ISO/IEC 20000-1 Implementation Guide PDF

4. Implementing the requirements of ISO/IEC 20000-1 -general considerations The implementation of an SMS can be seen as a project that needs a certain timeframe within which the objectives are to be realized. At the same time, however, it should not be seen as a project that needs to cover all requirements of ISO/IEC 20000-1 from day one: you should set realistic targets in shorter time boxes and work towards a full implementation via a step-by- step, iterative approach. The framework for the project as a whole is described below as a nine-step program. STEP 1 EDUCATION First, read the standard ISO/IEC 20000 Parts l, 2 and 3, to familiarize yourself with the objectives. "These documents contain a formal requirement and guidance to establish an SMS, so they should be your permanent reference when starting your journey. A good training course will take you through Part I in detail to help you understand the requirements there are several training providers and curricula out there that can be used. STEP 2 MANAGEMENT SUPPORT It is of vital importance to make sure that your top management supports your efforts in implementing the requirements of ISO/IEC 20000-1 as they have a number of important responsibilities in the standard, including: As Defining a service management policy, expressing general direction for the SMS in line with the organization's strategy, Defining or approving service management objectives, which are the organization-’, vide targets for SMS and the services; Making resources available for the design, implementation and support of the SMS. This includes financial, human, and technological information; 18 Assigning responsibilities to people for managing the SMS; Making sure the SMS achieves its intended outcomes can be seen, these are fundamental aspects that top management needs to be involved in, otherwise the project aimed at achieving compliance with ISO/IEC 20000-1 is going to have serious issues. Without top management support, the implementation of an SMS cannot be successful. STEP 3: DETERMINE THE ORGANIZATION'S CONTEXT Another fundamental starting point for establishing an SMS is to determine the context of the organization. Using the outputs from a Strengths- Weaknesses- Opportunities-Threats (SWOT) analysis and a Political-Economic- Social-Technological-Legal-Environmental (PESTLE) analysis for example, you can determine relevant aspects of the context of your organization: Any issues that are relevant to it, such as competition, resourcing, market developments, new product developments, etc.; Relevant stakeholders (a.k.a. Interested Parties) who have an interface with the organization and certain expectations of its activities. The internal and external environment in which the organization works, including the influences on the SMS and the services of these environments. This will help to establish the exact scope of the SMS — a description of what is included and what is not included. A scope description can be as simple as: The service management system of Happy Chick providing egg-transport services from Groenekan, Netherlands. However, when providing multiple services, from various locations, using multiple suppliers and having multiple customers, the scope statement can become harder to pin down. For this purpose, ISO/IEC 20000-3 has been written, since it provides more depth on what you should think of when determining the scope of your SMS. STEP 4: COMMUNICATE, COMMUNICATE, COMMUNICATE! Communication with stakeholders is absolutely crucial for a project like implementing an SMS. You have already determined who your stakeholders are in the previous step and communication needs to be adapted based on whether they are internal or external to your organization, what role they have and their need to know. 19 ISO/IEC 20000-1 is explicit in what needs to be covered in terms of communication, including: Creating awareness of the service management policy and objectives, as well as how they can contribute to the success of the SMS; Determining what needs to be communicated, to whom and how, related to anything that is relevant for the SMS and the services; Documenting policies, processes, procedures and any other information that needs to be available for the people working in scope of the SMS or other stakeholders. STEP 5: WHAT DO YOU HAVE IN PLACE NOW? Most likely, if you are a service provider, you already have many aspects in place that ISO/IEC 20000-1 requires. Think of some basic processes to interact with customers, deal with incidents, a service catalogue, etc. You may or may not have documented any of these, but the realization that you already have these aspects in place is the first step towards building a more complete SMS. You should create a baseline of these aspects, as they will form the foundation for your SMS from which you can expand to the full scope of the standard. STEP 6: GAPS, RISKS AND OPPORTUNITIES Based on this baseline, you need to carry out a gap analysis: read the standard carefully and for each requirement, determine whether you believe you are already meeting that requirement or not. This can result in a checklist in which you indicate what actions you need to take to meet the Requirements. Table 1 is a simple example of such a gap analysis. 20 It is likely that this exercise and the previous steps will lead to the identification of risks and opportunities. ISO/IEC 20000-1 does not require a full, formal risk management process (such as in ISO/IEC 27001), but you do need to be aware of the risks that may impact achieving SMS outcomes. You need to document the approach to risk management together with the risk acceptance criteria, determine actions to treat these risks and identify the effectiveness of these actions. If you have an existing full risk management process, you can also use this to deal with risks related to your SMS. STEP 7: IMPLEMENTATION Using the gap analysis that you undertook in the previous step; you can now take gradual actions to build your SMS based on the requirements arising out of the standard. You will have identified all actions that you need to perform in order to meet these requirements. Some will be easier than others, so do prioritize and take your time to implement them. A large part will be the actual design of your service management processes. When designing these processes, use a methodology that ensures the following: Make them as efficient as possible, and limit waste where possible — Lean methodologies such as value stream mapping will help here; Make sure you understand how processes interact: the output of one process often serves as the input to another, creating a whole system of processes that interact. There are ways to visualize this (such as the Lean system map) and it is likely, if the resulting picture appears complex, that there is room for improvement; Establish performance targets for processes and find ways to measure their efficiency. This will form input for the operation as well as the Evaluation and Improvement steps described below. Don't forget consistently to communicate with all parties involved (see step 3) during the process of setting up your service management processes. You need to make it clear how these changes are going to improve the way of working in your organization and the customer experience that is provided. 21 STEP 8 OPERATION The SMS and the services are now in steady state, but this does not mean that they can manage themselves: you need to maintain your service levels and keep your customers happy. Keeping a close watch on these issues can only be done by monitoring and measuring your SMS and services and reporting on them. This includes the process effectiveness, attainment of the service management objectives, customer satisfaction, etc. Only when you do this, do you know if your SMS is running well or not and what improvements you have to make, if any. STEP 9 EVALUATION AND IMPROVEMENT This final step consists of a number of elements from Clauses 9 and 10 of the standards: Handle nonconformities — a nonconformity is any non-fulfilment of a requirement, whether these are requirements from ISO/IEC 20000-1 or from the organization's SMS. If they are not conformed to, action needs to be taken to remediate the situation. If a service is not performing according to the agreed service targets, this is usually handled through the incident management process. Set up a Continual Service Improvement (CSI) process — the reason for using the ITIL expression for continual service improvement here is because it is a well-known concept. This CSI program, however, needs to involve both the services and the SMS itself. It should be possible for any stakeholder to submit improvements for management consideration. Moreover, improvements can be triggered by, for example, audits or the risk management process. Note that ISO has now published the publication A Practical Guide - ISO/IEC 20000-1 - IT Service Management, which is a handbook providing guidance for organizations who are new to the standard and are seeking advice and tools to implement their SMS. It contains additional guidance that is not covered in this guide. 22 2. Set up an internal audit program — bring in someone who is independent (e.g. from outside the organization that is in scope of the SMS or from another part of the organization). Get them up to speed with the internal audit procedures described in ISO/IEC 20000-1 Clause 9.2 and ISO 19011 1141 and have them periodically (e.g. annually) do an audit of the SMS. Their audit report will feed into the improvement process, the management review and the external auditor's activities. Top management should regularly review the workings of the SMS, say twice a year. They are accountable for what is happening with the SMS and the services, and therefore they need to be informed about them. The aim of the management review is to ensure the continued suitability, adequacy and effectiveness of the SMS and the services. 23

ISO/IEC 20000-1 Implementation Guide PDF

Document Details

Tags

Related

Summary

Full Transcript