Background

ISO 20000 -2011 is based on ITIL, the best practice framework. ISO 20000 – 2011 requirements are divided into management system requirements and 13 core processes and one-design clauses.

The detail list of ISO 20000 – 1 – 2011 are listed here – http://www.coralesecure.com/pg/48/sms-iso-20000-2011-standard.html

Business Context

The leading oil government based in Kuwait provides IT services to its 1500 user base across Kuwait and global locations.

Coral Methodology 

We divided the assignment into the following key phases.

Phase 1 – Gap Analysis

Phase 2 – Documentation

Phase 3 – ITSM Performance Reporting

Phase 4 – Internal Audit

Phase 5 – Certification Body Audits

Listed below are unique highlights about each of the phases.

Phase 1 – Gap Analysis

This phase has several documented tasks aimed at understanding customer expectation from IT on one hand, and understanding the level of IT performance reporting. We met each IT teams and understood their core IT delivery processes. This phase resulted into the following documented deliverables 

  • Service Identification – which will lead to determination of service catalogue
  • Asset and Configuration identification
  • Availability Risk Assessment
  • Skill Identification
  • Gap analysis of individual ISO 20000-2011 requirements

Phase 2 – Skill Transfer, Documentation, and Training 

In this phase each of the ISO 20000 – 2011 management system controls are defined, and handed over to client nominated program management team using our methodology that includes templates, proof of concepts, communication, and defined workflows. Each of the standards requirements underwent a deep dive with customer first understanding the process and agreeing the way they would like to operate the individual process in the context of their configurations, on one hand, and the service catalogues with the customers. Key documented deliverables for this phase involved the followings:

  • Service Catalogues finalization with customer groups
  • ITSM Policy
  • ITSM authorities that included roles and responsibility
  • ITSM Performance dashboards
  • Training – that involved awareness sessions and cross – process impact trainings using simple services, and their impact across 14 processes
  • Individual policy, procedure and metrics for each of the ISO 20000-1 – 2011 requirements. Here is the full list of requirements – http://www.coralesecure.com/pg/48/sms-iso-20000-2011-standard.html

Phase 3 – ITSM Performance Tracking

After the completion of documentation was complete the third phase was about tracking the performance of the ITSM based on what is agreed with process owners and teams. Being independent and focusing on customer satisfaction, we were able to give valuable inputs whether some processes were working or otherwise with inputs on fine-tuning the process.

Key deliverables of these phases included the followings:

  • Performance report on ITSM processes
  • Process lacunae

Phase 4 – Internal Audit

An independent team was created combining both consultant and the internal team that was entrusted with the task of auditing the performance of the ITSM. The team made interesting audit findings – which made lot of IT performance and business sense.

  • Internal Audit Process
  • Awareness Check of Personnel
  • Maturity Rating of the 14 processes
  • Compliance rating for 140 detail requirements covering ISO 20000 – 2011 clause 4 to Clause 9.3 requirements.

Management review – The process concluded with the management review which was attended by all senior members of the IT steering committee along with the process champions, and the management representative.

Phase 5 – Certification Body Audits

Finally the certification body arrived, to perform the two stages of audit:

Stage 1 – Documentation Audit – In this they verified all the documentary requirements of the standard. As we documented and checked the compliance at each of the detail 140 compliance requirements, the auditor could find compliance in all areas, with few suggestions for improvements.

Stage 2 – Implementation Audit – In this phase the audit was more rigorous and involved checking the service context and the associated processes and involved interviewing process owners.

Finally the company was recommended for successful ISO 20000-2011 certification.

The organisation achieved several business and IT benefits.

  • Customer knew exactly what to expect and by when
  • IT service risks were visible to everyone in the form of a dashboard
  • Performance of individual processes were extremely transparent

For a detail analysis of how Coral can help you align your organisation to ISO 20000-2011, please write to us at roadmap@www.coralesecure.com.

Author : Probal C

Tags :