Accredited ISO/IEC 20000:2011

Information technology - Service management8 H 3 M

ITProTV partner logo
  • ISO/IEC 20000:2011
    • Introduction
    • Standard Overview
    • Standard Overview Part 2
    • Standard Overview Part 3
    • Clause 4 - Service Management System
    • Clause 4 - Service Management System Part 2
    • Clause 5 - Design and Transition
    • Clause 6 - Service Delivery Processes
    • Clause 6 - Service Delivery Processes Part 2
    • Clause 6 - Service Delivery Processes Part 3
    • Clause 7 - Relationship Processes
    • Clause 8 - Resolution Processes
    • Clause 9 - Control Processes
    • Clause 9 - Control Processes Part 2
    • Audits and Certifications
    • Audits and Certification Part 2
    • Achieving and Maintaining Certification
    • Exam Review


26 M

  • Episode Description
  • Transcript

ISO/IEC 20000:2011 is the International Standard for IT service management. In this accredited show we explore the requirements for an organization to achieve the ISO/IEC 20000 certification. This show is designed as a 1st step for managers and internal auditors who are considering gaining accreditation for their organization and as an overview for IT staff who’s organization is working towards accreditation. This show will also prepare individuals for the ISO/IEC 20000 examination.

Welcome to ITProTV, I'm your host Don Pezet. >> Coming at you live from San Francisco [CROSSTALK] >> You're watching ITProTV. >> Welcome to your ISO/IEC 20000:2011 Foundation series. I'm your show host Cherokee Boose. In this episode, we have ISO expert Jo Peacock to come in and introduce what the series is really all about. So, thank you for joining us today, Jo. How are you doing? >> Well, I'm doing fine, but I want to help you out right now, okay? Because that's quite a bit of a mouthful, isn't it? >> It was a mouthful. >> Yeah, ISO, ICE. 20000 2011, yeah let's call it ISO 20k, how about that? >> Okay. >> Even ISO 20000. We should really technically use the right terminology for this because it is an international standard so it's the, it's for the, from the international organization for standardization. But however we're just gonna call it ISO 20000. >> Yeah, I mean this is a technical show anyways, so let's be technical at least once per show. How about that? >> Right, yeah, we should do that once per show. But nevertheless- >> [LAUGH] >> We know that this is a lot for everybody to get their mouths around. And for those of you that are trying to achieve ISO 20000, then you're gonna be calling it ISO 20000. You're certainly not gonna be banding that around the office all the time. >> We have enough to think about, right? >> [LAUGH] So yeah, I'm doing fine anyway, how are you? >> I'm good. So who are we really focusing this training for, or these shows for? Who should be interested in watching these shows, Jo? >> Well, the first thing that I want to do is just explain a little bit about what ISO 20,000 is. >> Okay. >> And then in this particular episode, I'm just going to give us just general overview of who should actually be interested in this show and who should sort of sit and watch some of the episodes in this show. Okay? So the first thing that I wanna do as I've said is just to highlight what ISO 20,000 is. ISO 20,000 is the international standard for IT service management, all right what does that mean and how does it differ from ITIL because we've got shows about ITIL. And of course there's been a lot of talk about ITIL around the world in the past few years. Well ITIL is just a framework it is a framework for managing IT services and it's at best practice frame work. But there is no audit for ITIL. There's nobody that can come in and tell you whether you're doing ITIL right or wrong because ITIL is a framework that you bring into your organization. You adopt the framework. But then you adapt it in a way that makes common sense, perfect sense for your organization. So you adapt it for efficiency and for effectiveness in your organization. ITIL is not plug and play. ITIL is not a one-size-fits-all approach that will solve all of the world's problems. Common misconception there. You know, ITIL's gonna do everything right. [LAUGH] Well, ITIL doesn't do that. ITIL is, as I said, just the framework. We won't tell you what your processes will look like. We'll tell you that you need to have a process. And we'll tell you how to in I-Tel, how to define a process as well. So we'll tell you that you need to have a process for restoring service operation. In other words, for getting people back up and running when something's gone wrong. And in I-Tel In ITIL mind we call this incident management. And so we'll tell you that you need to work out what incident management looks like for your organization. So you will need to have a process to restore service. When it goes wrong, to get it back up and running again. And so what ITIL does is ITIL says to you okay, you need to have this process. Here's some, I was gonna say hints and tips. Here's some very useful information that's going to help you define a process. Will tell you that you start by working at what your process should do. Work at its objective and then work out the output from the process. So what should the output from a process look like? Then what about the inputs? The various inputs to a process. And then, okay, what steps do you need in your organization to ensure that we get from the inputs to the outputs. And this is what ITIL will tell you. ITIL will tell you not only what processes you should have, but also how to define those processes. But we won't tell you what your processes look like, not in ITIL. So there can't be an audit for ITIL. Nobody can come along, even me. >> [LAUGH] >> And I like to think of myself as fairly knowledgeable on the subject. So I can't come along and say, yes, that's working great for your organization using the checklist. I can't do that. I can't audit you from here. There is no iTel compliance. And this is something that's a common misconception amongst everybody that tries to implement ITIL, is that you can be ITIL compliant. And you can't be ITIL compliant, cuz there's no right or wrong with ITIL. So, The question that I ask is though, what's the difference between ITIL and ISO 20000. Well, that's what ITIL is. ITIL's a framework for managing services, it's the best practice framework that you adapt to sync your organization. So how do you know if it's working okay then? How do you know if ITIL is working great? Well when we have something that's completely independent, completely separate. Has absolutely nothing to do with ITIL. I say that with a wink all right. Has absolutely nothing to do with ITIL whatsoever. We have an international standard for service management, for IT service management. And with any international standard, an international standard is something that you attain. It's something that you achieve, it's something that you can say that you can comply with. ISO 20,000 is a standard, where you can measure yourself against and it's a standard for demonstrating efficiency and effectiveness and the relationships in place between IT service management processes. So, it's a standard for demonstrating that you are able to manage your IT services in a way that is the most efficient and effective for your organization. So it's a standard where you are audited against your processes and your services, to ensure that your processes and services are delivering value to your organization, that you have the right processes in place in order to achieve this. But also, and when I say achieve this I mean achieve value delivery, but also that those processes work efficiently and effectively. That they're not bound down by bureaucracy, that they're actually working in a way that will deliver the most value to your organization. So ISO 20000 does not audit ITIL. This is not an ITIL audit. ITIL is just a best practice framework, and there are lots of other frameworks. Even proprietary frameworks that are out there. There are a lot of organizations that have created proprietary frameworks for instance. And of course, what you evolve in your organization becomes your proprietary framework. Now your proprietary management framework will achieve ISO 20000, as long as it is efficient and it is effective in the processes and the way that IT is managed. So there is a big difference between the two. ISO 20000 is a standard for the management of services. Now, if you have implemented ITIL in a way that is the best practice for your organization, then that will help you to achieve ISO 20000. I am not gonna tell you that if you got ITIL implemented, then you're definitely going to achieve ISO 20000. Cuz that's not the case. Cuz if you've got an ITIL framework implemented in your organization. Then unless you have modified and adapted that ITIL framework in a way that is the most efficient for you, then you're not going to achieve ISO 20000 at all. You will only achieve ISO 20000 if you can meet all of the requirements that are outlined in the ISO 20000, we call them parts. So these are the requirements of ISO 20000. So ISO 20000, as I've said, is something that you achieve. And it is something that you will have an auditor come to your organization. And this is after you've had a lot of time to prepare for this, by the way. And an auditor will look at your processes and look at your environment. And look at the tools and the management that you have in place, and the way that you work. And we'll assess whether you have achieved all of the clauses within the ISO 20000 requirement. So ISO 20000, as I've said, is not dependent on ITIL at all. However, if you have an ITIL based framework in place, and it's working efficiently and effectively, then it will certainly help you to achieve ISO 20000. Cherokee, you have a question. >> Yeah, Jo, I know you've taught some pretty high level courses here ITProTV. And just looking at the title for this one, you're talking about the auditing process. Now this course that we're about to get into, this isn't one that will prepare us to be auditors, per se. But looking at the foundations, we want to get a good understanding in order to be able to facilitate this implementation, correct? >> Right, so what this course will do is this course will prepare you for. >> It will tell you all about the requirements for an ISO 20000 audit, as it were. Okay. So we use this course. And in fact, on this particular slide that we've got in front of us now. We use this course, just take a look at the target audience. We would use this course to prepare people for an audit for ISO 20000. Perfect. A lot of organizations will implement an ITIL based framework. And I won't say ITIL based framework, cuz you never implement ITIL. You always implement ITIL based. And so what will happen is, organizations get to a point where they perceive that they have implemented this framework, and that it's working, great. And that they are working efficiently and effectively. And so what do we do now, then? We can't demonstrate ITIL compliance. So what do we do? We wanna have that certificate, we wanna have that plaque on the wall. >> Yeah, we wanna get some kind of. Recognition. Recognition for our hard work that we've put into everything. >> Right, and so why the target audience for this is for those organizations that are saying, okay, I wanna get some recognition now. How do I do this? And so it's at this point in time where an organization might look for recognition, and the first place that they will come to is the international standards. And your international standard, your ISO 20000, will actually give them recognition for having a service management framework in place. Not necessarily ITIL. But it's a management framework that will promote the delivery of value to the business, itself. So the target audience for this are all those people who are going to be involved in an ISO 20000 audit. So all of those people that are preparing for an ISO 20000 audit. These are all of those people that are gonna be involved in the actual audit process. And all of those people within IT. And it says here in that second bullet point down underneath it, the target audience. It says managers, team leaders, and other staff. >> Right, because I don't think it's just isolated to the IT department. Those other stakeholders should at least understand what they're approaching before the audit, right? >> The biggest misconception for ISO 20000 is that we're just going to let all the managers know what's going on. And as far as letting everybody else know, they don't need to be involved. But that's not the case. If I'm conducting an ISO 20000 audit, then, I may come up to you, no matter who you are. I may come up to you, and I may say to you, could you show me where your security policy is, please? Sure Jo. [LAUGH] Right, now. Or like, I don't know what that is. Right, exactly. And this is the problems that we have. As auditors, you could ask that sort of question of absolutely everybody. Now, if you're not able to answer that, then obviously, that's going to be a problem for you in the audit. So this is not just a case of the management being involved. That target audience specifically says other stuff. Now in that first bullet point for the target audience, we talk about managers, service owners, and process owners. Because these are the people that have to drive the compliance. They have to drive all of the activities that will get them to this compliance. But nevertheless, everybody needs to be aware. And we mentioned internal auditors. And we'll always tell you before you actually have your official ITIL audit, you should be auditing yourselves. You can get hold of. And as you start moving down this path, you will be able to get hold of the check list, etc., that auditors are looking for. That they're checking against, they're auditing against. Then you will be able to see exactly where you are on achievement. And so we expect internal auditors to be completely involved in this. Now, whether you want to put your internal staff, some of your internal staff on an ISO 20000 auditor course. Then that's something that we would recommend that you do. Because obviously, for those organizations that are looking to implement ISO 20000. Right. Or are looking to achieve ISO 20000, then. >> Setting yourself up for success, basically. >> Right, yeah, don't set yourself up for failure. Right. Now one of the things that, if you notice here, we've got prerequisites here. And prerequisites are that you need to have at least two years worth of IT service management experience, it says. Or hold the ITIL Foundation Certificate. Personally, I would recommend both. >> Okay. >> There are a lot of people that will come into IT. And one of the first things that they do. And, in fact, university students now who gain sort of master's, etc., within IT, itself. Or within a particular topic within technology. >> Computer science, yeah. >> Yeah, computer science, etc. They come into the IT world and into our environment. And the first thing that they do is that they either take an ITIL foundation class, or they are put on an ITIL foundation class by their organization. We would say that you need to have some experience to go with this, as well. We're talking about an audit. We're talking about an international standard. So we're talking about not just an in-depth knowledge of IT and an in-depth knowledge of. So Unix, or whatever spectrum you work within. But we're also talking about having an understanding of the IT environment as a whole. >> Right, and business practices. >> Right. >> Sometimes students don't have that, per se, when they're entering. So that's great that we are able to actually provide this kind of training. >> Yeah, exactly. So this is not just a case of getting the qualifications. You've really gotta understand, certainly with ISO 20000, you've gotta understand the environment before you can work towards any achievements, and any sort of checking the boxes that work for any audit requirements. So I would definitely say that you should have at least two years worth of IT service management experience. However, that said, when you are a new student and you're coming into an organization that's in the middle of trying to achieve ISO 20000 compliance, then in that case, everybody needs to be made aware. And so there's definitely should be some case of, or some instance of, overviews that are happening with everyone that's involved in IT when we're trying to achieve ISO 20000. So that's a little bit about ISO 20000, so what about this class itself? Well this class is the introduction into ISO 20000, this is not the auditor's class. This is actually the class that we would give to absolutely everybody that is involved within IT. Who, in an IT organization where they are looking to achieve an ISO 20,000 compliant certificate. So this is a class, this is a general 3-day class, with a test a the end of it that we will give to, as I say, absolutely everybody that is involved in the ISO 20000 audit process. So what is the class made up of then? Well, the class is made up of, and here's just a very quick break down. 20% of looking at the scope of ISO 20000. 10% talking about the service management system. We're also going to be talking about service management processes, and I will add a caveat in when we talk about service management processes. This is not an ITIL class, okay? This is not an ITIL show. This is ISO 20000, okay? This is where we audit against a standard. You might hear some terminology that you might think to yourself, hang on a minute, that sounds a little bit like ITIL. This is not ITIL. This is an international standard. We also look at achieving certification. We also look at continual improvement within your organization. And then we will look at the audit activities and we will also do assessments. And you will have exercises in your downloadable material to actually perform your own self-assessment exercises too, to test your own knowledge. Now you do have an exam ,and that exam is available to you. And of course, all of your information will be held in the last episode of this particular class, where we'll go over the exam for you. It's a one-hour test. It's 40 questions. You have to get 26 out of 40, or 65%, in order to pass the test. Now, people will tell me, and they do, that that sounds very much like an ITIL Foundation test. You know, 40 questions, you've got to get 26 out of 40 in order to pass. It does sound like an ITIL Foundation test, you're right. However, and this is where, again, another one of my caveats some in. If you take your ITIL Foundation knowledge into an ISO 20000 test, there is a good chance that you will trip yourself up. Because whilst the concept remains the same, the terminology might not. So there are some things that are going to be tested on this particular class that might be from certainly a different perspective to that which is tested in ITIL Foundation. So this is a very, very clear warning to you to not confuse ITIL with ISO 20000. ITIL is a best practice framework. And having an ITIL-based framework implemented will help you to achieve ISO 20000, but it's not a guarantee. And here in ISO 20000, in this particular show, and in these episodes, we are going to be concentrating on the actual international standard itself, and certification for the international standard. >> Yeah, and Jo, just to break it down a little bit for that name, because I thought this was kind of interesting for me anyways. It might not be to you, but with the ISO coming from the Greek word isos, meaning equal, because it's really international here, we have to keep that in mind. It's not tied to any one particular country. And then also looking at that last part, the 20011, which is referencing that version, this iteration of this particular, I guess, what is it? Exam, or that particular standard. Because when I worked in the manufacturing facility, yes there was ISO compliance, but it was really geared toward a product. But this is really cool because we're talking about being compliant or obtaining that certification, or that compliance, for not necessarily a product, but we're talking about the IT service. So that's really neat. >> ISO 20000 is quite unique in as much as, in terms of IT, it's really, really difficult to obtain an international standard for IT. Because every single service for every organization is different. And every single service is used in a completely different way, because the organization has a completely different purpose as well. >> Right. >> So it is, in one respect, it's quite a prestigious accreditation to achieve. Because it's quite a difficult one to demonstrate. Which is why I say, in one respect, it's quite difficult. Now, if you are fully conversant with ITIL, and if you've got an ITIL-based framework in place. And you have been working in a way that is efficient and effective, then really what we're asking you to do is, we're asking you to prove it. And I like to use the word, show me, because that's exactly what we're doing here in ISO 20000. This is where we come along and we say, show me. Show me that it's working, show me that it's efficient. This is about the proof. But it's very prestigious to have the ISO 20000 certification. And it's true that a lot of organizations will put a lot of effort and a lot of investment into achieving this international standard. Now, the international standard is updated on a regular basis. It was first implemented in 2005. And as you say, it was updated in 2011, and we will be looking to update the standard again. And I know that I have colleagues that are working on this right now as we speak, looking to update the standard again n the near future, because we like to make sure that it's current. And certainly when we're talking about IT, and IT services, the IT environment changes very, very rapidly. So ISO 20000 is something that is here to stay. It is something that certainly is very prestigious. But it's also something that a lot of organizations will use the ISO 20000 audit as an internal measure, just for themselves. Not to try and achieve any accreditation, but just as an internal measure as to how efficient and how effective their IT processes are. And we would certainly encourage that, and that's one of the reasons why we want to make this class available to everybody here today. Is because there are organizations out there that simply want to measure how effective and how efficient their IT service provision is, and they have no way of measuring that. And this can be available to your organization on an individual basis for you just to measure against, without going through the formal process of actual auditing itself. And so in ways like we use methodologies like CMMI to measure process maturity, this takes this one step further because process maturity is something that we look at in isolation. And we look at each process in isolation. Here, with ISO 20000, we're not looking at processes in isolation. We're looking at IT as a whole, and we're looking to see how it hangs together, how it gels together, what the relationships are between processes. If you don't have any relationships between your processes, you're not going to achieve ISO 20000 compliance. So this can be used internally within your organization, just as a yardstick, just to see really how efficient and effective you are at managing your services. >> Well, that's pretty cool, Jo. I mean, not only are our companies and organizations, like you said, using it as an investment for brand reputation or internal-type auditing purposes. But you guys are here, also investing in yourself. So I'm pretty excited, if I could even speak, to get this show started. So is there anything else we need to think of before we go ahead and close out? >> No, in our next session, then we're really going to start and gett into sort of the meat behind ISO 20000. And we're going to look in a lot more depth at about what the requirements are. And we're gonna start talking about terminology, and we'll start talking about clauses, and part one, part two, right away. >> [LAUGH] >> So we get to part 11 and, yeah. >> You say it like it's a bad thing, but there's a lot of really great information that we're gonna be covering, guys. So just be prepared for that. But I think- >> Tune in. >> I think that's about it for this show so we'll go ahead and sign out. I've been your host, Cherokee Boose. >> And I'm Jo Peacock. >> See you here next time here at ITProTV. [MUSIC] Thank you for watching ITPRO.TV.

Just you? Training a whole team? There's an ITProTV plan that fits.

With more than 4,000 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.