ISO 20k GAQM p050-065

Questions and Answers

Why is the planning phase of the Service Management System (SMS) described as a cyclical activity?

• Because service requirements and business needs evolve over time, necessitating continuous review and adjustments. (correct)
• Due to the linear nature of service delivery, requiring planning only at the beginning of each service lifecycle.
• To ensure that the initial SMS implementation is perfect and requires no further changes.
• To limit the involvement of top management to the initial stages of SMS implementation.

Top management's involvement in prioritizing service requirements is crucial because they:

• typically have more time to dedicate to detailed planning activities than other staff.
• are ultimately accountable for the success of the SMS and alignment with business value. (correct)
• are responsible for the day-to-day operations of the IT department.
• handle the technical aspects of service design and implementation.

Which of the following actions exemplifies top management's active role in the planning phase of an SMS, beyond reviewing project reports?

• Assigning responsibility for SMS planning to middle management and expecting them to report progress.
• Delegating all planning tasks to a dedicated project team and only receiving status updates.
• Participating in sessions to prioritize service requirements and define service management policies. (correct)
• Approving the budget for SMS implementation and then focusing on other strategic initiatives.

What is the primary purpose of providing 'talking points' to top management from the SMS planning team?

To ensure consistent and impactful communication from top management to stakeholders regarding the SMS. (A)

Active participation of top management in SMS planning is crucial to:

emphasize the seriousness and importance of the SMS initiative across the organization. (A)

The service management policy primarily serves to:

offer high-level direction and top management's commitment to the SMS aims. (B)

Service management objectives differ from the service management policy by:

providing measurable performance targets that contribute to the policy's aims. (D)

The service management plan's main function is to:

outline the steps and resources required to achieve the service management objectives. (D)

What is a likely consequence of automating a portion of the incident management process?

Potential need for the process owner to acquire additional IT technical skills. (A)

Which factor does NOT typically trigger the initial development of a Service Management System (SMS)?

Complete satisfaction with the current service performance and market share. (C)

What potential impact does the departure of experienced staff and the onboarding of new staff have on an SMS?

Potential reduction in the effectiveness of the SMS and service quality due to a temporary resource gap. (A)

How might changes to services offered by a business affect existing staff?

Changes may lead to revised job descriptions and necessitate further education or the hiring of specialists. (C)

Why is the planning phase considered crucial during the implementation of a Service Management System (SMS)?

Effective planning ensures smoother operation, evaluation, and improvement of the SMS. (D)

What is the primary reason for continuously monitoring and improving the SMS?

Service requirements, marketplace conditions, and customer expectations are subject to constant change. (C)

How does the Deming Cycle (Plan-Do-Check-Act) relate to the implementation of a Service Management System (SMS) based on ISO/IEC 20000?

While not explicitly mandated, the Deming Cycle offers a useful framework for managing the SMS and its services. (B)

A service provider is considering implementing an SMS. What should be their first step during the planning phase?

Develop a very high-level overview of the desired SMS structure. (D)

Why should the service management policy, objectives, and plan be reviewed regularly?

To maintain their adequacy in light of evolving service requirements, market dynamics, and customer expectations. (C)

What are appropriate times to review and update the service management policy and objectives?

At the beginning of the year, during management reviews, after major incidents, or after meeting with important customers. (B)

Which statement accurately describes the relationship between existing service management practices and the development of an SMS based on ISO/IEC 20000?

Existing service management practices, regardless of how basic, usually form the basis which an SMS is evolved from. (A)

How do Lean, Six Sigma, and ITIL's seven-step continual improvement process contribute to the operation of an SMS?

They can trigger improvements in services and existing service management practices. (C)

What are the two perspectives that should be considered when aligning the SMS with business processes and outcomes?

The business perspective and the SMS and service perspective. (B)

What distinguishes a successful Service Management System (SMS) from one that merely produces documented information?

A successful SMS integrates consistently into the daily operations of a service provider. (A)

If a business decides to fundamentally change the nature of services it provides to its customers, what is the likely impact on the SMS?

It will have a major impact, requiring re-evaluation and re-alignment of the SMS and its services. (A)

A service provider is facing increased operational costs and declining customer satisfaction. According to the text, what should they prioritize to address these issues through SMS implementation?

Dedicate significant time and resources to the planning phase of SMS implementation. (D)

According to ISO/IEC 20000-1, who ultimately holds accountability for the quality of services provided within a Service Management System (SMS), even when suppliers are involved?

The main service provider. (C)

When planning to work with suppliers within an SMS, which of the following aspects should be clarified?

How the supplier's components or processes interact with the rest of the SMS and services. (A)

In the context of service targets agreed upon with customers and suppliers, how should the targets for suppliers be determined?

They should be inputs for determining the service targets with suppliers. (C)

What does ISO/IEC 20000-1 explicitly state regarding the extent to which a service provider can outsource services to suppliers?

Service providers may not use suppliers to provide all services; they need to retain some direct involvement. (B)

What type of agreement is generally sufficient for internal suppliers, who are part of the same company that provides the services, or in the case of customers also acting as suppliers?

Any form of documented agreement. (B)

Considering the relationship between service targets for customers and suppliers, what risk does a service provider face if the resolution times agreed upon with an external field service provider are not significantly shorter than the incident resolution target agreed upon with a customer?

The risk of exceeding the customer's agreed service level agreement (SLA). (B)

How does ISO/IEC 20000-3 elaborate on the application of supplier management principles presented in ISO/IEC 20000-1?

By providing various simple and complex examples. (B)

In outsourced scenarios, what actions must a service provider undertake, according to ISO/IEC 20000-1, to demonstrate control over its service provision to customers?

Remaining directly involved and actively managing a portion of the service delivery. (B)

What is the primary purpose of implementing ISO/IEC 20000-1 requirements for most organizations?

To primarily improve existing service management practices. (A)

What should happen after improvement opportunities are identified and registered?

They should be prioritized, allocated to the right people, executed, and tracked to completion. (B)

What is the first course of action when a non-conformity is identified within a Service Management System (SMS)?

Correct the non-conformity as soon as possible. (C)

Why is it important to verify the effectiveness of measures taken to address non-conformities?

To confirm that the non-conformities will not reoccur. (A)

What is the role of non-conformities in management reviews?

Non-conformities are discussed in management reviews to ensure they receive top management attention. (B)

How does addressing non-conformities and implementing improvements in an SMS relate to the Deming Cycle?

It often leads back to the planning stage of the Deming Cycle, restarting the cycle. (B)

An organization has successfully improved its service management practices and reduced costs by implementing ISO/IEC 20000-1. What additional step can it take to demonstrate its conformance to the standard externally?

Undergo a certification process with an external audit. (C)

What is the definition of an audit in the context of ISO/IEC 20000-1 certification?

An opportunity for an organization to showcase its Service Management System. (D)

How does ISO/IEC 20000-1 address major changes to services that impact customers or other services?

By requiring a project-based approach that considers stakeholder requirements, service design, risk assessment, resource needs, and customer impact. (A)

What is the primary outcome of integrating data from different systems, such as capacity management and configuration management, in the context of SMS evaluation?

It produces meaningful insights into aspects of service management, such as capacity usage for specific service components. (A)

What is the role of 'Design and transition of new and changed services' within the context of ISO/IEC 20000-1?

It remains important but has been integrated into the standard's service management processes. (B)

When implementing major service changes, what is the first step?

Gathering requirements from customers, suppliers, and other stakeholders. (D)

What activities are encompassed within reporting, as it pertains to Clause 9 of the ISO/IEC 20000-1 standard?

Encompassing activities to monitor, analyze, and evaluate the SMS and the services. (A)

What should organizations consider when evaluating the effectiveness of their SMS, particularly when using commercial service management platforms?

Supplement platform data with information gathered from other systems to derive meaningful insights. (D)

How does implementing changes impact the Service Management System (SMS)?

Changes may necessitate realignment within the business to maintain effectiveness. (A)

Which components of the Deming Cycle are explicitly mentioned as being applied in the approach to major service changes?

Planning, design, transition, evaluation, and improvement. (C)

Flashcards

SMS Implementation Trigger

An SMS implementation is usually started by the need for a change in how the service provider handles services.

Sources triggering SMS changes

Internal needs (reorganization, cost reduction, revenue increase), customer demands, competitor actions, and innovation.

Improvement Methodologies

Lean, Six Sigma, ITIL's continual improvement and the Deming Cycle.

SMS Development Foundation

ISO/IEC 20000-1:2018 based SMS builds on existing practices and improves them to meet service requirements.

SMS Implementation Effort

Planning activities should comprise most of the work involved in the implementation of an SMS.

SMS Planning Start

Creating a high-level picture of what the SMS should look like.

Deming Cycle (PDCA)

The PDCA cycle (Plan-Do-Check-Act) is a framework applied to the SMS and the services.

SMS Success Factor

The success of SMS depends on it being consistently integrated into the daily operation of a service provider.

What is the PDCA cycle?

A repeating four-stage model for continuous improvement.

Who is top management?

The people at the highest level of management responsible for the success of the SMS.

How does top management get involved?

Actively participating in prioritizing service requirements.

What are 'talking points'?

Explicit input to top management for communication.

What is a service management policy?

High-level guidance on the aims of the SMS.

What are service management objectives?

Measurable performance targets for the SMS and services

What is a service management plan?

Outlines how service management objectives will be met.

What is 'commitment to conform'?

Ensures the SMS is consistent with requirements and continually improving.

Suppliers in IT Service Management

Organizations that furnish components essential for service delivery.

Accountability for Service Quality

The main service provider is ultimately responsible for service quality, value, and SMS effectiveness, even with supplier involvement.

Planning with Suppliers

Clarify roles, interactions within the SMS, and applicable service targets.

Contractual Agreements

Details such as roles and service targets should be formally documented with commercial external providers.

Internal or customer agreements

Utilize agreements when the supplier is internal to your company or is a customer acting as a supplier.

Service Target Alignment

Customer agreements influence supplier agreements.

Supplier Accountability

Suppliers must be held responsible for meeting their agreed-upon service targets.

Service Provider Responsibility

Service providers must perform some service functions; they cannot outsource everything.

Process Change Impact

Changes to processes can require adjustments to roles and responsibilities.

Adequacy Monitoring

Monitoring and improving this adequacy during the operation of the SMS and the services includes reviewing the service management policy, objectives and plan.

Resource Availability

Insufficient staffing or skills gaps can negatively affect the SMS and service quality.

Staff Training

Training programs ensure new staff can perform their tasks effectively.

Service Change Skills

Changes to services can necessitate updated job descriptions and skills.

Continuous Improvement Driver

Service requirements, marketplace dynamics, and customer expectations are subject to change requiring continuous SMS improvement.

Policy Review

Regularly reviewing the service management policy, objectives, and plan keeps them relevant.

SMS Alignment

Align business processes with the SMS and services to ensure mutual support.

Non-conformities

Aspects of the SMS that don't meet ISO/IEC 20000-1 requirements.

Non-conformity Correction

Correcting non-conformities via the improvement process.

Effectiveness Verification

Ensuring fixes prevent recurrence.

Improvement Cycle Restart

Starting the Deming Cycle all over again.

Continual Learning

A process of continual learning and development.

Certification

Externally demonstrating conformance to ISO/IEC 20000-1.

Major Service Changes

Major service changes require a project-based approach with specific requirements outlined in the standard.

Audit

Assessment of conformance with ISO/IEC 20000-1 requirements.

Project-Based Approach Aspects

Gathering requirements, service design, risk assessment, resource needs, and impact analysis.

Audit Opportunity

Showcasing how well the SMS is being run.

Applying Deming Cycle to Major Changes

These aspects align with planning, design, transition, evaluation, and improvement.

SMS and Services Evaluation

It consists of reporting, management review, and internal audit.

Reporting in SMS Evaluation

Monitoring, analyzing, and evaluating the SMS and service performance through reports.

Data Sources for Reporting

Commercial platforms that gather data on incidents, changes, and service requests.

Limitations of System-Generated Reports

May require augmenting and combining data from various systems.

Combining Data

Combining data from different systems to generate meaningful results

Study Notes

Service Continuity Plan Information

• Invoking procedures criteria and responsibilities during major service loss must be included in the service continuity plan
• Service availability targets when the service continuity plan is invoked must be included in the service continuity plan
• Service recovery requirements and the procedures for returning to normal working conditions must be included in the service continuity plan.
• Any results of service continuity tests can be documented in the plan as well
• Risks to service continuity can be documented in the Risk Register
• Reporting on a service continuity event, its impact, and when the service continuity plan was invoked can be done using the generic Report Template
• Opportunities for improvement can be recorded and implemented within the 10.2 CSI Register.xlsx improvements

Mandatory Documented Information

• Clause 10.1 addresses nonconformities and actions taken, using the 10.1 Nonconformities.xlsx template.
• Clause 10.2 deals with opportunities for improvement and implemented improvements, using template 10.2 CSI Register.xlsx
• The list of nonconformities results from internal audit findings, documented in a spreadsheet including a reference number, description, owner, due date, action log, completion date, and status.
• The CSI Register tracks improvement opportunities arising from processes, continual service improvement plans, risks, and other sources via a spreadsheet including a reference number, description, owner, due date, action log, completion date, and status.
• Internal Audits should occur yearly, or in multiple sessions, by qualified personnel with knowledge of ISO 19011 standards for internal audits of management systems, irrespective of external certification audits
• The setup for internal audits is detailed in the Internal audit program template, with the Audit Report as the deliverable

Management Reviews

• Management reviews should be held at least once a year, with twice a year preferred, to update top management on the state of SMS and services based on inputs from the risk register and measurements of processes/services
• Management reviews should give an executive summary rather than going into full detail

Implementing ISO/IEC 20000-1:2018 and Running the SMS

• Successfully running a service management system (SMS) means consistently integrating it into daily operations, where documented information supports the operational processes
• Phases to running the SMS includes planning, implementation, operation, evaluation, and continual improvement
• These phases run on the Deming Cycle (Plan-Do-Check-Act, PDCA) framework

Planning an SMS

• Developing an SMS is typically triggered by needed service change, resulting from internal needs to reorganize, reduce costs, increase revenue, customer feedback indicating dissatisfaction, competitors introducing innovation, or digital transformation goals
• Methodologies, such as Lean, Six Sigma, ITILs seven step continual improvement, can drive large and small-scale improvements necessary in the services and existing service management practices
• SMS is rarely developed when existing service management practices do not exist, instead builds of existing practices
• Actual planning activities are the most responsible for the implementation of an SMS
• Adequate time should be spent in the planning phase, starting with a high-level picture of the SMS

Service Requirements

• Service requirements is where the the SMS starts
• Clause 1.1 of ISO/IEC 20000-1 states that the SMS should meet service requirements and create value by asking stakeholders of the SMS, including customers, suppliers, employees, management, and supporting departments.
• Customers have requirements related to service performance, availability, and support.
• Suppliers need smooth interaction with the service provider.
• Employees require effective processes supporting their daily tasks.
• The value that the SMS and the services create for stakeholders, includes return on investment, effective support of business outcomes, job satisfaction and fulfillment of commercial goals.
• Service requirements and value creation involve talking to stakeholders and creating a list as part of practical activity.
• PDCA dictates that the planning phase is repeated.
• Service requirements must be prioritized with top management involvement, in accordance with Clause 5, accountability and ensuring all activities needed happen
• Top management can prioritize service requirements, develop service management policy, and maintain stakeholder relations
• The SMS needs a service management policy, service management objectives, and a service management plan, created and ensured by management
• The plan must contain information on how the SMS and services will be operated, measured, improved, and resourced
• The service management policy states the SMS needs, service management objectives describes goals, and service management plan how the SMS is achieved
• Top management is responsible for resources like people, information, finances, and tech for service management
• People in the SMS should be appropriately trained and experienced, assessed and updated regularly
• Information resource management and knowledge distribution for standards and ISO/IEC 20000 require knowledge management system (KMS) from simple to extensive

SMS within the Company

• The SMS does not exist in isolation from the rest of the company.
• Many parts of the company, like HR, finance, sales, facilities, should be stakeholders
• The SMS requires collaboration from other departments to align
• Governance by integration is required to run the process side of the SMS
• Governance requires responsibilities and effective process interaction
• Governance is accomplished with the following from ISO/IEC 38500: Evaluate, Direct and Monitor
• Responsibilities are allocated to the process manager or owner
• Top management requires reporting from process owners
• Incident and problem management must interact to exchange information
• Change management interacts with configuration, business relationship, and service level management.
• Processes should be documented to detail process outputs and inputs, clarifying staff influence on business outcomes.
• Awareness of communication should be given to staff
• Service desk agents must register service requests for implementation
• Agreed service levels must be verified to set customer expectations
• Processes can be based on existing ones even if undocumented, modifying based on service and stakeholder needs
• Pilot environments tests ensure expected results and require documentation and measurement with performance criteria and effectiveness

Planning Work

• Services use components from suppliers.
• ISO/IEC 20000 focuses on SMS with use of suppliers
• Distinctions are made between third party suppliers, customer acting as suppliers, and internal suppliers
• Clarifying component providers clarifies process interactions, service targets, and internal and external applications
• Service targets agreed with customers determines supplier service targets, resolving incidents quickly and running risk of exceeding customer SLA

Operating Stage

• Successfully implementing the initial planning stage means operating the SMS should be straightforward.
• Changes can impact organizations, updating docs, informing stakeholders, can use OCM org change management, such as John P. Kotter's eight step process
• Organizational change is ensured through shared understanding and support from top management through communication
• SMS requires continual focus on the activities and values generated
• Observe process effectiveness and address areas impacting improvement
• Roles and responsibilities must be reviewed and adapted when processes change, may require technical requirements for owner's role

Operating the Rest of the SMS

• Resources must available to support SMS
• Staff must be competent and adequately trained for SMS
• Changes to services cause changes to job descriptions that may trigger educational and hiring changes.
• Periodic SMS reviews ensure it adequately meets requirements, marketplace demands, and customer expectations

Periodic Reviews of the the SMS should include

• Service management policy
• Objectives and plan
• Review the organizational operations, alignment with the SMS, and adapt due to service level changes
• Implement a process for major changes, design, service transfers involving all requirements, assess risk, and project based approach.

Evaluating the SMS

• Evaluating the SMS is in clause 9
• Consists of the following three elements: Reporting, Management review and Internal audit.
• Clause requires that there is reports that analyse and monitor the SMS and service
• Commercial service management platforms are a resource that gathers data on incidents and analyses and reports performance
• Gathering data may require third party software that helps with processes and service
• Process performance should be measured, analyzed and reported
• Lean value is great by using data such reporting and aspects in planning process

Reports

• Reports are best in a graphical way
• Must have a meaningful and appropriate image that gives the message
• Top management needs generic data more than staff data
• Customer and supplier need appropriate data

Risks

• Risks should be reported on in various areas
• These can be created in risk to the SMS in general, to service availability and continuity, to information security, risks around service requirements, and risks regarding the use of suppliers

Management Review

• Management review is an opportunity to talk to the top level of management and show them status
• Have discussions of performance, resources, the SMS, improvement ect
• Review by organizations annually or quarterly

Audit Program

• An audit program is required to have a internal ISO/IEC 20000 audit done
• Setup a sample of the SMS is often helpful in that it save time
• Internal auditors cant be biased

Improving

• Improving is a process in the Deming Cycle
• Feedback should be fed into an continual improvement process that evaluates, prioritizes, and executes these improvement opportunities.
• Create a Kanban board to organize and allocated task
• Nonconformities and improvements are mentioned in the standard
• Items are items that need to be discussed in management reviews and should therefore should get top management attention.

ISO/IEC 20000 and the Deming Cycle

• The Deming Cycle is a closed loop
• Improvements that occur and feedback are recycled through it
• The Cycle goes in these phases: Implementing--> Operating-->Evaluating-->Improving

Certification

• The following are requirements of Organizations with a implementing standard of the ISO/IEC20000-1
• Efficiency
• Reducing costs
• Service equality
• Customer satisfaction improvements and value for services
• If requirements of the ISO/IEC 20000-1 are met then a external audit will be required for a certification
• Documented information is required for certain amounts, auditors need that information communicate to them that they need access to.
• Organizations shouldnt change the polish with the job to make it seem how its is, it an opportunity to improve