keep track of IT related records, such as financial and change records.

Whether or not an organisation should be pushing for ISO/IEC 20000 accreditation is a question that should be answered by each organisation individually. The timing is right, and being ISO/IEC 20000 accredited could mean the difference between surviving and going under as a business in today's highly competitive environment. Regardless whether or not you use the standard as a baseline for accreditation, it is still extremely valuable as a set of documents that has the potential instilling a culture of continuous improvement and accountability. It's highly unlikely to find organisations that do not want a culture of accountability and continuous improvement, and if they exist at all, then they are definitely not here to stay.

Where do we use it?

The ISO/IEC 20000 standard can be used by any organisation that wants to assess the maturity of their process environment. Once officially audited the organisation is able to achieve ISO/IEC 20000 accreditation.

How do we use it?

The organisation can either use ISO/IEC 20000 to perform a self assessment, or can ask a certified auditor to perform the audit. The ISO/IEC 20000 accreditation is linked to the actual organisation, whereas there's no such thing in place for ITIL. ITIL certification is linked to people, never to organisations, hence the ITIL framework and the ISO/IEC 20000 standard complement each other.