Hong Kong Computer Society

LG1, No. 78 Tat Chee Avenue Kowloon Tong, Hong Kong Tel: (852) 2834 2228 URL: http://www.hkcs.org.hk Fax: (852) 2834 3003 Email: hkcs@hkcs.org.hk

Introduction to ISO 20000-1

K H Li HKSPIN ISO/IEC 20000 is the first formal international standard for IT Service Management (ITSM). This brief note provides an overview of this standard. ISO/IEC 20000 consists of two parts. Part 1 defines the specification in 10 clauses for achieving certification (the shall do things), while Part 2 provides the best practices for achieving the requirements stipulated in Part 1 (the should do things). The ISO/IEC 2000 series enables the service provider to understand how to enhance the quality of service delivered. Part 1 defines the requirements for delivering IT services by an integrated process approach. Processes are to be established with supporting resources from management, documentation, and competence, awareness and training. The Plan-Do-Check-Act (PDCA) methodology is recommended to apply to all processes. Brief description will be given in the following sections. Part 2 represents an industry consensus on quality standards for IT service management processes. As a code of practice, it serves as guidance and recommendations and is to be read in conjunction with part 1.

Scope, Terms and Definitions (clauses 1 & 2) Requirements for a management system (clause 3) Planning and implementing service management (clause 4)
Planning and implementing new or changed services (clause 5)

Service Delivery Processes (clause 6)

Capacity Management Service Continuity and Availability Management Service Level Management Service Reporting Information Security Management Budget and Accounting for IT Services

Control Processes (clause 9) Release Process (clause 10)

Release Management Configuration Management Problem Management

Relationship Processes Processes (clause 7)

Business Relationship Management Supplier Management

Resolution Processes (clause 8)

Incident Management Problem Management

Figure 1. ISO/IEC 20000 Structure

ISO/IEC 20000 promotes effective and efficient implementation of an integrated service management program. There are specific requirements with the establishment of service objectives and controls. ISO/IEC 20000 serves as a benchmark against which an organization can measure its service management execution and continual improvement. It identifies requirements for:Service management system, Service management lifecycle, and Service management processes.

The service management system defines management responsibilities, documentation requirements, and the rollout of the service management processes. IT governing policies, plans, processes and procedures shall be established. The service management lifecycle adopts iteratively the Plan-Do-Check-Act cycle, a four-stage process management cycle attributed to Edward Deming. As defined in ITIL Service Management Practices, the four stages within the context of IT services can be interpreted as:
Plan Do Check Act Design or revise Processes that support the IT Services Implement the Plan and manage the Processes Measure the Processes and IT Services, compare with Objectives and produce reports Plan and implement Changes to improve the Processes

The Service Management Processes include 13 processes in 5 process categories Service Delivery, Relationship, Resolution, Control, and Release. The tables below give a brief elaboration on the Service Management System and the Service Management Processes for an organization in the context of the PDCA lifecycle model. Table 1 PDCA in Service Management System (Institutionalization)
Plan
Requirements for Management System Ability to establish policies and framework for IT services Planning and Implementing Service Management Planning and Implementing New or Changed Services Ability to define management direction and responsibilities Ability to plan and approve new or changed services

Do
Allows it to provide documents and records for planning and operation and then Allows it to implement service management plan and process specific plans and than Allows it to provide adequate funding and resources and then

Check
Provide documents and records for operation and control, enabling it to Perform reviews, assessments, and audits, enabling it to

Act
Review and manage competencies and training needs for improved capabilities and maturity in establishing requirements for Management System which increase its ... Identify, measure, report, and manage the activities for improved capabilities and maturity in Planning and Implementing Service Management which increase its

Report outcomes achieved by the new or changed services, enabling it to

Perform post implementation reviews for improved capabilities and maturity in Planning and Implementing New or Changed Services which increase its ...

Table 2 PDCA in Service Delivery Processes

Plan
Service Level Management Process Service Reporting Process Ability to state services and service targets in SLA ... Ability to identify service reports

Do
Allows it to monitor and report its service level and then ... Allows it to produce reports and then

Check
Analyze for improvement actions, enabling it to ... Make informed decisions, enabling it to

Act
Improve its capabilities and maturity in Service Level Management Process which increase its ...

Communicate actions for improved capabilities and maturity in Service Reporting Process which increase its ...

Service Continuity and Availability Management Process Budgeting and Accounting for IT Services Process

Ability to develop the availability and service continuity plans Ability to budget for IT Services cost ...

Allows it to report the availability and then

Investigate the non-availability and failure of continuity test, enabling it to

Formulate action plans for improved capabilities and maturity in Service Continuity and Availability Management Process which increase its Justify the costs for the changes for improved capability and maturity in Budgeting and Accounting for IT Services Process which increase its ...

Allows it to monitor and report the costs and then

Check and controlled the costs, enabling it to

Capacity Management Process

Ability to produce capacity plans to address the business needs

Allows it to identify methods, procedures, and techniques then and

Evaluate the projected capacity and performance requirements, enabling it to

Maintain the capacity plans for service upgrades, change requests, new technologies, etc for improved capability and maturity in Information Security Management Process which increase its

Information Security Management Process

Ability to develop and communicate the information security policy

Allows it to perform security controls and monitor security incidents and then

Report and investigate security incidents, enabling it to

Plan for management actions and improvement measures for improved capabilities and maturity in Information Security Management Process which increase its

Table 3 PDCA in Relationship Processes

Plan
Business Relationship Management Process Supplier Management Process Ability to document supplier management process, assign contract manager and prepared SLA Ability to schedule regularly service reviews and interim meetings

Do
Allows it to establish complaints with escalation channels to customer and then Allows it to monitor service levels and manage suppliers and sub-contractors and then

Check
Assign individuals for whole business relationship process, enabling it to Review contracts regularly to keep meeting needs and obligations, enabling it to

Act
Derive improvement plans for improved capability and maturity in Business Relationship Management Process which increase its .. Plan and record actions for improved capability and maturity in Supplier Management Process which increase its

Table 4 PDCA in Resolution Processes

Plan
Incident Management Process Ability to define procedures for incidents management Problem Management Process Ability to identify and analyze proactively the cause of incidents Allows it to monitor and report problem resolutions and then Review the effectiveness of the problems resolutions, enabling it to

Do
Allows it to classify and manage major incidents and then

Check
Communicate with customers the progress, enabling it to

Act
Restore the agreed services and response to requests as soon as possible for improved capability and maturity in Incident Management Process which increase its Take preventive actions and plan improvement actions for improved capabilities and maturity in Problem Management Process which increase its

Table 5 PDCA in Control Processes

Plan
Configuration Management Process Ability to define policy for CIs, provide impact information for changes, and identify CIs Change Management Process Ability to put in place policies and procedures to control the authorization and implementation

Do
Allows it to record and control components of services and their configuration and then Allows it to assess, approve, and implement changes and reviews and then

Check
Perform, report, and review configuration audit, enabling it to

Act
Plan and document corrective actions for improved capabilities and maturity in Configuration Management Process which increase its

Analyze the change records for frequent recurrences, emerging trends, etc regularly, enabling it to

Plan and document change analysis and actions for improved capabilities and maturity in Change Management Process which increase its

Table 6 PDCA in Release Process

Plan
Release Management Process Ability to setup a release policy stating the frequency and type of releases

Do
Allows it to establish controlled acceptance test environments and then

Check
Analyze success and failure of releases with respect to business impact, IT operations, and support resources, enabling it to

Act
Plan and document actions for improved capabilities and maturity in Release Management Process which increase its ...