ISO20000 IT Service Standardization - Certification Conditions, Benefits

Compared with traditional IT management, ISO 20000-1:2005 places more emphasis on customer needs and their realization, and introduces IT service budgeting and accounting into IT service management, organically combines financial management and service management, and promotes the development of IT services. Improve and enhance. ISO20000 is a slight upgrade from the original text part of BS15000. The term "BS15000" has been replaced by "ISO20000"; the term "service organization" has been replaced by "service provider"; the term "third party" has been replaced by "supplier" or "external"; The definition of "record" is accepted as it affects ISO terminology. Overall, ITIL focuses on 10 core service management processes, while ISO20000 not only has requirements for service management processes, but also adds requirements for the overall service management system, such as management commitment, service objectives and continuous improvement. ISO20000 defines a series of goals and control points for service management, but does not tell organizations how to achieve these goals. ITIL, as the best practice in the IT service management industry, gives the methods and ways to achieve these goals. At the heart of both ISO20000 and ITIL are service management processes, but the processes are not the same. ISO20000 is mainly based on the 10 core processes of ITIL v2, and adds three new processes: Business relationship Management, Supplier Management and Service Reporting. These three processes are also specifically discussed in ITIL v3 as independent processes. The difference between ISO20000 and ISO27001 is that ISO20000 includes requirements for information security in the "Information Security Management" part of the service provision process. Although both focus on the management of IT services, however, there are big differences in focus and scope of application: ISO20000 is process-centric and defines a series of relatively abstract process objectives, while ISO27001 focuses on control points/control measures The focus of the two sets of system specifications is different. ISO20000 is a quality system standard oriented to IT service management, while ISO27001 is a quality standard specification oriented to information security. ISO20000 emphasizes achieving quality management standards through processes. ISO27001 emphasizes the use of risk control points to achieve the purpose of information security management; the two sets of system specifications have many common features, such as: event management, business continuity management, information asset management, etc. ISO20000 and ISO27001 certification projects are implemented together, so that the complementary characteristics between the two systems can be fully utilized, and the scope of application is different - ISO20000 is applicable to the IT service department of an enterprise, usually the IT department - ISO27001 is applicable to the entire enterprise, not only It is the IT department, including the business department, finance, personnel and other departments.

ISO20000 trial scope and implementation benefits

ISO/IEC 20000 is a standard for management process systems. ISO/IEC 20000 certification is suitable for IT service providers, either internal IT departments or external service providers. Obtaining ISO/IEC 20000 certification means that the IT organization providing services has sufficient management control over these management processes defined in ISO/IEC 20000. The so-called management control over the process includes:

· Knowledge and control of process inputs

· Understanding, use and interpretation of process outputs

Develop and implement mechanisms for measuring process effectiveness

· There is objective evidence of being accountable for the functioning of the process in compliance with ISO 20000 requirements

· Develop improvement plans for process improvement, measure and review improvement results

To be certified to ISO/IEC 20000, an IT service organization must demonstrate that it has the above management control over all 5 groups of 13 processes covered in the standard. The ISO/IEC 20000 series summarizes the best practices of the process, which can be applied to organizations of different sizes, types and structures. The best practice requirements of the service management process will not be changed due to different organizational forms.

component

ISO 20000-1 is a formal specification that defines the requirements for an organization to provide quality, well-managed services to its customers.

On the other hand, ISO 20000-2 is a code of conduct that describes the best practices for service management procedures within the scope of ISO 20000-1. This code of conduct is especially useful for companies preparing to pass an ISO 20000-1 audit or planning to improve their services.

Implementation benefits

· Obtained the ISO20000 certification, an international certificate generally recognized by the industry;

· Reach an agreement with business and suppliers on service quality and service commitments, establish a unified communication platform with business and suppliers; achieve IT service management goals that all stakeholders are satisfied with;

· Improve the availability, reliability and security of IT services and provide high-quality services to business users;

· Continuously optimize service processes, improve service levels, and improve business satisfaction;

· Improve project availability and ensure on-time delivery;

· Overall increase the rate of return on IT investment of the organization/enterprise, and enhance the overall competitiveness of the organization/enterprise;

· Establish a set of effective continuous improvement mechanism and internal control mechanism for IT department;

· Clarify the combination of IT management costs and organizational/enterprise business strategies and IT strategic goals, improve the existing IT service structure and resource allocation, and make the use of various IT resources in line with the company's business strategy and IT strategic goals;

· By establishing an optimized and transparent management process and the definition of rights and responsibilities, monitoring the management process and conducting performance evaluation; reduce the management cost and risk of IT operations;

· Easy to integrate service management process and other management systems, such as: information security management system ISMS, quality management system ISO9000, etc.;

· Integrate the existing management system and business process, standardize the service level of the IT department, standardize the work process, and reduce the risk caused by personnel changes;

· Improve the professional quality of relevant employees in the IT department, and improve the service ability and work efficiency of employees;

· Improve the overall operation of the IT department and the ability of inter-departmental communication.

Certification conditions

1. Chinese enterprises hold the "Business License of Enterprise Legal Person", "Production License" or equivalent documents issued by the administrative department for industry and commerce; foreign enterprises hold the registration certificate of relevant institutions.

2. The IT service management system of the applicant has been established according to the requirements of the ISO/IEC 20000-1:2005 standard, and has been in operation for more than 3 months.

3. Completed at least one internal audit and conducted a management review.

4. During the operation of the information technology service management system and within one year before the establishment of the system, no administrative penalty by the competent department has been imposed.

Certification Benefits

Solve the problem

The goal of an enterprise to establish an IT service management system is to establish an effective customer-centric self-improvement system for the enterprise. After implementing the certification ISO20000 management system, a self-improvement cycle has been established in each process and each job position, and a system of work planning, execution, inspection, and continuous problem discovery and improvement has been established, so that each employee can All have problem awareness, consciously discover the problems in their work, and solve the problems one by one through a systematic problem-solving method. By implementing an IT service management system, IT service providers can obtain the following benefits:

·Keep service objectives consistent with corporate business objectives and effectively support business strategies

·Establish standardized service processes to improve information technology services and operational efficiency

Effectively and efficiently integrate and utilize IT resources such as information, infrastructure, applications and people

·Establish a continuous improvement service management mechanism to quickly respond to market demands and provide customer satisfaction

· Align with international benchmarks, enhance market competitiveness, improve organizational reputation, and improve return on investment

Control IT risks and related costs, improve and control IT service quality, and reduce long-term service costs

Flexibly respond to different compliance audit requirements from customers, certification agencies, internal agencies, etc., to increase investor confidence

For many IT service providers, the significance of ISO20000 certification is not limited to IT services complying with regulations and improving service quality. It has a more positive meaning in terms of service quantification, employee performance appraisal, and measuring the return on investment of the IT department.