ISO 20000 Rediscovered

"It is easier to do a job right than to explain why you didn't. "
- Martin Van Buren -

If we browse thru brief ITIL history, we can see that ITIL (or its basic concepts) was present in IT since the wheel invention. There lies the key to its popularity in IT service business. What can an IT business do to improve it's functioning, but turn to ITIL, or some of its derivatives, like MOF or ISO/IEC 20000? You educate and certify people, define your functions and processes and introduce tools for their automation. And then you are ITIL compliant. Or not?

ITIL is best practice guidance. In the V3 it becomes a bit more prescriptive, but still it stays a framework that basically tells us WHAT we SHOULD DO. In ITIL V3 there are some more ideas on HOW, but that's not its forte. You can define everything by ITIL recommendations, and it can help you a lot in your Service Management work, but you are still not ITIL compliant. Because there is no such thing as ITIL compliancy. You can measure your processes and report on them all you want, but no one guarantees that you made it there.

An international standard for IT Service Management, ISO/IEC 20000, is heavily based on ITIL. It deals with most important ITIL processes, but also adds some new. It defines requirements and code of practice for ITSM, and also provides the tools for assessment and audit of the system.

By ISO 20000, use of ITIL is not mandatory, but since 20000 is by its nature above ITIL in the pyramid, implementation and certification is much easier (read: “only possible”) if it is ITIL supported. ISO 20000 requirements are very short, not much juice there. HOWs and SHOULDs are in ITIL, SHALLs are in ISO 20000. So know your ITIL.

Also, it doesn't hurt if a company is ISO 90000 certified. You know, mindset and experience...

So, a possible path of implementing ITSM is combination of ITIL and ISO 20k: You define the phases of implementation with processes according the pain you feel in your processes. Also you implement ISO 20000 Plan-Do-Check-Act methodology and metrics for every considered process. Educate people, define the scope, processes and roles. Implement automation tools. Check. Act…

A tiny catch: ISO 20000 requires full frontal coverage, all processes have to be implemented. Scope can be limited only to a specific customer or part of organization. But you can keep your ITIL phased implementation, process by process, or in groups of processes. Apply what ITIL tells you, and implement what ISO20000 requires in each phase. In the end, you have a Service Management organization functioning on best practice principles and ready for ISO20000 certification.

ITSM pyramid

Certification
ITIL Qualification Scheme is for the people. Companies are not certified. Example: my company certified a bunch of people in ITIL Foundations 5 years ago. 95% of them left the company since then. In the meantime, we recognized the cost of repetitious certification of new employees. So we developed internal informal ITIL training, to support our business needs and processes. Only higher positioned people get formal ITIL certificates. We created internal support policies, procedures and work instructions, some of them included in our ISO9000 QMS, some external.

Now, ISO/IEC 20000 provides certification on a company level. External auditor (Registered Certification Body) conducts the review, and if the company meets the certification criteria, it can be certified and display the logo.

So if a company wants to be competitive, and introduce order and best practices in their service business, it should definitely think about ISO/IEC 20000 certification.

ISO20k doesn’t introduce much overhead, it just tells you in advance what things shall be done eventually, and keeps you from wandering in the dark. If implemented right, certificate should be a bonus, not the target.

Related posts: ITIL ISO/IEC 20000 Compared : ISO/IEC 20000 Essentials : Implementing ITIL and Staying Alive

ITIL - ISO/IEC 20000 Compared

General Comparisson
ITIL V2	ITIL V3	ISO 20000
Best Practice	Best Practice	Standard & Code of Practice
Individual Certification	Individual Certification	Certification of a Service Provider Organization and individuals (lately)
Best practice guidance, detailed description and implementation guidance	Best practice guidance, detailed description and implementation guidance slightly more prescriptive then V2	High-level requirements
Defines process and function roles and responsibilities	Defines process and function roles and responsibilities	Org. structure independant, defines few mandatory roles
Process based, 10 processes & 1 function	Service Lifecycle Based, 26 processes, 4 functions	Continual improvement based, 16 processes, no functions
Processes & Functions
ITIL V2	ITIL V3	ISO 20000
Planning to Implement Service Management	Continual Svc. Improvement	Planning and Implementing Service Management
Service Delivery	Svc. Strategy, Svc. Design, Continual Svc. Improvement	Service Delivery
Service Level Management	Service Level Management	Service Level Management
Service Reporting	- Reporting from SLM -	Service Reporting
Financial Management	Financial Management	Budgeting and Accounting for IT Services
IT Service Continuity Management	IT Service Continuity Management	Service Continuity and Availability Management
Availability Management	Availability Management
Capacity Management	Capacity Management	Capacity Management
- demand management from Capacity Management) -	Demand Management	-
Security Management	Information Security Management	Information Security Management
Service Support	Svc. Operation	Resolution Processes
Incident Management	Event Management, Request Fulfilment, Incident Management	Incident Management
Service Desk	Service Desk	- No functions in ISO 20k -
	Svc. Transition, Svc. Operation	Controll Processes
Configuration Management	Service Asset and Configuration Management	Configuration Management
Change Management	Change Management	Change Management
	Service Transition	Release Processes
Release Management	Release and Deployment Management	Release Management
	Svc. Design	Relationship Processes
-	Supplier Management	Supplier Management
	Svc. Strategy, Svc.Design, Svc. Improvement
	Parts of Service Portfolio Management, Service Level Management and Continual Service Improvement	Business Relationship Management

ITIL V3 Foundation Syllabus Change?

In a post ITIL Foundations Exam Go/No-Go from Oct. 27. 2008. I said something about the possible and needed changes in ITIL V3 Foundation syllabi.

For now, nothing has been announced officialy.
There is a new version of Interim ITIL V3 Foundation Certificate Syllabus, version 3.1 from 07. Feb. 2008.

In change comments it says that the reason for new version is updating the Copyright Statement with Crown Copyright. But also, several points of the syllabus are in red bold print, and I haven't seen the explanation for that.

Marked points are mostly from Service Strategy, and most people agree that it was over-emphasized in first V3 exams. ITIL Foundations exams in February indeed had fewer questions from Service Strategy then before.

So, risking to be completely off-target here, I presume that some change is gonna come and someone will inform us officially about it some day.

If someone spots an info on this somewhere, please point it out here. People all around are preparing for ITIL Foundations and it would be nice if they knew what to focus on.

Related posts: ITIL V3 Qualification Scheme : ITIL Foundations Exam - Go/No Go?

Links:

OK folks, here is an update: After a long review process, on 01.05.2009, there are new syllabi available for ITIL V3 exams:

ITIL V3 Foundation Syllabus
Link to the new V4.2 ITIL Foundation Syllabus

ITIL V3 Foundation Bridging Course Syllabus
Link to the new V4.1 Bridging V2/V3 ITIL Foundation Syllabus

ITIL V3 Managers Bridge Course Syllabus
Managers Bridge Syllabus V3.3

ISO/IEC 20000 Essentials

In a previous post I announced a few more words on ISO/IEC 20000. So here they are.

ISO/IEC 20000 is an international functionally based standard for IT Service Management. This functionally based means that it is not a broad general standard like ISO 90000. It was published by ISO (International Standards Organization) in mid December 2005., evolved from BS15000 with only a few minor changes.

HISTORY
During the ‘80s British Standard Institute’s Service Management Group worked on a code of service management practices, which covered 13 basic processes, aligned with the first version of ITIL. Final version of this code was promoted to a standard and published in 2000 as BS15000. It was the first world’s standard for Service Management. After initial testing on early adopters, additional polishing and changes for realignment with ITIL V2, it was republished in 2002. It was adopted by many service companies in UK, but also companies worldwide accepted it.

In 2005, BS-15000 was placed on the “fast track” by the ISO. By the end of the year it was published as ISO-20000 standard.

ISO/IEC 20000 and BS15000 are practically the same, only a few less significant changes were made in the process.


UNDER THE HOOD
ISO/IEC 20000 consists of two specifications: ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005.

• ISO/IEC 20000-1:2005 is Specification and it defines Requirements for ITSM. Part 1 is very formal, it defines processes and provides assessment/ audit criteria.
  
• ISO/IEC 20000-2:2005 is a Code of Practice that gives HOW-TOs and describes best practices for implementation of Part 1.

The standard introduces elements of Quality Management (Plan-Do-Check-Act) in Service Management. Some parts of ISO17999 (ISO standard for internet security) are added. Also it is very much aligned with ITIL and speaks the same language. Basic ITIL processes are described and grouped in a following way:

1. Service Delivery:

• Service Level Management
• Availability Management
• Capacity Management
• Continuity Management
• Budgeting and Accounting for IT Services (Financial Management)
• Information Security Management
• Service Reporting

2. Relationship:

• Business Relationship Management
• Supplier Management

3. Resolution:

• Incident Management
• Problem Management

4. Control:

• Configuration Management
• Change Management

5. Release:

• Release Management

ISO/IEC 20000 Process Groups Model

WHO IS IT FOR?

All service oriented companies, and in particular for business organizations that provide IT services.

The way I see it, if you provide IT services, you need a fine balance of ITIL and ISO20000. ITIL gives you competence, and ISO20000 tells you how competent you are, protects company’s investment and knowledge, and gives you competitive advantage on the market.


CERTIFICATION
Certification Scheme for ISO/IEC 20000 is created and managed by itSMF. To formally confirm compliance with the norm, independent assessment can be performed by an itSMF Registered Certification Body.


ISO/IEC 20000 and ITIL
ISO20000 and ITIL are complementary, in a sense that:

• ITIL is a best practices framework which enables business organizations to establish a common language and understand + establish essential ITSM processes. ITIL says how things SHOULD BE.
  
  
• ISO20000 is a standard that enables business to implement and measure best practices. The main point is that the norm helps to objectively test if those practices have really been adopted. It says how things HAVE TO BE. And who is responsible if they aren’t.

Did ITIL V3 Ruin Everything?
In May 2007 ITIL V3 was published. Did this create a lack of balance between the two?
ISO20000 was aligned with ITIL V2. To be a true quality standard it had to adopt some ISO90000 and develop/evolve some processes. Primarily, it implemented Deming’s P-D-C-A lifecycle for continual improvement.




ITIL V3 caught up with ISO 20000, it is also lifecycle oriented, it adopted some of ISO20000 methods (PDCA) and processes (Security, Supplier Management and Service Reporting). In some aspects, we can say that ITIL and ISO20000 are more aligned now then before.

On the other hand, ITIL V3 significantly evolved in some higher level aspects. ISO will have to revise 20000 in the following years to anticipate this. But that doesn’t mean much to companies that are making first steps in standard adoption, since the early implementation path is focused on the basics, anyway.

ITIL gained a lot of popularity with IT professionals due to its earlier appearance, individual approach and market value for consulting/training companies. Last year's ITIL V3 hype also contributed to it.
Adoption of ISO20000 on the other hand, is a bit slower since it's primary value is to the company, and mixed individual interests of the stakeholders probably slow it down. Also it is more formal and strict, so that can scare away some businesses. With time, it will probably change, at least in companies that are really interested in return of their investment.

Related posts:
ITILV3: What's New?; ITIL V3 Qualification Scheme; Implementing ITIL and Staying Alive

And remember, last week I have put a few mindmaps for you to download:

• ISO/IEC20000 Specification Mind Map
  A set of requirements.
  
  
• ISO/IEC20000 Code of Practice Mind Map
  Guidance and recommendations on quality standards for ITSM.

Implementing ITIL and Staying Alive

At first sight, ITIL implementation path depends on who you are and what you do. And of course, with what do you do it. So: People, Processes, Technology.

At the beginning, let's move one starting dilemma out of the way: full frontal or phased approach? Phased, period. Strategically, you will have in mind full set of processes. But when you start, you want to dig deep and narrow, not broad and shallow. Hit the major pain points, ensure quick wins, and fly on the wings of starting success. This will enable you to move forward easier.

Critical factor number one? Management support. A lot of it.

From What Angle?

• You can try to imagine a well-organized company whose major pain is to know what it has, where it is and how it works. They have a stabile infrastructure with a low incident rate, and their Service Desk copes with it fine. But they implement a lot of changes and they want to gain more control over the Change and Configuration management. Of course, this is a fairy tale company, since a lot of hanges automatically means a lot of incidents, but just for the sake of the argument, this imaginary company would start it's ITIL journey in Change and Configuration Management.
  
• Or, maybe you are in a bank. Security is probably one of your biggest concerns. Maybe you want to start with Information Security and Access management. Depending on your country regulations, maybe you will even start ISO27000 certification. In some parts of the world it is a very likely case.
  
• Some service organizations with a high-end infrastructure (ASPs?) will be focused on geting their services definition right: Catalog, Portfolio, Demand, Suppliers, SLM...
  
• But, in nine out of every 9.1 cases, you are firefighting. In incidents up to your ears. Your left doesn't remember what your right has just done. Your customers are pissed. And because of the chaos you're in, you turned to ITIL. So you start from Incident Management. What a cliché.

So you decided to implement ITIL. How?

Simple: first you get a few ITIL Foundations certificates. Then you realize that you need a magic wand. What? Something to do the job for you. So, you realize that it is the tool that will take you on a journey. Of course, the TOOL.

You read some Gartner reports, evaluate some tools, and choose the best salesmen of evaluated tools. His implementing team is ITIL certified, his Tool is all Pink and shiny. Sadly, but this is usually the most critical point on your way.

You probably chose a good application, since most of the tools on the market are adequate for first steps in ITIL. At the end of the day, and at the beginning of your project, it all depends how good is your vendor. Because at most cases, he will be your ITIL consultant, too. So look closely. References, team certification, staff fluctuations.

To add some odds to your side, at least at the first phase of your project, hire an independent consultant. If you can afford one. This will probably save you a lot of effort, and eventually your job.

P.S.: If your company has ISO9000 certificate, it will be relatively painless for you to start preparing for ISO/IEC20000. You can implement the tool and ITIL processes, you can certify your people, but ISO 20000 offers you the mechanism for process definitions and audits. More on ISO/IEC20000 later, for now I've put a few mindmaps for you to download:

• ISO/IEC20000 Specification Mind Map
  A set of requirements.
  
  
• ISO/IEC20000 Code of Practice Mind Map
  Guidance and recommendations on quality standards for ITSM.

What ITIL books to read?

The man who doesn't read good books has no advantage over the man who can't read them. - Mark Twain

What ITIL books to read? Depends on where do you want to go. Let's examine the main possible reasons for reading ITIL books:

• Say you just want to get acquainted with the matter and decide what to do next. Plenty of texts on the internet, executive summaries, and stuff bordering with copyright laws. That's all you need. If you have the money, you can hire an ITIL consultant and he will supply you with enough materials and knowledge in short time. This could save you a lot of effort searching and filtering, i.e. the before mentioned money. Also, read a free copy of An Introductory Overview of ITIL V3.
  
  
• Maybe you just want to certify in ITIL Foundation, without further ambitions, let's say that your company wants you to. Go to the training, they will supply all the necessary material. Find the question examples on the internet, practice a little, and you have some 70% chance of passing the exam. Read ITIL3 Foundations Exam Questions and ITIL3 Foundations Exam Questions2. Also, if you have the access to Introduction to the ITIL Service Lifecycle (ITIL Version 3), take it home and read it overnight. Not the night before the exam, you want to get a good night sleep before it.
  This is a VERY good book. All the important graphics and tables are in there, all stages described on a moderate detail level. If it was just a bit more specific on process details, it would be ideal one-in-all book for Foundation exam preparation.
  
  
• Finally, maybe you want to become an expert in ITIL. Download and browse all you want, but in the end, you will want to read these books:
  Itil Lifecycle Publication Suite, Version 3: Continual Service Improvement, Service Operation, Service Strategy, Service Transition, Service Design
  Borrow, steal, or buy them. Or better, make your company obtain them. Just READ them. Remember, this is a recommendation, not a self-purpose advertisement. I am not some copyright freak or light-minded advertiser, I deeply believe that knowledge should be more available to people, but if one is serious about things he/she wants to accomplish, then some investments have to be made. And this is a good one. These are well written books and reading them in this starting ITIL v3 era will give you a serious competitive advantage.
  

As for the version choice, you can read the ITSkeptic article about it. Interesting, I had this article half written and then his one appeared in my RSS feed. And I had to rewrite most of this. Damn.

Ok, so books are available in three versions: PDF, online and hardcopy. My company bought hardcopies of five books set and then we purchased a PDF version of Introduction.
My advice: stick to the hardcopy version. Here is a copy/paste of my comment on ITSkeptic site: PDF is such a drag, we still didn't manage to move it to another PC (and we have 40 hardcore IT system consultants), printer copy is nowhere near usability of a real book and printing more then once is next to impossible.
So go for the real book version. Those who prefer piracy will soon have a plenty of cracked copies on their P2P networks, and good citizens like us will enjoy our books, appreciating the price of our knowledge.

Related articles:

• ITIL V3 Foundations exam: Go/No Go?
  What do I think about current V3 Foundations Exams.
  
  
• ITIL V3 Qualification Scheme
  The new scheme for ITIL V3 credit collectors.
  
  
• ITIL Service Manager Exam Quick Reference
  Additional materials for SM certificate aspirants.
  

ITIL Service Manager Exam Quick Reference

As I can see, a lot of people are still training for V2 ITIL Service Manager exam. Just for their convenience, I have added a few .pdf documents that I created while preparing for this exam.

Documents are not very tidy, maybe there is a typo here and there and they are not polished for publishing, but they are full of referent facts. And of course, they are free.

So here they are for you:

• Service Support Quick Reference PDF
• Service Delivery Quick Reference PDF

ITIL SM 2007 Recap

Here is a short recapitulation of 2007 themes on this blog:

ITIL SM 05-2007: ITIL
This was a short overview of ITIL V2.

ITIL SM 05-2007: Service Support
Here I covered ITIL V2 Service Support process & functions:- Service Desk- Problem Management- Change Management- Release Management- Configuration Management

ITIL SM 05-2007: Service Desk
Service Desk basics.

ITIL SM 05-2007: Service Desk Quick Facts
Service Desk quick reference data: Objectives, Activities, CSFs, Benefits.

ITIL SM 05-2007: Incident Management Elements
Incident Management Basics: Goal, Roles, Inputs, Activities, Output, Benefits, CSFs, KPIs

ITIL SM 05-2007: All About Incident Classification
Incident classification: categories, subcategories, problem type, product type, category tree, Assignment Queue...

• Assignment and escalation
• Problem analysis
• Reporting.

ITIL SM 06-2007: Incident Priority - What Everyone Should Know
Incident priority is primarily formed out of it's Impact and Urgency. There are also additional elements, like size, scope, complexity and resources required for resolution.
Also, here are additional facts about Incident Escalation:

• Functional Escalation
• Hierarchical Escalation

I see a lot of visitors coming on this and the previous page.

ITIL SM 06-2007: Configuration Management Basics
Configuration Management Basics: Goal, Roles, Inputs, Activities, Output, Possible Problems, Benefits, CSFs, KPIs.
Configuration Management mind map (mmap).

ITIL SM 06-2007: CMDB - What You Need To Know
Some basics on Configuration Management Database.

ITIL SM 07-2007: Change Management Quick Reference
Change Management Quick Reference: Goal, Roles, Process, Inputs, Activities, Output, Possible Problems, Benefits, Responsibilities, CSFs, KPIs.

ITIL SM 07-2007: ITIL Service Support Process Interaction
ITIL Service Support Process Interaction in CMAP. Less people visited this page so I decided not to analyze too much in further posts.

ITIL SM 07-2007: ITIL V3 - What's New?
At this time, I've already read most of the new ITIL v3 books, so this is my view of what's new.

SERVICE LIFECYCLE:

• Service Strategy: Creating the set of services that help achieve business objectives.
• Service Design: Designing services, from technical and business perspective.
• Service Transition: How to change live production infrastructure, implementing the needed services.
• Service Operation: Day-to-day IT business, operating. A place to start if you are new to ITIL.
• Continual Service Improvement: Evaluating and improving services in support of business goals.

ITIL SM 09-2007: ITIL V3 And The Vacuum
Waiting for the additional ITIL V3 complementary material.

ITIL SM 09-2007: ITIL V2 Mind Maps Free Download
Offered ITIL V2 Mind Maps for Free Download.

ITIL SM 09-2007: A Brief History of ITIL
A Brief (but not too brief) History of ITIL.

ITIL SM 10-2007: ITIL V3 Mind Map Download
Offered ITIL V3 Mind Map Download. I have created a simple mind map for the purpose of my own data organization. I thought that sharing it with a community would be a good idea. So I have put it for download.

ITIL SM 10-2007: ITIL V3 Service Portfolio, Pipeline and Catalogue
In ITIL V3, the customer is more into focus then technology. In V2, customer and his satisfaction were important on a declarative level, but minimum effort was made to point out methods, the whats and hows to improve the customer satisfaction. Instead of CMDB, the Service Catalogue is in charge now.

ITIL SM 10-2007: ITIL Foundations Exam - Go/No Go?
What about attending ITIL V3 Foundations?

ITIL SM 11-2007: ITIL V3 Introductory Overview: 'Littler ITIL' Free to Download
Finally a short overview of ITIL V3 by itSMF UK in association with Best Management Practice.

ITIL SM 12-2007: ITIL V3 Qualification Scheme
ITIL V3 Qualification Scheme for very smart people, and dummies also.

This year I will post about details in V3 that interest me the most, there will be updates to ITILv3 Mindmap. Right now I am researching tools for ITIL process automation, and I plan to give a critical comparison very soon.