ITSM Foundation on ISO/IEC 20000

Certification Training
1973 Learners
View Course Now!

IT Service Management Core Concepts Terminologies Tutorial

1.1 Introduction Slide

Welcome to the EXIN (pronounce as one word) foundation course on IT service management, based on the ISO/IEC 20000 (pronounce as I-S-O - I-E-C-20000) standard, offered by Simplilearn. It is meant for people who believe in the importance of IT service management and want to do it well. The IT service management foundation certificate requires an overview of the field and its relationship with the other areas of information management. Such an overview is based on knowledge of the service management processes in the five key areas. The key areas of resolution process, control process, release process, service delivery process and relationship process also have a good understanding of the core concepts and basic terminology. Let us get started with this course.

1.2 Welcome and Administration

IT service management is about how to provide IT related services to support a business. The international standard in IT service management ISO/IEC 20000 makes it clear, what is essential: making service arrangements and its needs, adapting the infrastructure, supporting users and resolving incidents. ITSM Foundation is intended for everyone, playing a role or having an interest in IT service management. This includes staff from internal and external service providers, their customers, and their managers. We will be explaining the structure of the training including ISO/IEC 20000 certification and course outline, examination format and the agenda over the next few slides in more detail. The exam IT service management foundation is part of the EXIN ITSM qualification program, and a prerequisite of the higher-level exams in the qualification program. The next slides are about the structure and the qualification program. We will now look at the structure of the training.

1.3 Structure of the Training

The minimum number of contact hours for this training course is 15. This program is created to help professionals’ capitalise on best practices from the ITIL certification, with the spotlight on the application of knowledge and understanding. It uses the core of best practices in IT service management, guided by the international standard for IT service management ISO/IEC 20000, and applies a systematic approach to well-known best practices using EXIN’s innovative quality focus. It would include the introduction to IT service management such as, content of ISO/IEC 20000, concepts of ITSM and quality framework, introduction to service management system which includes, the core concepts of service management system followed by the concepts of service design and service transition as well as the service delivery processes such as service level management, service reporting, service continuity along with availability management, budgeting and accounting which is financial management, capacity management, information security management and their relationship with other processes. Let us continue this topic in the next slide.

1.4 Structure of the Training(Contd.)

In continuation from previous slide about the structure of the training, the other topics which are covered are the relationship processes like business relationship management, supplier management and their relationship with other processes. The resolution processes such as incident and service request management and problem management and their relationship with other processes. The control processes like change management, configuration management, release and deployment management and their processes, and finally the course concludes with some case studies and sample exam includes questions with solutions. Take some time to go through these sample questions once you are done with all the modules which can be useful for the preparation for certification examination. In the next slide we will learn about the qualification program.

1.5 ISO IEC20000 Qualification Program

Certification is the concrete evidence of a successful training and your understanding of the quality requirements. EXIN’s multi-level qualification program is called IT service management according to ISO/IEC 20000. The program is beneficial for every IT professional involved in the quality improvement of IT services and IT service management at all levels, as well as in every role of an organisation, starting from an IT professional right up to a senior consultant and auditor. The program consists of a foundation exam, professional exams and two tracks. The first track is geared towards IT management, while the second focuses on auditing. The program is perfectly suitable for a wide range of staff involved in IT service provision: operational staff, supervisors, managers, senior consultants and auditors. Foundation training provides professionals a basic but no less important level of knowledge, and understanding of both ITSM and service quality management. Topics covered include an introduction and overview of the main principles, concepts, and relationships related to ITSM and the ISO/IEC 20000 standard, as well as terminology of the quality approach to ITSM. The professional level ensures candidates acquire the knowledge, understanding and skills needed to perform well in their roles within any of the five main areas of ITSM, such as managing and improving process areas based on the ISO/IEC 20000 standard, based on the P-D-C-A (Plan-Do-Check-Act) quality approach. Successful candidates would have sufficient knowledge of ITSM and the ISO/IEC 20000 standard to successfully meet their daily targets, and help them contribute more fully towards IT service provision. The associate module is intended for professionals involved in supervising the quality of IT services and supporting the IT service management processes. This is for the generalist who aspires to become a consultant/manager or junior auditor. It is a fast track certification and an alternative to the other 3 professional certificates required for taking the consultant/manager or auditor training and certification. The consultant/manager training is ideal for ITSM managers, who will gain a comprehensive coverage on planning, implementing, deploying as well as maintaining IT services and factual knowledge about ITSM processes, and the overall management system. At conclusion, candidates will know how to implement and maintain management systems in compliance with best practices and the international ITSM standard. Finally, the highest qualification in the ITSM world is the executive consultant/manager seminar, which aims at excellence in IT service management and would require experienced professionals with pre-requisite along with extensive experience to qualify. What is the examination format for foundation? It is explained in the next slide. Let us look into it.

1.6 Examination Format

The exam is available in English, Dutch, French, Portuguese, Japanese, Chinese, German, Italian, Latin-American Spanish and European Spanish. This is a closed book exam. No materials are permitted in the examination room. The duration of the exam is 1 hour, and the total number of questions is 40. They are objective type questions with four multiple-choice options in A, B, C or D or as single answers. The minimum score to pass the exam is 65 % (that is at least 26 right questions of 40).

1.7 Course Material Goal

This course material is designed in accordance with the specifications provided by EXIN and the TUV SUD Academy. It helps to prepare candidates for an ISO/IEC 20000 foundation exam according to specifications from EXIN and TUV SUD academy. Let us proceed to the next slide and begin the discussion on the core concepts of IT service management.

1.8 Core Concepts of IT Service Management

This section covers to make you understand the concepts, definitions, the need, benefits, and the principle of continual improvement with respect to the IT service management. The topics that will be covered are to start with the definition and importance of quality. Subsequently, we will learn about the definition of IT service, followed by the factors needed to provide an IT service. Then we will look into the management system for service management. We will also discuss the benefits and characteristics of a process-based approach. We will understand the concept of IT service management as well as the benefits and risks of it. Next, we will cover the role of tools used within IT service management and the principle of continual improvement. Lastly, we will look into the applications of the PDCA cycle. Let us start with the definition and importance of quality in the next slide.

1.9 What Quality is and Why It is Important

“Quality of service is a measure that indicates the overall effect of service performance that determines the degree of satisfaction of a user of the service. The measure is derived from the ability of the resources to provide different levels of services. The measure can be both quantitative and qualitative.” Customers form perceptions of quality of services (QoS) - how effectively and efficiently the service was delivered and the speed and convenience of completing the transaction. Quality of service is therefore crucial for customer and end user satisfaction as it is a measure of the ability of a service to provide the intended value to a customer. It is defined as a custom made set of metrics or measure for every customer based on the intended service. Customer expectations typically get greater and greater over time and therefore customer perception of service quality get revised over time. It is significant to note that to be effective, quality of service must be measured as both qualitative and quantitative metrics. But these quality metrics can be defined based on the goal of the organisation, which will be defined the policy. We will discuss on what quality policy is, in the next slide.

1.10 Quality Policy

The quality policy declares the general quality goals of an organisation. Every service oriented organisation requires the formulation of its quality policy. Typically, the policy would state the goals and objectives of the organisation to meet its intended objectives and results in an efficient, as well as effective manner. The policy would declare the intent to review the process at preset intervals to ensure optimal adherence by reducing or minimising non conformances through a cycle of continuous improvement. However, it must be remembered that the quality policy typically would not cover legal requirements specific customer requirements or standard related specifics. When we are defining the quality policy, it should be in alignment with IT service. Let us now learn about the relationship between IT services and quality, in the next slide.

1.11 Relationship Between IT Services and Quality

A service is provided through the interaction of the provider with customers and users. The quality of the service depends upon this interaction. It is therefore obvious that quality is a perception in the customers mind as to how well the service fulfills the requirements and expectations needed. Customer perception of quality is largely based on expectations. It is therefore important to keep a clear communication on defined expectations with a common vocabulary or language or terminology to ensure the same understanding of the quality and expectations need to be clearly defined. Communication lines must be always open to facilitate feedback and improvement – a quick turn around will provide greater customer satisfaction. Further, the supplier should continually assess how service is being experienced and what the customer expects in the future as quality needs to be maintained at the same or better level. Next slide is about the principles of quality management.

1.12 Principles of Quality Management

The ISO/IEC 20000 standard belongs to the ISO family of standards and therefore owes its basis of quality management principles as defined in the parent ISO 9000 standard. It therefore includes the principles of customer focus, leadership and people involvement through a systems and process approach. It expects management decisions based on quantitative measures and facts with mutually beneficial relationships for all stakeholders. The continual cycle of improvement process which is the fundamental bulwark of process is also presumed. In the next slide will learn about QMS or quality management system.

1.13 Quality Management System

A QMS can be defined as a set of co-ordinate activities to direct and control an organisation in order to continually improve the effectiveness and efficiency of its performance.” An organisation will benefit from establishing an effective quality management system (QMS). The main objective of a QMS is in defining the processes, which will result in the production of quality products and services, rather than in detecting defective products or services after they have been produced. For it to be effective it needs to ensure that the strategy defines the policy, process and tools that drive the people towards achieving a specific objective in an optimal fashion which will be explained in the next slide.

1.14 Objective of a Quality Management System

ISO 9001 specifies the requirements for a QMS that may be used by organisations, for internal application, certification or contractual purposes. The process approach is shown in the conceptual model from the ISO 9001 standard, recognising that customers play a significant role in defining requirements as inputs, and monitoring of customer satisfaction is necessary to evaluate and validate whether customer requirements have been met. This is done through right application of competent, aware and trained people, right products, right suppliers, effective communication, and supporting documentation which is being constantly monitored and supported by senior management. To achieve this objective of management system, we need to follow some steps. How to establish this will be defined in the next slide.

1.15 Steps to Establish a Quality Management System

For organisations to design an effective QMS, they have to identify and manage numerous interlinked, cross-functional processes, always ensuring customer satisfaction is the target that is achieved. A QMS must ensure that the products or services conform to customer needs and expectations, and the objectives of the organisation. Issues to be considered when setting up a QMS. Appropriate and trained resources must be identified to support the quality goals. Measurement must be carried out to determine the effectiveness and efficiency of each process towards attaining its objectives at periodic intervals. In the coming slides we will look at some of the definitions of service, process, service management. Let us learn about service first.

1.16 Service

In this slide we are going to address what is the meaning of service. If you are already having the ITIL understanding, please recall the definition. The one who is not familiar, we define here. The definition of service is `a means of delivering value to customers by facilitating outcomes customers want to achieve without the ownership of specific costs and risks.’ Customers focus on outcomes versus means. Customers transfer costs and risks retain focus and accountability for outcomes. Costs and risks are transferred to service providers. They take on costs and risks responsible for the means of achieving outcomes. Let’s say, an online bookstore is looking for a place to store all the data related to its online book selling business for example books details, customer details, etc., or what in IT is known as database or storage solutions. Now linking it to our description of services, the desired outcome is online selling of books; one of the activities facilitating the outcome is storage of data. Now the bookstore is not specialized in managing storage as an IT service and therefore does not want to manage the associated costs and risks which could come from Infrastructure, staff, facilities etc. However there are organizations in the market that are willing to do that for a cost, commonly called service providers, say for example “Oracle Corporation”, who have specialised knowledge and experience in large scale database systems, and the confidence to control the associated costs and risks. The bookstore agrees to pay for the database service provided by the service provider under specific terms and conditions. So to get back to the definition, the service provider, i.e. “Oracle Corporation”, provides value to the customer, i.e. the online bookstore, by facilitating, in other words, managing book selling company’s database and its associated costs and risks, the business outcomes of which is selling books online. Just to clarify it further, in this case, online book selling company is the customer and “Oracle Corporation” is the service provider. “Oracle Corporation” is providing “database storage” “service” to the online book selling company. In the next slide, we will discuss on the factors required to provide an IT service.

1.17 Factors Required to Provide an IT Service

IT service needs to ensure efficient and effective usage of all components of an information system such as affiliated people, processes, technology and partners such as suppliers, vendors, customers and end users. An IT system is largely used to manage information and data as well as manages changes to the system including data back up and restoration in cases of IT failure. It also implies good quality of maintenance to ensure performance according to specified requirements. Other attributes include quality aspects such as availability, capacity, performance, security scalability, and adjustability and portability against agreed parameters. We will understand these in greater detail in subsequent slides.

1.18 Process

In this slide we will understand, what the meaning or the definition of process is. Different books and different body explains the process with different definition. For example, the book -Reengineering the Corporation, Hammer and Champy state “A business process is a bundle of activities, which requires one or several inputs and which creates value for the customer.” From the ITIL perspective we can define process is “A set of activities designed to accomplish a specific objective. “, implying formal, laid down activities in pursuit of a pre-specified end result or objective. A process takes defined inputs and turns them into defined outputs. A process may include roles, responsibilities, tools and management controls required to deliver the outputs. We know that the implementation of process takes longer time. But benefits associated with process. Let us know more on this, in the next slide.

1.19 Benefits of a Process based Approach

In this slide we discuss about benefits of having process. IT services are designed to meet business requirements with cost efficient and effective consistent services. Value for money ensuring improved relationships and expectations met or exceeded. IT today has higher visibility than ever before with exacting user demands, increased complexity of the infrastructure, charging for IT services and competition for customers. Customers expect ITSM to help them gain competitive edge over rivals, increase market share and communication. Organisations are increasingly dependent on IT service provision for also reducing or minimising risks. Also by having process once can enhance the knowledge management by documenting the lessons learnt. The other benefits are consistency which results in predictable and comprehensible output and less failures and faults which in turn saves cost and wastages. The process is effective if the output meets customer needs and efficient when it is effective at the least cost. Maximising effectiveness and efficiency together means that process produces high quality at low cost i.e. providing most value to customer. We will now understand the characteristics of a process, in the next slide.

1.20 Characteristics of a Process

All processes have the following common characteristics. • First, they are measurable. Managers, typically want to measure cost, quality and other variables while the doers of the process are concerned with duration and productivity. • Second, they deliver specific results. The reason a process exists is to deliver a specific result. • Third, primary output of a process is delivered to customers or stakeholders, as we saw in our example of internet service provisioning. The process was executed for the customer, who wanted the internet service. Finally, process responds to specific events also known as triggers. As in our example, the process for provisioning of internet service was triggered by a call from prospective customer to get the internet connection. Now, we will learn about service management in the next slide.

1.21 Service Management

Let me begin by a quote from Peter Drucker, a renowned American management guru. ‘Quality in a product or service is not what the supplier puts in. It is what the customer gets out and is willing to pay for.’ Some time back, we defined service management as an effective and efficient, process driven management of transforming IT resources into valuable IT services. Let me explain this further by means of a diagram. As you can see in this diagram, it emphasises the link that has to be preserved between the desired business outcomes and the services that service management is responsible for. So what do we mean by capabilities, resources and other terms used in the graphic? • Capabilities are the functions and processes used to manage services. Capabilities are intangible assets of an organisation and cannot be purchased but have to be developed and matured over time. • Resources is a generic term that includes IT infrastructure, people, money or anything else that might help to deliver an IT service. Resources are the tangible assets of the organisation. Resources and capability put together constitute the service assets. For example, Email as a service. The organisation say, Google, providing this service needs to have some hardware like servers, routers, switches to relay emails and software like g-mail, to let users read their emails. These are example of assets. They also need a capable team to manage these assets and the money required to procure these assets. But if Google’s customers don’t know how to get this email service, all of these assets go waste. So how to get an email account, how to maintain it, where to go for support if any issues occur are some of the critical underlying elements of delivering email service. These methods are called processes. We will touch them in a little while. But before that, let me explain two more terms, performance and value. • Performance is a measure of what is achieved or delivered by a system, person, team, process, or IT service. From our email as a service example, effective use by all users, number of mails delivered to the intended recipients, etc are some of performance measure of email service. • Value is a measure of the return on investments or benefits to the business. Let us go back to our example of “Email as a Service”. In older days, messaging used to happen through paper memos. If somebody had to convey a message, they would get it typewritten on a piece of paper and then a courier service would deliver it to the recipient. At some point in time, organisations realised the constraints this method of message delivery had on the organisational capability to deliver to its customers. Luckily for them somebody realised the constraints and invented email, which has since then revolutionised the messaging capabilities of the organisations'. The results of using this service allowed businesses and organisations to spread across geographies. It has contributed to faster decision making and execution due to speedier flow of information and ultimately contributes to greater revenues and profits for the business or the organisation. Or in other words it has enhanced the business outcomes. We will now proceed to the next slide to look into the benefits of IT service management.

1.22 Benefits of IT Service Management

Now let’s look into the benefits of having IT service management. By having good service management practices we can achieve: • Improved quality service provision • Cost-justifiable service quality • Services that meet business, customer and user demands • Integrated centralised processes • Everyone knows their role and knows their responsibilities in service provision In the next slide we will discuss on the risk, associated with service management.

1.23 Risks of IT Service Management

In the previous slide we spoke about the benefits of service management. On the other side of the coin there will be risk association. Some of the risks are:  It takes longer time to implement;  The waiting period for realisation of benefits; and  Stakeholder buy-in Let us now learn about the role of tools used within IT service management.

1.24 Role of Tools Used Within IT Service Management

There is a popular saying, “if you can’t describe what you are doing as a process, you do not know what you are doing’. Having a tool to aid you with an inadequate knowledge of tool requirements would not meet the purpose intended. However, usage of tools can provide automated support for performing repetitive tasks or activities and lead to significant cost saves through increased efficiencies. They also provide excellent audit trails through inbuilt logging and monitoring features which can provide evidence of performance. There are a vast variety of tools for monitoring, software distribution tools, service management or workflow tools and even remote infrastructure management tools. We can’t have the same service management throughout the delivery and support. There should be scope for improvement. Let’s see, how we can achieve this. This will be explained through a model in the coming slides. In the next slide, we will discuss on the applications of the PDCA cycle.

1.25 The Applications of the PDCA Cycle

This slide explains the process model of quality management of W. Edwards Deming, who proposed the PDCA cycle in the 1950’s. The PDCA cycle is at the heart of the ISO 20K approach to service management and must therefore be understood in its entirety. The principle of ISO 20000 functions is a process improvement model according to the PDCA cycle (Plan - Do - Check - Act) pioneered by Deming. Through this interconnection are achieved performances improving service management processes. The cyclical optimisation of quality, leads to continual improvement. It is significant to remember at this time that ‘Plan-Do-Check-Act’ is applicable to all processes defined in ISO/IEC 20000. The principles of continual improvement and the applications of the PDCA cycle will be explained more in detail in the later part of this session. In summary, so far, we have discussed the aspects of IT service management. In the next topic we are going to address the core concepts of quality frameworks.

1.26 Core Concepts of Quality Frameworks

In this topic we are going to cover the core concepts of quality framework from where we can derive the quality principles which contributes to the ISO/IEC 20000 apart from ISO/IEC purpose and its benefits. Some of the quality frameworks or standards like ISO 9001, Security aspects from ISO/IEC 27000, ITIL, COBIT, 6 sigma, CMMI for services, Green IT, CLOUD, Tap® NEXT etc. and the complimentary nature of these quality frameworks. First we will understand what ISO/IEC 20000:2011 is and its parts.

1.27 ISO IEC20000 1 2011

Slide 27: ISO/IEC 20000-1:2011 In this slide will see what ISO/ICE 20000 part 1 of 2011 is. ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain, and improve an SMS. It delivers ‘quality’ via the SMS. The requirements include the design, transition, delivery and improvement of services to fulfill agreed service requirements. It is based on PDCA approach for the improvement activities which we already discussed during our earlier slides. The PDCA methodology helps to understand or fulfill service requirements to achieve customer satisfaction, establish policy or objectives for Service Management, design/deliver services based on the SMS that add value for customer, monitor, measure, review performance of SMS, and services and continual improve SMS and services based on objective measures. It allows integration to the other management standards like ISO 9001 which is nothing but QMS or quality management stream and the information security management system standard ISO/IEC 27001. The owner of ISO/IEC 20000 is International organisation for Standardisation or ISO and international electro-technical commission or IEC and this is developed by joint technical committee 1 subcommittee 7 also called as JTC 1/SC 7. In the next slide we will learn about the parts of ISO/IEC 20000.

1.28 ISO IEC20000 Parts

Now, we are going to discuss the different parts of ISO/IEC 20000. Part 1 is about Service management system requirements. Updated at 2011-04-12 (replacing ISO/IEC 20000-1:2005). The 2011 version (ISO/IEC 20000-1:2011) comprises nine sections namely: 1. Scope 2. Normative references 3. Terms and definitions 4. Service management system general requirements 5. Design and transition of new or changed services 6. Service delivery processes 7. Relationship processes 8. Resolution processes 9. Control processes Part 2 is Guidance on the application of service management systems. Updated at 2012-02-14 (replacing ISO/IEC 20000-2:2005). This is about what the organisation should have to go for the ISO/IEC 20000 standard certification. Part 3 is provides guidance on scope definition, applicability and demonstration of conformance for service providers aiming to meet the requirements of ISO/IEC 20000-1, or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It supplements the advice in ISO/IEC 20000-2, which provides generic guidelines for implementing an SMS in accordance with ISO/IEC 20000-1. Part 4 is intended to facilitate the development of a process assessment model according to ISO/IEC 15504 process assessment principles. ISO/IEC 15504-1 describes the concepts and terminology used for process assessment. ISO/IEC 15504-2 describes the requirements for the conduct of an assessment and a measurement scale for assessing process capability. So this acts as a process reference model. Part 5 is an exemplar implementation plan providing guidance to service providers on how to implement a service management system to fulfill the requirements of ISO/IEC 20000-1 or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It could also be useful for those advising service providers on how to best achieve the requirements of ISO/IEC 20000-1. In the coming slide we will discuss about rest of the parts.

1.29 ISO IEC20000 Parts

In continuation from previous slide: Part 7 is application of ISO/IEC 20000-1 to the cloud, which is currently under development. This international standard gives guidance on application of Part 1 to the cloud. Part 8 is the future and started to develop an ISO/IEC 20000-based process reference model, which we discussed under part 4, (ISO/IEC 20000-4) that can serve as a basis for a process assessment model. Part 10 is once again the future of service management which provides the concepts and terminologies that will come and is currently being developed. Part 11 is the guidance on the relationship between ISO/IEC 20000-1 and related frameworks, currently being developed. This technical report gives guidance on the relationship between ISO/IEC 20000-1 and ITIL. ISO/IEC 27013:2012 provides guidelines on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for those organisations which are intending to either: a) Implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) Implement both ISO/IEC 27001 and ISO/IEC 20000-1 together; c) Integrate existing ISO/IEC 27001 and ISO/IEC 20000-1 management systems. In the coming slide we will look at PDCA methodology.

1.30 PDCA Methodology

In this slide we will discuss in brief about PDCA model. It’s called Plan-Do-Check and Act model used for service continual improvement. It was designed by Edward Deming, also called as Deming cycle. PLAN Establish the objectives and processes necessary to deliver results in accordance with the expected output (the target or goals). By establishing output expectations, the completeness and accuracy of the specification is also a part of the targeted improvement, when possible start on a small scale to test possible effects. So here service management services or SMS like polices, objectives, processes, customer requirements, business need are agreed and planned. DO Implement the plan, execute the process, and make the product. Whatever that has been agreed as part of plan will be implemented here. Collect data for charting and analysis in the following "CHECK" and "ACT" steps. CHECK Study the actual results (measured and collected in "DO" above) and compare against the expected results (targets or goals from the "PLAN") to ascertain any differences. Look for deviation in implementation from the plan and also look for the appropriateness/completeness of the plan to enable the execution i.e.,"Do". Charting data can make this much easier to see trends over several PDCA cycles and in order to convert the collected data into information. Fundamentally the agreed and implemented SMS are measured, reviews and results in reporting. Information is what you need for the next step "ACT". ACT Request corrective actions on significant differences between actual and planned results. Analyse the differences to determine their root causes. Determine where to apply changes that will include improvement of the process or product. When a pass through these four steps does not result in the need to improve, the scope to which PDCA is applied may be refined to plan and improve with more detail in the next iteration of the cycle, or attention needs to be placed in a different stage of the process. Next, we will learn about the ITSM 20 program principles.

1.31 ITSM20 Program Principles

An ITSM 20 program principle is not about technology, communication tools, products, textbook approach and not once in a while. It is about Management system, based on communication to provide negotiated services, delivered in a simple adapted measurable way. Also it is improved continuously and integrated with other processes to make it lean in a service management system. Having definition of ISO/IEC 20000, now we have to look at the users who use this standard.

1.32 Who Uses ISO IEC20000

In this slide we will know who uses the ISO/IEC 20000? The main stakeholders are organisations in particular service providers and auditors who make sure that organisation is adhering to the principles. organisations; • Seeking services, requiring assurance that their requirements will be fulfilled. • Requiring a consistent approach from provider through the supply chain. Service Providers; • Demonstrate capability for design, transition, delivery, and improvement of services fulfilling service requirements. • Improve design, transition and delivery of services through an effective implementation and operation of service management system. Auditors or assessors; • Can confirm the requirements within ISO/IEC 20000 by auditing. In the coming slides we will discuss about service management system and their benefits. Let us move on to the next slide.

1.33 ISO IEC20000 The SMS

Let us now understand how we can achieve the SMS or how we can achieve the requirements from customers by managing the assets to deliver service. Customer or other interested parties or we can say them as stakeholders will have some requirements which we can call it as service requirements has to be translated to service which provides value. To achieve this we should know about the SMS requirements like management responsibilities, governance, documentation, resource management and we need to establish SMS. We can achieve this definitely by using the various processes which comes from ITIL framework. These processes are categorised under delivery, control, resolution and relationship. To achieve this we should know about how to design the service and make smooth transition into the live network. This entire framework of SMS will be explained in the later part of this course. In the next slides will observe about the purpose and benefits of ISO/IEC 20000.

1.34 Purpose and Benefits of ISO IEC20000

In this slide we will discuss about the purpose of ISO/IEC 20000. It enables IT organisations (whether in-house, outsourced or external) to ensure that, their IT service management processes are aligned both with the needs of the business, and with international best practice. Let us look into the benefits of ISO/IEC 20000.

1.35 Benefits of ISO IEC20000

Here are the benefits of having ISO/IEC 2000; ISO 20000 can assist your organisation in benchmarking its IT service management, improving its services, demonstrating an ability to meet customer requirements and create a framework for an independent assessment. •These are some of the most common uses of ISO 20000 by organisations: •An organisation seeking services from service providers and requiring assurance that their service requirements will be fulfilled. •An organisation that requires a consistent approach by all its service providers, including those in a supply chain. •A service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements. •A service provider to monitor measure and review its service management processes and services. •A service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the service management system (SMS). •An assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011. In the next slide, we will talk about the related standards with the help of a diagram.

1.36 Related Standards Overview

All the standards mentioned earlier are inter-related though they owe their genesis and roots in different service organisations. ISO/IEC 20000, ISO 9000 and six sigma are quality management standards with a specific methodology while CMM, CMMI and ISO 15504 are founded out of the software industry. All the remaining frameworks such as; Microsoft operating frameworks, ITIL version 2 and 3, ISO 27000, BS 15000 – the predecessor of ISO 20000 are essentially IT management frameworks. COBIT is intended to be the link between the control frameworks throughout the company (COSO) and the IT-specific models (e.g. ITIL, ISO17799/27002 etc.). Evidence that COBIT meets this requirement is demonstrated by the fact that COBIT is widely used internationally as a control model by most large companies. We will now look more closely at each of these standards.

1.37 ISO9000

The first standard we are looking at is ISO 9000. The owner of this standard is ISO. Its application or audience is generally industry and service providers / management, customers. Its primary objective is to certify companied on an international quality management standard. It has been published in both hard and soft copy media. It is available both as a printout or PDF and as a soft copy downloadable from the ISO site. ISO 9000 comprises a series of documents of which the best known is the ISO 9001 - quality management systems requirements and the ISO 9000 process approach. The ISO 9000 family of standards are related to quality management systems and designed to help organisations ensure that they meet the needs of customers and other stakeholders. The standards are published by ISO, the International organisation for standardisation, and available through national standards bodies while meeting statutory and regulatory requirements. ISO 9000 deals with the fundamentals of quality management systems including the eight management principles on which the family of standards is based. ISO 9001 deals with the requirements that organisations wishing to meet the standard have to fulfill. Third party certification bodies provide independent confirmation that organisations meet the requirements of ISO 9001. Over a million organisations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today.

1.38 ISO IEC27000

The owner of the ISO 27000 standard is again the ISO/IEC published jointly by the international organisation for standardisation (ISO) and the international electrotechnical commission (IEC). Its main application and audience would include all types of organisations / management, customers. Its primary objective is to provide an international information security standard with the intent to certify companies. It has been published in both hard and soft copy media. It is available both as a printout or PDF and as a soft copy downloadable from the ISO site. ISO 27000 comprises a series of documents of which the best known are ISO 27001. The ISO/IEC 27000-series (also known as the 'ISMS family of standards' or 'ISO27k' for short) comprises information security standards. The series provides best practice recommendations on information security management, risks and controls within the context of an overall Information security management system (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series) and environmental protection (the ISO 14000 series). The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT or technical security issues. It is applicable to organisations of all shapes and sizes. All organisations are encouraged to assess their information security risks, and then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities, summarised by Deming's "plan-do-check-act" approach, that seek to address changes in the threats, vulnerabilities or impacts of information security incidents. Next, we will cover Six Sigma.

1.39 Six Sigma

Six sigma is a business management strategy, originally developed by Motorola in 1986. Six sigma became well known after Jack Welch made it a central focus of his business strategy at general electric in 1995, and today it is widely used in many sectors of industry but is not really owned by anyone. Its application and audience is primarily for industry, but is increasingly used by service providers / management. Its objective is to increase in productivity (e.g. reducing spread for standard factory models) through use of different quality management methodologies. Six sigma is a process improvement tool but is not specific to ITSM and can be used with ITIL and ISO20000. However, as a statistically-based quality improvement methodology that can be applied to processes (IT service management).Six sigma is customer based. The customer drives what to improve – the “right” projects are chosen. Its publication media or source is many books as there is no official general document or book trade. It uses a set of quality management methods, including statistical methods, and creates a special infrastructure of people within the organisation ("Black Belts", "Green Belts", etc.) who are experts in these methods. Each six sigma project carried out within an organisation follows a defined sequence of steps and has quantified financial targets (cost reduction and/or profit increase). The term six sigma originated from terminology associated with manufacturing, specifically terms associated with statistical modeling of manufacturing processes. The maturity of a manufacturing process can be described by a sigma rating indicating its yield, or the percentage of defect-free products it creates. A six sigma process is one in which 99.99966% of the products manufactured are statistically expected to be free of defects (3.4 defects per million). Motorola set a goal of "six sigma" for all of its manufacturing operations, and this goal became a byword for the management and engineering practices used to achieve it. Now, we will look into the next standard which is, IT Infrastructure Library (ITIL®).

1.40 IT Infrastructure Library(ITIL)

The owner of ITIL is the Cabinet Office. Its application or audience is for IT service provider or management. Its objective is for best practice guidance for IT service management. It is published through written media or source: books and CD’s published by TSO (The stationary office) or book trade. Since summer 2007, fully revised version 3 (ITIL® V3) available, but ITIL® version 2 is the most popular ITSM framework. The names ITIL and IT infrastructure library are registered trademarks of the United Kingdom's office of government commerce (OGC) – now part of the Cabinet Office. Following this move, the ownership is now listed as being with HM government rather than OGC. Responding to growing dependence on IT, the UK government's central computer and telecommunications agency in the 1980s developed a set of recommendations. It recognised that without standard practices, government agencies and private sector contracts had started independently creating their own IT management practices. The information technology infrastructure library (ITIL) is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. In its current form (known as ITILv3 and ITIL 2011 edition), ITIL is published in a series of five core publications, each of which covers an ITSM lifecycle stage. ITILv3 underpins ISO/IEC 20000 (previously BS15000), the international service management standard for IT service management, although differences between the two frameworks do exist. ITIL describes procedures, tasks and checklists that are not organisation-specific, used by an organisation for establishing a minimum level of competency. It allows the organisation to establish a baseline from which it can plan, implement, and measure. It is used to demonstrate compliance and to measure improvement. The IT infrastructure library originated as a collection of books, each covering a specific practice within IT service management. ITIL was built around a process-model based view of controlling and managing operations often credited to W. Edwards Deming and his plan cycle. After the initial publication in 1989–96, the number of books quickly grew within ITIL v1 to more than 30 volumes. Let us learn about ITIL® Version 2 in the next slide.

1.41 ITIL Version2

In 2000/2001, to make ITIL more accessible (and affordable), ITIL v2 consolidated the publications into 8 logical "sets" that grouped related process-guidelines to match different aspects of IT management, applications, and services. The service management sets (service support and service delivery) were by far the most widely used, circulated, and understood [citation needed] of ITIL v2 publications. The eight ITIL version 2 books and their disciplines are the IT service management sets with service support and service delivery. Other operational guidance is ICT infrastructure management, security management, application management, software asset management (to assist with the implementation of ITIL practices a further book was published (Apr 9, 2002) providing guidance on implementation (mainly of service management, planning to implement service management which has been supplemented more recently (Jan 26, 2006) with guidelines for smaller IT units, not included in the original eight publications: and finally, ITIL small-scale implementation. Let us look at ITIL® 2011 in the next slide.

1.42 ITIL 2011

ITIL v3 is an extension of ITIL v2 and fully replaced it following the completion of the withdrawal period on 30 June 2011. ITIL v3 provides a more holistic perspective on the full life cycle of services, covering the entire IT organisation and all supporting components needed to deliver services to the customer, whereas v2 focused on specific activities directly related to service delivery and support. Most of the v2 activities remained untouched in v3, but some significant changes in terminology were introduced in order to facilitate the expansion. A summary of changes has been published by HM government. In line with the 2007 edition, the 2011 edition consists of 5 core publications – service strategy, service design, service transition, service operation, and continual service improvement. ITIL 2011 is a major update to the ITIL framework that addresses errors and inconsistencies. There are 26 processes listed in ITIL 2011 edition and described below that shows which core publication provides the main content for each process. Five volumes comprise the ITIL v3, published in May 2007 (2007 edition) and updated in July 2011 (2011 edition) for consistency. It includes ITIL service strategy, ITIL service design, ITIL service transition, ITIL service operation and ITIL continual service improvement. IT service management step-by-step. In phase I, we establish process and direction. In phase II, we implement process changes. In phase III, we analyse process and metrics. In phase IV, we identify process as well as opportunities for improvement.

1.43 Mapping ISO20000Standard to the Service Lifecycle

It is possible to map the service strategy to the requirements for service management system as well as business relationship management, budgeting and accounting. Service design can be mapped to planning and implementing new or changed services as well as other disciplines (e.g. availability management, capacity management, and service level management). Service transition maps to the change, configuration and release management processes and service operation maps to the incident and problem management process. Continual service improvement maps to the planning and implementing service management process. Let us proceed to the next slide now.

1.44 Mapping Deming Cycle to the Service Lifecycle

Plan-Do-Check-Act is otherwise known as Deming Cycle. This methodology is very effective in service management which involves a plan – for service management, do – implement service management and provides the services, check – through monitor, measure and review and act through continuous improvement. Even through this model has been explained in the earlier slides, we see how this can fit into the ITIL service life cycle. Plan for service management should include the scopes, objectives, requirements, processes, roles and responsibilities, automation, and audit procedure. So plan will address the service strategy and service design lifecycle. Doing implementation of service management plan will enable service provider to manage and deliver the services by allocation of funds, roles and responsibilities, proper process and related documentation, managing risk, and coordination of service management processes. As we know this is implementation and is taken care by service transition and service operation lifecycle. Objectives and plan for service management will be checked through monitoring, measuring and reviewing against the actual. Auditors play a pivotal role in this part of methodology. Non-compliance shall be pointed out and communicated to the concerned. Continuously improving the efficiency and effectiveness of ITSM processes is the objective of continuous improvement. It shall be performed using identifying, planning and implementing improvements by consulting with all parties in the aim of heading towards organisational improvements. Check and act part takes care of continual service improvement. Let us now look at the next slide and find what are and what are not covered in ITIL.

1.45 What is(not) ITIL

IT processes can be defined as having a set of objectives, activities in-/outputs and interfaces within. These are available in ITIL as also the recommendations for process implementations requirements including those of staff skills, supporting concepts, required functions, and risks. The Evaluation would include critical success factors and key performance indicators. However, ITIL does not cover a resilient set of minimum requirements, software, tools as well as formal models and templates for processes, relations and information artifacts. We now review the ISO/IEC 20000 standard and its coverage and non-coverage in the ITIL standard. It is obvious ISO 20000 is heavily based on ITIL. It deals with most important ITIL processes, but also adds some new one. It defines requirements and code of practice for ITSM, and also provides the tools for assessment and audit of the system. In the ISO 20000 standard, usage of ITIL is not deemed as mandatory, but since 20000 is by its nature above ITIL in the pyramid, implementation and certification is much easier if it is ITIL supported. ISO 20000 requirements are very short. The “HOWs” and “SHOULDs” are in ITIL, the “SHALLs” are in ISO 20000. ISO 20000 requires full frontal coverage; all processes have to be implemented. Scope can be limited only to a specific customer or part of organisation. But an ITIL phased implementation can be process by process, or in groups of processes. It would be best therefore to apply what ITIL requires, and implement what ISO20000 requires in each phase. In the end, there will then exist a service management organisation functioning on best practice principles and ready for ISO20000 certification. Next, we will discuss on the process document contents.

1.46 Process Document Contents

Typically, all process documents have a minimum set of contents that include the following: 1) An introduction for an overview of the process. 2) The objective to understand the purpose of the process. 3) The scope to understand the coverage of the process and its exclusions. 4) The target audience. 5) Process roles for understanding roles and responsibilities as well as accountability. 6) The Inputs to understand the requirements to begin a process step or task in an organised fashion. 7) The process flow which is largely the steps following each activity. 8) Process details to understand the number of tasks to accomplish each step successfully. 9) The outputs or results expected from the process. 10) Process metrics or quantitative measures to know the variance of planned vs. actual. 11) Process interfaces to understand impact on corresponding process. 12) Appendix and 13) Glossary. Let us now look into another standard that is, Microsoft operations framework or MOF.

1.47 Microsoft Operations Framework(MOF)

The owner of this standard is Microsoft. Its application or target audience is IT service providers or management. Its primary objective is operational guidance for users of Microsoft products. It has been published in both hard and soft copy media. It is available either as a printout or PDF or as a free soft copy downloadable from the Microsoft site. It is based on ITIL® V2, but provides prescriptive guidance extended to ITIL’s descriptive guidance. MOF 4.0 describes the IT service lifecycle in terms of three phases and a foundational layer: MOF organises IT activities and processes into service management functions (SMFs) which provide operational guidance for capabilities within the service management environment. Each SMF is anchored within a related lifecycle phase and contains a unique set of goals and outcomes supporting the objectives of that phase. An IT service’s readiness to move from one phase to the next is confirmed by management reviews, which ensure that goals are achieved in an appropriate fashion and that its goals are aligned with the goals of the organisation. The interrelated disciplines of governance, risk, and compliance (GRC) represent a cornerstone of MOF 4.0. IT governance is a senior management–level activity that clarifies who holds the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaluated. Risk represents possible adverse impacts on reaching goals and can arise from actions taken or not taken. Compliance is a process that ensures individuals are aware of regulations, policies, and procedures that must be followed as a result of senior management’s decisions. The Plan Phase focuses on ensuring that, from its inception, a requested IT service is reliable, policy-compliant, cost-effective, and adaptable to changing business needs. The deliver phase concerns the envisioning, planning, building, stabilisation, and deployment of requested services. The operate phase deals with the efficient operation, monitoring, and support of deployed services in line with agreed-to service level agreement (SLA) targets. The manage layer helps users establish an integrated approach to IT service management activities through the use of risk management, change management, and controls. It also provides guidance relating to accountabilities and role types. Next, we will discuss on MOF 4.0: Framework.

1.48 MOF4. Framework

The MOF 4.0 model has a composition which comprises the process model, team model and risk management disciplines. The process model divided in four quadrants. It is extended and substantiated from ITIL® V2. The change initiation review contains change, configuration and release management and is the change quadrant. The release readiness review is the operations quadrant containing service monitoring and control, system and network administration, directory services administration, security administration, storage management, and job scheduling. The SLA review is the supporting quadrant is the service desk, incident and problem management. Finally, the optimising quadrant has the service level management, capacity, availability, security, infrastructure, financial, workforce, and service continuity management included. MOF principles and guidance are also organised around three core models, which are each manifested within the individual service management functions (SMFs). These three models: The MOF team model contains a high-level discussion of the MOF team model, how it relates to the other models and disciplines, and implementation scenarios. The MOF team model for each team role cluster, the MOF team model defines activities and processes, typical ways in which these role clusters and responsibilities are identified in a production environment and common requirements for specialists within the role. MOF process model with service management functions with change management, configuration management and release management discussed the business value of MOF, why organisations should adopt MOF and the road map to adoption. MOF process model for operations contains a high-level discussion of the MOF team model, how it relates to the other models and disciplines, and implementation scenarios. Operations management reviews contain change initiation review and release readiness review. The MOF team role clusters include the release role cluster and the MOF risk model provides a framework for organisations to identify, categorise, and manage risks proactively and continuously. This is formalised, in order to ensure that team members are continually alert to the potential for risks that might result from IT activities. The MOF risk management discipline for operations is a detailed discussion of the MOF risk management discipline and its importance to an IT organisation. In the next slide, we will understand the capability maturity model integration (CMMI).

1.49 Capability Maturity Model Integration(CMMI)

The owner of the CMMI standard is the software engineering institute (SEI) of Carnegie Mellon University. Its application and audience is largely software and system developing organisations or management, customers. Its objective is measurement of organisational maturity. It has been published in both hard and soft copy media. It is available either as a printout or PDF or as a free soft copy downloadable from the SEI website It is not an ITSM standard, but maturity levels are a frequently used concept. Capability Maturity Model Integration (CMMI) is a process improvement approach whose goal is to help organisations improve their performance. CMMI can be used to guide process improvement across a project, a division, or an entire organisation. Currently supported is CMMI version 1.3. CMMI in software engineering and organisational development is a process improvement approach that provides organisations with the essential elements for effective process improvement. CMMI is registered in the U.S. patent and trademark office by Carnegie Mellon University. According to the software engineering institute (SEI, 2008), CMMI helps "integrate traditionally separate organisational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes." Next, we are going to talk about CMM or CMMI maturity levels.

1.50 CMM CMMI Maturity Levels

Maturity levels are levels of maturity an organisation aspires and grows to. These are well defined processes ranging from basic process moving to existing standard processes implemented and documented and finally, monitoring of quantitative quality goals. CMMi has five maturity levels. However, maturity level ratings are awarded for levels 2 through 5. The process areas below and their maturity levels are listed for the CMMI for development model: Maturity Level 2 -Repeatable  CM - Configuration management  MA - Measurement and analysis  PMC - Project monitoring and control  PP - Project planning  PPQA - Process and product quality assurance  REQM - Requirements management  SAM - Supplier agreement management Maturity Level 3 - Defined  DAR - Decision analysis and resolution  IPM - Integrated project management  OPD - Organisational process definition  OPF - Organisational process focus  OT - Organisational training  PI - Product integration  RD - Requirements development.  RSKM - Risk management.  TS - Technical solution.  VAL - Validation.  VER - Verification. Maturity Level 4 - Quantitatively managed  OPP - Organisational process performance  QPM - Quantitative project management Maturity Level 5 - Optimising  CAR - Causal analysis and resolution OPM - Organisational performance management Let us now move on to the next slide and discuss on capability assessments.

1.51 Capability A

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*