ISO/IEC 20000 is the first worldwide standard specifically aimed at IT Service Management. It describes an integrated set of management processes for the effective delivery of services to the business and the customers. It also focuses on the continual improvement of the service(s). ISO 20000 is sector independent, and relevant to both public and private sector organizations.
Who Needs ITSM (ISO 20000)?
Every organization which values information, needs to protect it, for example: Banks Call centers IT companies & Internet Service Providers Government & classified organizations Service Industry Hospitals Insurance companies, etc.
Benefits of ISO 20000 Information Technology Service: Management (ITSM) Better organizational image because of the certification and continual improvement Lower operational costs because of the avoided risks and improved quality The operations in the organization are running more smoothly More secure and organized working environment Capacity of handling disasters / better disaster management Legal requirements to fulfill customer satisfaction To manage services in defined manners To assign responsibility to service managers To create, manage, operate and update business operations in a structured manner To heel external / internal attacks / threats and so on
Phased Approach for ISO/IEC 20000:
It is crucial to consider the ISO/IEC 20000 requirements prior to implementation. Service Delivery Processes Service Level Management & Reporting Capacity Management Information Security Management Budgeting & Accounting Release Processes Service Level Management & Reporting Control Processes Configuration & Change Management Resolution Processes Incident & Problem Management Relationship Management Business & Supplier Relationship.
1. Gap Analysis Consultants carry out a Gap analysis activity to determine the gaps with respect to ISO 20000 by thoroughly reviewing the current practices and processes of the client organization. Gap Analysis Report is developed and based on that, a high level Process Improvement (PI) Action Plan is developed to document actions to prepare for getting certification.
2. ITSM Awareness and Implementation Training: An Implementer training course on ISO 20000 is provided to facilitate the organization and its key stake holders in better understanding the requirements of the standard.
3. Domain Analysis / Control Area Analysis: to facilitate the client in understanding and implementing the standard We do interactive session(s) with process owners and discuss the standard’s requirements and try to establish a link that how ISO 20000 can be implemented in the organization. This activity helps clients to understand the vital concepts of ISO 20000 as well as help them understand a road map specific to their organization.
4. Process Documentation for Client (Processes and Artifacts Development) / Process Optimization: We also offer to develop processes for client. In this way client may get a detailed developed processes/artifacts for its organization within a short period of time and 100 % compliant with the standard’s requirements.
5. Document Review: if client develops the Process Documentation We perform documentation review onsite / offsite to verify that all the developed Policies, Processes, Procedures, Standards, Guidelines and Artifacts are fulfilling the requirements of ISO 20000. Documentation Review Reports are provided to facilitate the client organization for improving its documentation.
6. Training Material Development against developed process documentation: We help the client to develop Training Material for their defined Standard Processes and Policies. We also offer to develop training material for the clients.
7. Provide training to client on developed processes: We assist the client in conducting trainings on standard processes to relevant staff in the organization. These trainings will focus on hands on exercises to help trainees better understand the core concepts of processes and how to apply them in different projects and departments. We also offer to deliver these trainings to client, because we have more expert trainers of every field.
8. Implementation Support: We facilitate our clients in implementing defined processes and maintaining objective evidences for audit. We also facilitate the client in convincing the practitioners and adopting the risk management approach.
9. Risk Assessment (Service Risk Assessment): It is the most important and complex area of ISO 20000. Our consultants perform detailed Service Risk Assessment for client. It also covers a major part of ISO 27001 Standard.
10. Training on Service Risk Assessment (Tool Development): The purpose of this training is to teach the practitioners how to perform Risk Assessment as per the requirements of ISO 20000 and ISO 27001. Our expert trainers provide training and facilitate in developing Risk Assessment Tool.
11. ISO 20000-1 Internal Audit Training: The training on Internal Auditing (ISO 20000) is provided to facilitate the organization in better evaluating the implemented processes of the organization. This training is also required for performing the Internal Audit activity as per the standard’s requirements of Clause 6.
12. Readiness Check (Pre-Audit): We perform random audits (Readiness Check) to ensure that the organization is performing according to their defined processes and suggest any improvements that add value in their processes and controls. We also ensures that now the organization is ready to go for Certification Audit.
13. Get the client certified by Certification Body:
1. Stage 1 Audit performed by the certification body
2. Verification of Stage 1 Audit Findings (Performed by Quality Aim)
3. Stage II Audit (Getting Certification): Stage 1 and stage 2 Audit will be performed by the Certification Body, because a company which is providing consultancy can’t perform certification audit as per the standard’s requirements. We help the client in fixing the Stage 1 audit findings and also verify that all the findings have properly been fixed (closed) identified in Stage I and Stage II audit.
14. Certification Retention: (Perform Readiness Check Annually or Bi-annually) We facilitate our clients in retaining their earned certifications by performing readiness checks (Random Audits). Our consultants visit the client few days before the external audit to ensure that the organization is performing according to its pre-defined and implemented processes, and also suggest improvements in their defined processes. By performing these checks we ensure that the client will not lose it’s earned certification.
15. Compliance Monitoring (on regular intervals e.g., after one or two months. An on going activity) This is an on going activity, we visit the client on regular intervals to evaluate its compliance via performing readiness checks (random audits). We provide Compliance % Report on every visit. These intervals can be planned (monthly or quarterly) or can be unplanned as per the client’s requirements.
16. Business Continuity Planning / Disaster Recover Planning with respect to ITSM: We facilitate the client in developing BCP and DRP because, proper and effective delivery of Business Continuity Management is a matter of survival. Our consultants ensure the continuity of critical processes of the client organization in case of any minor or major interruption.
17. Verification and Testing of BCP and DRP with respect to ITSM: Our consultants validate and verify the developed BCP / DRP for our client organization. We actually visit the client and test the developed BCP and DRP along with the backup sites and recovery sites. This is more important because an interruption in service may harm the client’s repute.
1. ITSM Awareness and Implementation Training: An Implementer training course on ISO 20000 is provided to facilitate the organization and its key stake holders in better understanding the requirements of the standard.
2. Training on Services Risk Assessment (Tool Development): It is the most important and complex area of ISO 20000. Our consultants perform detailed Service Risk Assessment for client. It also covers a major part of ISO 27001 Standard.
3. ISO 20000-1 Internal Audit Training: The training on Internal Auditing (ISO 20000) is provided to facilitate the organization in better evaluating the implemented processes of the organization. This training is also required for performing the Internal Audit activity as per the standard’s requirements of Clause 6.
4. Training on Business Continuity Planning & Disaster Recover Planning with respect to ITSM: The purpose of this training is to provide better understanding to client’s personnel about BCP and DRP because, proper and effective delivery of Business Continuity Management is a matter of survival, especially in Services Industry. Our experienced trainers provide expert coaching in better identifying Critical Business Processes and Services of the client organization. We also help the clients in developing BCP and DRP along with backup sites and recovery sites.
Note: We can offer a complete bundle of services against any standard or any of the sub-set of any of the services.