ISO 20000: Difference between revisions
No edit summary |
|||
Line 42: | Line 42: | ||
== How ITIL and ISO 20000 are related == | == How ITIL and ISO 20000 are related == | ||
[[image:iso-20000.jpg|thumb|200px|right|alt=ISO 20000 requirements and ITIL 2011|Figure 1: ISO 20000]] | |||
The basic principles behind ITIL and ISO 20000 are very much in line (see also: [http://www.best-management-practice.com/gempdf/ITIL_and_ISO_20000_March08.pdf "Alignment White Paper: ITIL V3 and ISO/IEC 20000"], Jenny Dugmore & Sharon Taylor, March 2008). The key differences are: | The basic principles behind ITIL and ISO 20000 are very much in line (see also: [http://www.best-management-practice.com/gempdf/ITIL_and_ISO_20000_March08.pdf "Alignment White Paper: ITIL V3 and ISO/IEC 20000"], Jenny Dugmore & Sharon Taylor, March 2008). The key differences are: | ||
Line 62: | Line 63: | ||
{| border="1" cellpadding="5" cellspacing="0" align="center" | {| border="1" cellpadding="5" cellspacing="0" align="center" | ||
|- | |- | ||
! width="55%" colspan="2" style="background:# | ! width="55%" colspan="2" style="background:#eaeaea;" | ISO 20000 Sections (ISO/IEC 20000:2011) | ||
! width="45%" colspan="2" style="background:#ffffbb;" | Related ITIL Processes | ! width="45%" colspan="2" style="background:#ffffbb;" | Related ITIL Processes (ITIL 2011) | ||
|- | |- | ||
! align="center" style="background:# | ! align="center" style="background:#f8f8f8;" | Ch. | ||
! align="center" style="background:# | ! align="center" style="background:#f8f8f8;" | Title | ||
! align="center" style="background:# | ! align="center" style="background:#ffffdd;" | Remark | ||
|- valign="top" | |- valign="top" | ||
| '''4''' | | '''4''' | ||
| <span id="ISO-20000-requirement-4">'''Service management system general requirements'''</span> | | <span id="ISO-20000-requirement-4">'''Service management system general requirements'''</span> | ||
| [[ISO 20000#ISO-20000-ITIL-note|See note ['''1''']]] | | | ||
* [[ISO 20000#ISO-20000-ITIL-note|See note ['''1''']]] | |||
|- valign="top" | |- valign="top" | ||
| 4.1 | | 4.1 | ||
| Management responsibility | | Management responsibility | ||
| [[ITIL Strategy Management|Strategy Management for IT Services]] and various processes from [[ITIL V3 CSI - Continual Service Improvement|Continual Service Improvement]] | | | ||
* [[ITIL Strategy Management|Strategy Management for IT Services]] and various processes from [[ITIL V3 CSI - Continual Service Improvement|Continual Service Improvement]] | |||
|- valign="top" | |- valign="top" | ||
| 4.2 | | 4.2 | ||
| Governance of processes operated by other parties | | Governance of processes operated by other parties | ||
| [[Supplier Management]] and [[Service Level Management]] | | | ||
* [[Supplier Management]] and [[Service Level Management]] | |||
|- valign="top" | |- valign="top" | ||
| 4.3 | | 4.3 | ||
| Documentation management | | Documentation management | ||
| Various [[ITIL V3 Service Strategy|Service Strategy]], [[ITIL V3 Service Design|Service Design]] and [[ITIL V3 Service Transition|Service Transition]] processes | | | ||
* Various [[ITIL V3 Service Strategy|Service Strategy]], [[ITIL V3 Service Design|Service Design]] and [[ITIL V3 Service Transition|Service Transition]] processes | |||
|- valign="top" | |- valign="top" | ||
| 4.4 | | 4.4 | ||
| Resource management | | Resource management | ||
| [[ITIL Strategy Management|Strategy Management for IT Services]] and various processes from [[ITIL V3 Service Design|Service Design]], [[ITIL V3 Service Operation|Service Operation]] and [[ITIL V3 CSI - Continual Service Improvement|Continual Service Improvement]] | | | ||
* [[ITIL Strategy Management|Strategy Management for IT Services]] and various processes from [[ITIL V3 Service Design|Service Design]], [[ITIL V3 Service Operation|Service Operation]] and [[ITIL V3 CSI - Continual Service Improvement|Continual Service Improvement]] | |||
|- valign="top" | |- valign="top" | ||
| 4.5 | | 4.5 | ||
Line 96: | Line 102: | ||
4.5.4 Monitor and review the SMS (Check) <br /> | 4.5.4 Monitor and review the SMS (Check) <br /> | ||
4.5.5 Maintain and improve the SMS (Act) | 4.5.5 Maintain and improve the SMS (Act) | ||
| Various processes from [[ITIL V3 Service Strategy|Service Strategy]], [[ITIL V3 Service Design|Service Design]] and [[ITIL V3 CSI - Continual Service Improvement|Continual Service Improvement]] | | | ||
* Various processes from [[ITIL V3 Service Strategy|Service Strategy]], [[ITIL V3 Service Design|Service Design]] and [[ITIL V3 CSI - Continual Service Improvement|Continual Service Improvement]] | |||
|- valign="top" | |- valign="top" | ||
| '''5''' | | '''5''' | ||
| <span id="ISO-20000-requirement-5">'''Design and transition of new or changed services'''</span> | | <span id="ISO-20000-requirement-5">'''Design and transition of new or changed services'''</span> | ||
| [[ISO 20000#ISO-20000-ITIL-note|See note ['''1''']]] | | | ||
* [[ISO 20000#ISO-20000-ITIL-note|See note ['''1''']]] | |||
|- valign="top" | |- valign="top" | ||
| 5.1 | | 5.1 | ||
| General | | General | ||
| [[ITIL Design Coordination|Design Coordination]] and various [[ITIL V3 Service Transition|Service Transition]] processes | | | ||
* [[ITIL Design Coordination|Design Coordination]] and various [[ITIL V3 Service Transition|Service Transition]] processes | |||
|- valign="top" | |- valign="top" | ||
| 5.2 | | 5.2 | ||
| Plan new or changed services | | Plan new or changed services | ||
|Various [[ITIL V3 Service Strategy|Service Strategy]], [[ITIL V3 Service Design|Service Design]] and [[ITIL V3 Service Transition|Service Transition]] processes | | | ||
* Various [[ITIL V3 Service Strategy|Service Strategy]], [[ITIL V3 Service Design|Service Design]] and [[ITIL V3 Service Transition|Service Transition]] processes | |||
|- valign="top" | |- valign="top" | ||
| 5.3 | | 5.3 | ||
| Design and development of new or changed services | | Design and development of new or changed services | ||
| Various [[ITIL V3 Service Design|Service Design]] and [[ITIL V3 Service Transition|Service Transition]] processes | | | ||
* Various [[ITIL V3 Service Design|Service Design]] and [[ITIL V3 Service Transition|Service Transition]] processes | |||
|- valign="top" | |- valign="top" | ||
| 5.4 | | 5.4 | ||
| Transition of new or changed Services | | Transition of new or changed Services | ||
| Various [[ITIL V3 Service Transition|Service Transition]] processes | | | ||
* Various [[ITIL V3 Service Transition|Service Transition]] processes | |||
|- valign="top" | |- valign="top" | ||
| '''6''' | | '''6''' | ||
Line 124: | Line 136: | ||
| 6.1 | | 6.1 | ||
| Service level management | | Service level management | ||
| [[Service Level Management]] | | | ||
* [[Service Level Management]] | |||
|- valign="top" | |- valign="top" | ||
| 6.2 | | 6.2 | ||
| Service reporting | | Service reporting | ||
| [[Service Level Management]] | | | ||
* [[Service Level Management]] | |||
|- valign="top" | |- valign="top" | ||
| 6.3 | | 6.3 | ||
Line 135: | Line 149: | ||
6.3.2 Service continuity and availability plans <br /> | 6.3.2 Service continuity and availability plans <br /> | ||
6.3.3 Service continuity and availability monitoring and testing | 6.3.3 Service continuity and availability monitoring and testing | ||
| [[IT Service Continuity Management]] and [[Availability Management]] | | | ||
* [[IT Service Continuity Management]] and [[Availability Management]] | |||
|- valign="top" | |- valign="top" | ||
| 6.4 | | 6.4 | ||
| Budgeting and accounting for IT Services | | Budgeting and accounting for IT Services | ||
| | | | ||
* [[Financial Management|Financial Management for IT Services]] | |||
|- valign="top" | |- valign="top" | ||
| 6.5 | | 6.5 | ||
| Capacity management | | Capacity management | ||
| [[Capacity Management]] | | | ||
* [[Capacity Management]] | |||
|- valign="top" | |- valign="top" | ||
| 6.6 | | 6.6 | ||
Line 150: | Line 167: | ||
6.6.2 Information security controls <br /> | 6.6.2 Information security controls <br /> | ||
6.6.3 Information security changes and incidents | 6.6.3 Information security changes and incidents | ||
| [[IT Security Management|Information Security Management]] | | | ||
* [[IT Security Management|Information Security Management]] | |||
|- valign="top" | |- valign="top" | ||
| '''7''' | | '''7''' | ||
Line 158: | Line 176: | ||
| 7.1 | | 7.1 | ||
| Business relationship ranagement | | Business relationship ranagement | ||
| [[Business Relationship Management]] | | | ||
* [[Business Relationship Management]] | |||
|- valign="top" | |- valign="top" | ||
| 7.2 | | 7.2 | ||
| Supplier Management | | Supplier Management | ||
| [[Supplier Management]] | | | ||
* [[Supplier Management]] | |||
|- valign="top" | |- valign="top" | ||
| '''8''' | | '''8''' | ||
Line 170: | Line 190: | ||
| 8.1 | | 8.1 | ||
| Incident and service request management | | Incident and service request management | ||
| [[Incident Management]] and [[Request Fulfilment]] | | | ||
* [[Incident Management]] and [[Request Fulfilment]] | |||
|- valign="top" | |- valign="top" | ||
| 8.2 | | 8.2 | ||
| Problem management | | Problem management | ||
| [[Problem Management]] | | | ||
* [[Problem Management]] | |||
|- valign="top" | |- valign="top" | ||
| '''9''' | | '''9''' | ||
Line 182: | Line 204: | ||
| 9.1 | | 9.1 | ||
| Configuration management | | Configuration management | ||
| [[Service Asset and Configuration Management]] | | | ||
* [[Service Asset and Configuration Management]] | |||
|- valign="top" | |- valign="top" | ||
| 9.2 | | 9.2 | ||
| Change management | | Change management | ||
| [[Change Management]] | | | ||
* [[Change Management]] | |||
|- valign="top" | |- valign="top" | ||
| 9.3 | | 9.3 | ||
| Release and deployment management | | Release and deployment management | ||
| [[Release and Deployment Management]] | | | ||
* [[Release and Deployment Management]] | |||
|} | |} | ||
Line 198: | Line 223: | ||
ITIL focuses on the life cycle of services, but offers less guidance on establishing and operating the Service Management System (SMS) itself. As a consequence, it is at times not straightforward to map the ITIL guidance and (especially) [[ISO 20000#ISO-20000-requirement-4|Section 4]] and [[ISO 20000#ISO-20000-requirement-5|Section 5]] of ISO 20000, but various ITIL processes together can typically be used to fulfill the requirements. | ITIL focuses on the life cycle of services, but offers less guidance on establishing and operating the Service Management System (SMS) itself. As a consequence, it is at times not straightforward to map the ITIL guidance and (especially) [[ISO 20000#ISO-20000-requirement-4|Section 4]] and [[ISO 20000#ISO-20000-requirement-5|Section 5]] of ISO 20000, but various ITIL processes together can typically be used to fulfill the requirements. | ||
<p> </p> | |||
== Practical Example on how to link ISO 20000 with ITIL 2011 == | |||
<imagemap> | |||
Image:Demo-ITIL-ISO-20000-Bridge.jpg|right|Introduction to the ITIL - ISO 20000 Bridge|130px|thumb | |||
default [https://demo.it-processmaps.com/iso20000_en/itil-iso20000-bridge.html Start Video: Introduction to the ITIL - ISO 20000 Bridge] | |||
desc bottom-left | |||
</imagemap> | |||
ISO 20000 states requirements for service management processes but does not provide guidance for implementing them. However, since ISO 20000 and ITIL are aligned, many ISO 20000 requirements can be fulfilled by implementing one or several ITIL processes. ITIL is thus a valuable source when designing ISO 20000 compliant processes. | |||
The [https://demo.it-processmaps.com/iso20000_en/itil-iso20000-bridge.html demo on the ITIL - ISO 20000 Bridge] highlights how this can be done in practice. | |||
The [https://en.it-processmaps.com/products/itil-iso-20000-bridge.html ITIL - ISO 20000 Bridge] is the ISO 20000 add-on to our ITIL process model which links the standard's requirements to the corresponding ITIL 2011 reference processes. | |||
<p> </p> | <p> </p> |
Revision as of 12:24, 22 May 2012
<seo metakeywords="iso 20000 processes, iso 20000 requirements" metadescription="In contrast to the ITIL books, ISO 20000 does not offer specific advice on how to design your processes. It is rather a set of requirements which must ..." />
ITIL provides guidance on what should be done in order to offer users adequate IT Services to support their business processes. ITIL qualifications are available for individuals but until recently there was no way for an IT organization to prove that it is working along the ITIL recommendations.
The ISO/IEC 20000:2011 standard (abbreviated to ISO 20000 in this wiki) was conceived to fill this gap. Initiated by the two organizations itSMF and BSI (British Standards Institution), it is modeled upon the principles of ITIL and allows IT organizations to have their IT Service Management certified.
In contrast to the ITIL books, ISO 20000 does not offer specific advice on how to design your processes. It is rather a set of requirements which must be met in order to qualify for ISO 20000 certification.
Central Requirements from ISO 20000
ISO 20000 promotes the “adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements”.
ISO 20000 does not prescribe that its requirements must be met by following the ITIL recommendations, so there are many possible ways to achieve compliance. Introducing ITIL, however, is the most widely used approach for obtaining an ISO 20000 certificate.
It is also important to prove that IT processes are documented, actively managed, and continually improved.
The new Edition ISO/IEC 20000:2011
A new version of ISO/IEC 20000 Part 1: Service management system requirements (abbreviated to ISO/IEC 20000-1:2011) was published in April 2011 - these are the mandatory requirements which must be fulfilled by organizations in order to be compliant with the ISO 20000 standard.
The authors of the new version describe the main differences to the earlier edition (ISO/IEC 20000-1:2005) as follows:
- Closer alignment to both ISO 9001 and ISO/IEC 27001
- Clarification of existing definitions and addition of new definitions
- Introduction of the term "Service Management System" (SMS) and aligning the standard with the concept of a SMS
- Clarification of the requirements for the governance of processes operated by other parties
- Addition of requirements for the design and transition of new or changed services
The basic principles behind ITIL and ISO 20000 are very much in line (see also: "Alignment White Paper: ITIL V3 and ISO/IEC 20000", Jenny Dugmore & Sharon Taylor, March 2008). The key differences are:
- ITIL certifications are available for individuals only, whereas ISO 20000 is a certification scheme for organizations.
- ITIL is a rather detailed collection of best practices, while ISO 20000 is an international standard that sets out Service Management requirements for IT organizations.
- When organizations say they are compliant to ITIL, very often this statement is not verifiable; a certification according to the ISO 20000 standard means there has been an objective assessment.
Frequently, an ISO 20000 certification is sought after introducing ITIL, because it allows an IT organization to actually prove that it is a customer-oriented, efficient and effective supplier of IT services. A certification can thus be used for marketing purposes, or to gain access to customers and markets which require their service suppliers to be ISO 20000 certified.
ITIL was explicitly written to be aligned with ISO 20000, as the following table exemplifies: for every section in ISO/IEC 20000:2011, Part 1 (Mandatory Requirements) there are one or several related ITIL processes.
The following table summarizes in broad terms how the main ISO 20000 processes correspond to ITIL processes (ITIL 2011 main processes).
ISO 20000 Sections (ISO/IEC 20000:2011) | Related ITIL Processes (ITIL 2011) | ||
---|---|---|---|
Ch. | Title | Remark | |
4 | Service management system general requirements | ||
4.1 | Management responsibility |
| |
4.2 | Governance of processes operated by other parties | ||
4.3 | Documentation management |
| |
4.4 | Resource management |
| |
4.5 | Establish and improve the SMS 4.5.1 Define scope |
| |
5 | Design and transition of new or changed services | ||
5.1 | General |
| |
5.2 | Plan new or changed services |
| |
5.3 | Design and development of new or changed services |
| |
5.4 | Transition of new or changed Services |
| |
6 | Service delivery processes | ||
6.1 | Service level management | ||
6.2 | Service reporting | ||
6.3 | Service continuity and availability management 6.3.1 Service continuity and availability requirements |
||
6.4 | Budgeting and accounting for IT Services | ||
6.5 | Capacity management | ||
6.6 | Information security management 6.6.1 Information security policy |
||
7 | Relationship processes | ||
7.1 | Business relationship ranagement | ||
7.2 | Supplier Management | ||
8 | Resolution processes | ||
8.1 | Incident and service request management | ||
8.2 | Problem management | ||
9 | Control processes | ||
9.1 | Configuration management | ||
9.2 | Change management | ||
9.3 | Release and deployment management |
Note:
ITIL focuses on the life cycle of services, but offers less guidance on establishing and operating the Service Management System (SMS) itself. As a consequence, it is at times not straightforward to map the ITIL guidance and (especially) Section 4 and Section 5 of ISO 20000, but various ITIL processes together can typically be used to fulfill the requirements.
Practical Example on how to link ISO 20000 with ITIL 2011
ISO 20000 states requirements for service management processes but does not provide guidance for implementing them. However, since ISO 20000 and ITIL are aligned, many ISO 20000 requirements can be fulfilled by implementing one or several ITIL processes. ITIL is thus a valuable source when designing ISO 20000 compliant processes.
The demo on the ITIL - ISO 20000 Bridge highlights how this can be done in practice.
The ITIL - ISO 20000 Bridge is the ISO 20000 add-on to our ITIL process model which links the standard's requirements to the corresponding ITIL 2011 reference processes.