A standard short story

In December 2005, the International Standards Office published ISO/IEC 20000 (the international standard for IT Service Management). It is based on the British standard of the same topic (BS15000) which was also published by Standards Australia (AS8018). ISO/IEC 20000 is a standard that promotes the adoption of an integrated approach for the effective delivery of IT services. The standard comes in two parts; Part 1 is the Specification for Service Management and Part 2 is the Code of Practice.

Acronym library

ISO/IEC 20000 is largely based on the IT Infrastructure Library (ITIL) which is a framework of IT service management processes developed by the Office of Government Commerce (United Kingdom) in the late 1980s. ISO/IEC 20000 and ITIL are based on integrated tactical and operational.

The benefits of adopting well defined processes are:

• help your organization to identify the key IT services and assist with IT to business alignment,
• incorporate a focus on customer relationship management and security management,
• allow organizations which have implemented or started to implement ITIL to leverage more from their investments by achieving international certification, and
• provide risk management of all IT services and not just those services governed by your project management framework.

While the benefits can be described as "soft", there are some fundamental deliverables that the new International Standard provides beyond the ITIL framework.

A typical ITIL implementation involves the adoption by organizations of the Service Delivery and Service Support processes. Experience dictates that some 'ITIL-adopting' organizations are not even fully aware of the complete ITIL framework. Such organizations typically focus on just the red Service Delivery book and the blue Service Support book. The ISO/IEC 20000 standard provides pointers to the other components of ITIL. These include:

• the requirement of a comprehensive management system,
• documented evidence of management's commitment to improving the delivery of IT services,
• providing documentation or records to ensure planning and control of IT services,
• demonstrated competencies, awareness and training of your organization's staff and other key stakeholders,
• evidence of processes to plan and implement new or changed services, including Service Acceptance Criteria and change reviews,
• methods and records showing the planning, implementing, monitoring and improving of IT services,
• processes that focus on business relationship management and supplier management, and
• evidence of specific service reporting, including major events and customer satisfaction analysis.

In pre-ISO/IEC 20000 times, the primary challenge regarding ITIL implementations was how to "sell" it to stakeholders. How did CIOs and IT managers promote the "soft" benefits of process improvement to business management, customers, staff and suppliers.

The sales pitch centred largely on use of a common language and the introduction of processes that would allow everyone in IT to understand their role in the grand scheme of things.

However, now with ISO/IEC 20000 there is the facility for independent, certified recognition that organizations (ITIL-aware or not) have been looking for. Passing the ISO/IEC 20000 audit earns you a piece of paper. This piece of paper is an independent indicator that your IT organization is effectively and efficiently providing IT services.

While most process experts will tell you that to earn a "piece of paper" should not be the ultimate goal, it is a sign that is easily identifiable and it becomes a benchmark of quality. The main benefit of an international standard for an organization is what it can provide to others ... a degree of assurance.

Page Break

Is ISO/IEC 20000 for your organization?

ISO/IEC 20000 is suitable for any organization - public sector, private sector, internal, external, large or small that provides IT services.

In the public sector, ISO/IEC 20000 will provide assurance for the respective minister, agency head and the general public that the organization is providing services while efficiently spending public funding. For private organizations, the international standard provides a competitive advantage over non-certified companies, opening up opportunities for new clients and reinforcing existing accounts.

In Australia, organizations currently have a choice about which standard they want to pursue. The Australian standard for IT Service Management, AS 8018 was published and like ISO/IEC 20000, was based on BS 15000. Ultimately, this decision depends on your organization's position and the perception you want to generate. However, due to the similarities between the standards, the reality of globalization and the need to find creative ways to differentiate; perhaps the International Standard is the natural choice.

Ultimately, the decision regarding the pursuit of certification against any standard will rest with a variety of people in an organization. In fact, it is fair to say that the CIO or IT manager should be only one of the people involved in the decision, which should be driven by business requirements. One thing is for certain: the decision to pursue certification should not be taken lightly. This is not a "do once" activity.

It starts with the standard

The journey of continuous improvement does not end with achieving ISO/IEC 20000 certification. To maintain compliance there is a program of regular surveillance audits and triennial re-certification.

The commitment towards maintenance is driven by the need to keep pace with new or changing business drivers. Maintaining your ISO/IEC 20000 certification has to be part of your on-going IT strategy. This ongoing commitment to service excellence can help differentiate your organization as one that takes the certification process seriously, or one that cannot keep pace with the effort required to stay ahead of the pack.

The choice is yours.

Ian Jones is a certified ISO/IEC 20000 consultant and is a senior consultant with Art of Service