Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Reasons for Implementation Benefits Additional Benefits Clause 4.1 – 4.4 Clause 6.1 – 6.6
ISO 20000 has become a basic business requirement for an organisation in the same manner as ISO 9000
ISO 20000 provides the organisation with the means to operate more effectively and efficiently
ISO 20000 provides an auditable method by which it can assess the quality and conformance of its IT Services
ISO 20000 assists organisations to enforce process compliance
ISO 20000 helps to significantly improve the morale of the IT department, the business and ultimately the Customer
ISO 20000 provides clear evidence that the quality of IT Service Management is taken seriously
3
Benefits
Source: www.cemarkingmumbai.com
Provides a competitive advantage over competitors Promotes consistent and cost-effective services Easier to justify or combat outsourcing Reduces organisational risks and cost Effective Supplier Management Provides a stable framework for IT Service Management Assists with meeting Regulatory compliance requirements Ownership and Responsibility defined at all levels Creates a progressive ethos & culture Increased business and customer confidence & perception Improved quality, reputation and consistency of service
5
Top Management shall:
Establish a Service Management policy, objectives and plans Communicate the importance of achieving the objectives of service management and the need for continuous improvement Ensure that customer requirements are determined and met Designate a management representative to manage the IT SMS
6
• Identify the processes or parts operated by other parties
• Demonstrate responsibility and authority • Control the definition of processes and
interfaces with other processes • Determining the process performance and
compliance with the requirements of the process • Control the planning and prioritization of
improvements • Through Suppliers Management or Service Level
Management
7
The documentation should include: ◦Service Management Policies and plans◦Service level agreements ◦Documented catalog of services ◦Documented processes, procedures and
records required by ISO / IEC 20000-1 ◦Procedures for the creation, review,
approval, maintenance, disposal and control of documents and records must be established
8
The organization must: ◦Define and maintain the roles, responsibilities
and authority of SM ◦Critically analyze and manage skills and
training needs Top management shall ensure that employees
are aware of: ◦The relevance and importance of their
activities ◦How they contribute to the objectives of SM
9
10
customercustomer
serviceservice
IT InfrastructureIT Infrastructure
customercustomer
The Service Level AgreementThe Service Level Agreement
serviceservice
IT InfrastructureIT Infrastructure
customercustomer customercustomer
Basic SLA SLA based on customer
Each department / customer may have different requirements
agreed
Service Level
agreed
Service Level
Service Level Agreements basically:
Communicates the IT customer needs Communicates to the customer how IT can meet those needs and at what cost Remove Misunderstandings conflicts dissatisfactions
11
Describe each service including: identity purpose Audience Details of the data source Produce reports of services meeting
identified needs and customer requirements
12
The service report usually includes:
Required Vs Actual service level goals Issues of non-compliance Characteristics of the workload Reports of resolution & control processes Trend InformationCustomer Satisfaction analysis
13
Requirements for availability and continuity of service shall be identified on the basis of:
Business Plans SLAs Risk Assessments Requirements should include rights of
access, response times and availability "end-to-end" system components
14
Availability and service continuity plans should be:
Developed and critically analyzed annually to ensure all requirements are met in all circumstances Maintained to ensure they reflect the combined changes required by the business Re-test any major change in the business environment
15
The change management process should evaluate the impact of any change in the availability and service continuity plan
availability should be measured and recorded
Unplanned unavailability should be investigated and actions taken
Preventive action should be taken
16
The organization must have clear policies and procedures for:
Budgeting and accounting for all components Apportioning indirect costs and allocating direct costs to services to provide overall cost for each serviceEffective financial control and authorization
17
Costs should be budgeted in sufficient detail to enable effective financial control and decision making
The service provider should: Monitor and report costs against budget Critically analyze financial forecasts Manage costs appropriately Changes in services should be budgeted
approved by change management process
18
Creating, implementing and maintaining a capacity plan taking into consideration human, technical, information and financial resources:
Agreeing Capacity and performance requirements.Capacity plan shall include at least: Current and forecast demand for servicesTimescales, thresholds and costs for upgrades to service capacityPotential impact of statutory, regulatory, contractual , organizational changes, new technologies and new techniques
19
Direction with own authority: Adopt an information security policy Communicate the policy to relevant
personnel, suppliers and customers Ensure Information security risk assessments
are conducted at planned intervals Ensure internal audits of information security
management system and audit results reviewed for opportunity for improvements
20
SEEISO/IEC 27000 series
Document, Implement and operate physical, administrative and technical information security controls in order to:
Preserve confidentiality, integrity and accessibility of information assets
Fulfil policy requirements Manage risks related to information security Basic arrangements involving third party access
on a formal agreement defining safety requirements
21
SEEISO/IEC 27001 Annex A
Related Documents
