ISO 20k GAQM p034-049

Questions and Answers

What is the primary purpose of reports generated from an organization's financial management system, as described in service management documentation?

• To offer insights into financial forecasts and manage potential budget risks. (correct)
• To detail individual employee expenses for auditing purposes.
• To benchmark the organization's financial performance against industry competitors.
• To provide a historical record of past financial transactions.

Within the context of ISO/IEC 20000-1 capacity management, which of the following statements accurately describes the handling of different resource types?

• Human, technical, information, and financial resources are considered interchangeable and can be managed collectively.
• All capacity resources, regardless of type, are managed using a standardized, uniform approach.
• Due to their distinct nature, human, technical, information, and financial resources require unique and tailored management strategies. (correct)
• Only technical and financial resources require active management, as human and information resources are self-regulating.

Trend analysis reports compiled from change requests can be used to identify:

• The specific costs associated with each implemented change request.
• Individual performance metrics of change administrators.
• Customer satisfaction levels related to recently implemented changes.
• Opportunities for service improvement based on recurring change patterns. (correct)

What is the primary purpose of a Change Management Policy within an organization?

To document the scope of change management, define change types, and establish criteria for major impact changes. (D)

According to the provided information, under what circumstance is the service design and transition process specifically utilized in change management?

For changes identified as having a potentially major impact on services or customers. (C)

Which category of information in a change request template is crucial for understanding the broader implications of a proposed change?

Impact assessment of the change and Priority of the request. (B)

When is a 'project-oriented approach', such as the service design and transition process, deemed necessary for managing changes?

When handling changes considered to have a significant impact on services or customers. (A)

Within a Change Management Policy, what are the typical classifications used to differentiate changes based on their management approach?

Normal, Standard, and Emergency. (D)

Which of the following is NOT a mandatory piece of documented information for configuration management, according to the provided content?

Detailed financial reports for each configuration item, including depreciation schedules. (A)

A Configuration Item (CI) record MUST include which of the following elements?

A unique identifier, type, description, relationship with other CIs, and status. (A)

What is the primary function of a Configuration Management Database (CMDB)?

To serve as a central repository for CI and configuration information. (C)

When other parties (internal or external) are used to provide services, service components, or (parts of) processes, what information about these parties should be registered?

The name of the service/process, component provided, third party's name, and an identification of a control for their performance. (B)

Which documented information must be defined for each service in Business Relationship Management?

A set of service level agreements (SLAs) containing aspects such as service level targets, provider workload limits and any other exceptions. (B)

In the context of business relationship management, what should regularly be reported on regarding service level targets?

Performance against the service level targets and workload changes. (D)

Besides SLAs, what other documented information is essential in business relationship management?

A list of customers, users, and other interested parties in the services. (D)

What action should be taken regarding complaints received about services from customers or other stakeholders?

They should be listed and acted on. (D)

According to the content, what is the initial focus when designing a process based on Lean practices?

Determining the inputs and outputs of the process. (D)

In the context of the SIPOC model, who is considered the 'supplier'?

Anyone providing inputs to a process. (A)

How does the continual service improvement (CSI) process interact with other processes in the system?

It receives inputs from processes like quality assurance and provides outputs to processes like risk management. (A)

What level of process documentation is required to meet ISO/IEC 20000-1 standards according to the content?

Any documentation sufficient for the organization, such as drawings. (A)

What is the purpose of a detailed flow chart in process design, beyond the SIPOC model?

To show more details regarding the workings of the process, owners of steps, and decisions made. (A)

What does Clause 8 of ISO/IEC 20000-1 primarily address?

Service management processes or practices . (A)

How should you approach designing a process according to Lean practices, regarding the SIPOC model?

Create a SIPOC detailing how the process effectively transforms inputs into outputs.. (D)

In a system of interdependent processes, how do the outputs of one process relate to another?

Outputs from one process can serve as inputs to another process. (B)

Which of the following is a key difference between contracts with external suppliers and agreements with internal suppliers, according to the provided information?

Contracts with external suppliers require more formal clauses. (B)

A service provider is creating a template to log service complaints. Which of the following fields is essential to include based on the provided information?

Reference number of the complaint. (B)

An organization is documenting its capacity requirements for a specific service. Which of the following elements should be included in the documentation?

The current capacity, required capacity, and the date for implementation. (A)

What aspect of service management requires mandatory documented information, according to the text?

Budgeting and accounting for services. (D)

An organization wants to improve its understanding of service demand. What approach should it take?

Base it on monitoring services and analyzing customer requests. (C)

When documenting disputes with suppliers, which of the followings should be included in the template?

Description of the dispute and actions taken to resolve it. (B)

What is the primary purpose of documenting 'possible impact of the capacity change on service level targets?'

To understand the potential effects of changes to service capacity. (D)

According to the information provided, what dictates the specific format of legal documents related to supplier management?

Organizational standards, which may supersede ISO/IEC 20000-1. (C)

What key element is required when changes like new service introduction or service transfer to a third party are initiated?

A service design document outlining requirements, implementation approach, and potential impacts. (D)

Which of the following is an essential piece of documented information for release and deployment management?

Analysis of release success or failure, and acceptance criteria. (C)

In incident management, what is the primary purpose of categorizing incidents by environment, service, or CI type?

To facilitate trend analysis and effective incident resolution. (C)

How is the priority of an incident typically determined?

By multiplying the impact of the incident by its urgency. (A)

What is the purpose of having a Major Incident Procedure?

To provide a structured approach for managing high-impact incidents. (B)

What is the significance of documenting acceptance criteria for releases?

To ensure that the release meets the defined quality standards post-deployment. (C)

What should happen if a release does not meet the documented acceptance criteria before deployment?

Action should be taken to modify the release, or the acceptance criteria may be modified with agreement. (B)

Why is it important to perform tests after deployment to verify that the release meets the acceptance criteria in the live environment?

To confirm that the release functions as expected in the actual user environment. (A)

In the context of release management, what is the primary purpose of defining different release types such as normal and emergency?

To dictate the management approach, aligning with standard change management or specific deployment processes. (D)

What is the main goal of documenting information related to incident management?

To define who is responsible for managing the incident, how frequently management is updated, and other key aspects. (D)

For small organizations using the provided problem management template, what is the purpose of tracking the 'Possible related incident records'?

To identify patterns and relationships between problems and incidents, aiding in root cause analysis. (C)

What is the significance of documenting 'Actions taken to deal with the problem' within a problem management record?

To provide an audit trail of the steps taken, facilitating knowledge sharing and preventing repeated efforts. (C)

What is the primary purpose of recording and tracking service requests?

To ensure service requests are recorded, prioritized, fulfilled, and closed in a systematic way. (D)

Why is it important to have a documented procedure for fulfilling each type of service request?

To guarantee that specific steps are followed, maintaining consistency and quality in fulfilling the request. (D)

What is the relationship between 'known errors' and 'problems' in the context of problem management?

'Known errors' are issues for which a root cause has not yet been determined, while 'problems' are issues under investigation. (D)

Why is it important to track the 'Due date for resolution' and 'Actual completion date' for both problems and service requests?

To monitor performance against service level agreements (SLAs) and identify trends in resolution times. (B)

Flashcards

ISO/IEC 20000-1 Clause 8

Clause 8 of ISO/IEC 20000-1 covers service management processes/practices.

Process (ISO/IEC 20000-1)

A set of related activities using inputs to deliver an intended result.

SIPOC Model

A model that identifies Suppliers, Inputs, Processes, Outputs, and Customers.

Supplier (in SIPOC)

Anyone who provides resources or data to a process.

Input (in SIPOC)

Resources (data or materials) needed to start a process.

Output (in SIPOC)

The result of a process, delivered to the customer.

Customer (in SIPOC)

The recipient of the process output, not always the end-user of the service.

Detailed Flow Chart

Visual display showing steps, owners, and decisions in a process.

Configuration Management Database (CMDB)

A central repository for configuration items (CI) and related information.

Configuration Item (CI) Attributes

Unique identifier, type, description, relationships, and status.

Service Level Agreements (SLAs)

Documented agreements defining service level targets, workload limits, and exceptions for each service.

SLA Performance Reporting

Track performance against SLAs and report on workload changes.

Other Parties Spreadsheet

A list identifying third-party providers of services or process components.

Interested Parties List

A list of customers, users, and other stakeholders for each service.

Complaint Management

Recording and addressing service-related complaints from customers or stakeholders.

Controls for Other Parties

Ensuring services from other parties meet defined requirements.

Service Complaint Template

A record detailing issues regarding a service, including the complainant, service owner, and resolution steps.

Supplier Management Information

Formal agreements, contracts, and a log of disagreements with suppliers, including actions and status.

Demand and Consumption

Assessing and predicting the need for services through monitoring and customer requests.

Capacity Requirements

A table documenting current and required resources (human, technical, financial) to meet service needs.

Costs Against Budget

A report comparing the actual costs of running the service against the allocated budget.

Complaint Reference Number

Each complaint should include a unique identifier for tracking purposes.

Service Owner (Complaints)

Knowing who is responsible for handling and resolving the issue.

Complaint Status (Open/Closed)

Tracking whether complaints have been addressed or not.

Service Change Scope

Managing new service implementations, service removals, and third-party service transfers.

Service Design

A document detailing service needs, implementation, and SLA/contract/catalog impacts.

Release Analysis

Analyzing release outcomes to learn from successes and failures.

Acceptance Criteria

Conditions that a release must meet for approval.

Incident Record

A structured record of an event that disrupts or could disrupt services.

Financial Management Report

A financial overview from your organization's system, flagging budget risks.

Demand Management

Planning and controlling the resources needed to meet service demands.

Incident Priority Calculation

Impact x Urgency. Used to categorize incidents.

Major Incident Procedure

A documented process for handling critical service disruptions.

Capacity (in ISO/IEC 20000-1)

Includes human, technical, information, and financial resources, managed individually.

Change Request Trend Report

Analyzes change trends, and identifies improvement opportunities.

Post-Deployment Testing

Verifying that a release meets defined standards in a live environment.

Change Management Policy

Documents services, items governed, change types, and impact criteria.

Change Request

A formal proposal for an alteration that need to be documented, and includes key details like date, description, priority, and impact.

Service Design and Transition Process

Service Design and Transition manages major changes with a project-oriented approach.

Project Approach to Change

A structured method to manage changes with major impact on services or customers.

Release Types

A categorized list indicating the specific type of release for each service (e.g., normal, emergency).

Incident Management (Documented Information)

A documented process outlining who is involved, who leads, and how frequently management is updated during an incident.

Service Request Tracking

Tracks service requests from start to finish, including date opened, description, reference number, priority, owner, actions taken, due date, completion date, and status.

Known Errors

Issues with services lacking a determined root cause, but for which a workaround exists.

Problem Management Information

A minimum set of information needed to effectively manage a problem, including dates, type, description, reference, priority, owner, impact, actions, related incidents/errors, due date, completion date and status.

Service Request Priority

A standard scale (High-Medium-Low) or numeric scale used to determine the importance of a service request.

Service Request Process

Detailed steps to record, prioritize, fulfill, and close service requests.

Service Request Procedure

A documented procedure to complete service requests, dependent on the type of request.

Study Notes

Clause 8

• Clause 8 of ISO/IEC 20000-1 covers service management processes, making process design descriptions vital.
• This section uses Lean principles, offering a helpful framework for good process design that goes beyond the standard's strict requirements.
• Documentation should be sufficient for the organization's needs to meet standard requirements.
• Some organizations use drawings for process documentation, especially where employees have limited literacy.

Process Design (5.5.1)

• ISO/IEC 20000-1 defines a process as interrelated activities using inputs to achieve a planned result. See Clause 3.1.18.
• When designing a process with Lean practices, begin by identifying process inputs and outputs.
• The SIPOC model identifies inputs from a supplier and outputs consumed by a customer.
• For each process, create a SIPOC to detail the transformation of inputs into outputs.

SIPOC Model

• The output of one process, as in the continual improvement process, can serve as the input for another.
• For instance, the continual service improvement process uses quality assurance outputs as inputs.
• Outputs, in turn, become inputs for risk management.
• Mapping interdependent processes can create a comprehensive system, showing how they relate.
• SIPOC shows steps in the CSI process, while a detailed flow chart provides more details.

RACI Matrix

• A RACI matrix complements process design by defining roles: Accountable, Responsible, Consulted, and Informed.
• Elements from these come together in a Process template inside the Documentation Toolkit. The toolkit helps organizations document all processes in the SMS, including those described in Clause 8.

Documentation

• Documented information is needed to ensure processes are carried out as planned.
• Measurements and monthly reports are also needed, in addition to the documented information, to ensure processes are measurable and well perfomed.
• Service requirements should be available to staff and documented when developing a service in any form.

Service Lifecycle

• A service catalog provides a simple list of services, outcomes, and dependencies.
• The template includes fields for a unique identifier, Service Owner, and service status as 'Active', 'Planned', or 'Decommissioned'.

Configuration Management

• Configuration Items (CIs) should be listed by identifier, type, description, relationships, and status.
• A Configuration Management Database (CMDB) is a central repository for CI and configuration data.
• Register other parties (internal/external suppliers, customers) providing services/components in the 'Other Parties' spreadsheet.
• This contains the name of the sevice process, the service component provided by third party, and an identification of control.

Business Relationship Management

• Service Level Agreements (SLAs) should detail service level targets, workload limits, and possible penalties.
• Performance and workload changes against service level targets should be reported.

Supplier Management

• Maintain a list of customers, users, and interested parties in the services to record business relationship management.
• Complaints should be listed with information to be acted on.
• Supplier management information consists of legal documents.

Capacity Management

• Consider these factors with capacity:
  • Human
  • Technical
  • Information
  • Financial resources
• Record these fields for disputes with suppliers:
  • Reference number
  • Name of the service
  • Supplier name
  • Dispute description
  • Service owner
  • Actions to resolve the dispute
  • Closure date
  • Status
• Document requirements for service capacity in a table including:
  • Capacity type
  • Current capacity
  • Required capacity
  • Implementation date
  • Impact of capacity change

Budgeting and accounting

• A report on costs incurred versus budget allocated is the only mandatory documented information.

Demand Management

• The demand for services/usage should be determined based on service monitoring and customer requests.

Change Management

• Reports on requests for change can highlight trends and improvement opportunities.
• Required documentation is limited.
• A Change Management Policy outlines impacted services/components, change types (Normal, Standard, Emergency), and management procedures.
• The policy highlights which changes require the service design and transition process.
• Always document the following for change requests:
  • Date received
  • Reference number
  • Type of request
  • The change description
  • Last update
  • Request priority
  • Request owner
  • Impact assessment
  • Service design
  • Marker for transition process
  • Due date
  • Completion date
  • Status

Service Design and Transition

• Project management approaches manage changes significantly impacting services/customers.
• Various other changes also need to be run through the service design and transition process.

Release and Deployment Management

• Release and deployment management requires documented data.
• Analysis of release success/failure should be recorded, and for small organizations, a template is provided to manage the release using the minimum information needed to manage the incident.

Incident Management & Major Incidents

• Major Incident Procedure: When a major incident occurs, a Major Incident Procedure should be in place and outline:
  • Who it is handled by
  • Who reporting on success or failure of releases is carried by
  • What relevant statistics/root cause analysis are

Types of Release & Acceptance Criteria

• Release acceptance criteria is required by the live enviornment when a release is scheduled, approved, and ready to deploy.
• The types of release should be clearly defined in a simple list.

Service Request & Problem Management

• Service requests allow issues to be prioritized, fulfilled and appropriately closed.
• As with incidents, problems are likely to be managed using some form of Cloud based Platform.

Risk Management & Service Fulfilment

• Each service requst requires a documented procedure containing information on how to meet service fulfilment needs.
• The exact procedure depends on the type of request.
• Information security risks should be documented/treated accordingly in the risk register.