ImplementationApproachtoITServiceManagement(ISO.docxVIP

Implementation Approach to IT Service Management (ISO 20000) Security Management (ISO 27001) Dr. Julian Lo Consulting Director ITIL v3 Expert Agenda Measure IT Capabilities by using ISO Standards Implementation Approach Challenges Suggestions and Considerations Conclusion – What you can get from it. ISO20000 ISO27001 What are the IT Capabilities? The capabilities take the form of functions, processes procedures The capabilities represent an IT organization’s capacity, competency, and confidence for action. Without these capabilities, an IT organization is merely a bundle of un-coordinated resources Do you want to measure your IT organization’s Capabilities? Standard Provide a measurable set of best practice benchmarks common across organizations Compliance to the standards demonstrates that benchmarks have been attained Standards are auditable and assessable by independent and authorized auditors ISO20000 and ISO27001 are the standards What is ISO20000? ISO20000 is the international standard for IT service management. “It describes an integrated set of management processes for the effective?delivery of services to the business and its customers.” Closely follows the ITIL framework. While individuals are ITIL certified, organizations are ISO20000 certified. Requirements of ISO20000 An organization must be able to demonstrate it has “Management Control” of each of the ISO 20000 processes So What is “Management Control”? Knowledge and control of the inputs Knowledge, use and interpretation of the outputs Definition and measurement of metrics Demonstration of objective evidence of accountability for process functionality Definition, measurement and review of process improvements Use of Scope for ISO20000 Certification The scope of the delivered services must be described in a scope statement for certification. A service provider can get certification for; a) part of all services that it delivers b) a specific country or customer. The scope statement validates t