Qwr Iso20000 Auditor m02 Iso-iec 20000 Us-06apr14

8/12/2019 Qwr Iso20000 Auditor m02 Iso-iec 20000 Us-06apr14

1/64

ISO/IEC 20000 Auditor

2ISO/IEC 20000

Copyright 2006, Quint Wellington Redwood


2/64


Copyright 2006, Quint Wellington Redwood


3/64


Module 2

ISO/IEC 20000 certifictionISO/IEC 20000!" in detil

ISO/IEC 20000!2 o#er#iew

Copyright 2006, Quint Wellington Redwood $ge 2 ! 1


4/64


page 2 - 2

%gend

& ISO/IEC 20000 certifiction 'che(e

& ISO/IEC 20000!"

O)*ecti#e

Re+uire(ent' per proce''

& ISO/IEC 20000!2

O#er#iew

$ge 2 ! 2 Copyright 2006, Quint Wellington Redwood


5/64


ISO/IEC 20000 Certification



6/64


page 2 - 4

ISO/IEC 20000 Certifiction Sche(e !

i'tory

& Strted ' -Si co((ittee

& % (*or ele(ent of the concordt )etween itS., -Si O1C

& itS. 'che(e

Sche(e docu(ent' de#eloped in erly 200

Sche(e fir't lunched in 3uly 200 4under -S "50006

Current certifiction'7 uditor' ccredited nd 'er#ice pro#ider'

certified



7/64


8/64


page 2 - 6

Why ISO/IEC 20000 certifiction;


9/64


page 2 - 7

-enefit' of certifiction

& I(pro#ed +ulity of 'er#ice nd incre'ed )u'ine'' ndcu'to(er confidence

& I(pro#ed reputtion, con'i'tency nd interoper)ility

& I(prtil nd e@ternl 'tndrd (ethod of ''e''(ent nd

udit

& %''e''(ent' recogni'ed interntionlly within the indu'try

& %''e''(ent' nd )ench(rAing re i(portnt ele(ent of

proce'' i(pro#e(ent

& :e(on'trte 'uperiority o#er co(petitor'

& .nge(ent nd 'tff under'tnd their )u'ine'' their role'

nd their proce''e' )etter

& E'ier to *u'tify of co()t out'ourcing



10/64


page 2 - 8

Scope of Certifiction

& ISO/IEC 20000 i' i(ed t orgni'tion' pro#iding Ser#ice.nge(ent opertion, whether internl or e@ternl

& Certifiction i' BO= 4in it'elf6 pproprite for n orgni'tion

which pro#ide' d#i'e9

& Certifiction i' BO= po''i)le for product' 'uch ' Ser#ice.nge(ent tool'

& =he role of con'ultncy orgni'tion' i' to gi#e d#ice in

unle'hing the #lue of ISO/IEC 20000, i(ple(enting the

'tndrd nd preprtion for n independent udit

ISO/IEC 20000 is aimed at organizations providing a Service Management operation, whether

internal or external. So both internal service providers and external service providers are eligiblefor ISO/IEC 20000 certification.

Certification is NOT (in itself) appropriate for an organization which provides advice. It adds no

value to a consultancy firm like Quint to get certified as we only advise on improving IT servicedelivery and do not deliver IT services ourselves.

Certification is NOT possible for products such as Service Management tools. There are no plans

to come up with ISO/IEC 20000 compliant certificate for SM tools. Tools can be used toautomate certain parts of the IT processes and improve effectiveness and efficiency ininformation provisioning but are only one of the elements required for a well functioningorganization.

$ge 2 ! Copyright 2006, Quint Wellington Redwood


11/64


page 2 -

ISO/IEC 20000 Regi'tered Certifiction

-odie'

& Ser#ice pro#ider' tht wnt to )e certified gin't the ISO/IEC20000 'tndrd cn contct one of the Regi'tered Certifiction

-odie' 4RC-6 nywhere in the world nd pply for certifiction9

& RC-D' re ''e''ed nd ppro#ed )y the certifiction 'che(e

owner9

& RC-D' re totlly independent of ny con'ultncy nd their

uditor' h#e )een 'pecificlly trined in I= Ser#ice

.nge(ent

& %dd #lue to the orgni'tion )eing udited nd (intin the

+ulity of certifiction 9

Although any service provider can claim their compliance with the specifications of the ISO/IEC 20000standard, a formal audit and certification will carry significantly more weight.

Service providers that want be certified against the ISO/IEC 20000 standard can contact one of the

Registered Certification Bodies (RCBs) anywhere in the world, and apply for certification.

RCBs are assessed and approved by the certification scheme owner. RCBs will be screened

thoroughly for independency and competence. RCB applications are accepted only when comingfrom Certification Bodies who are accredited by their relevant national accreditation body. Note thatan RCB cannot be a company providing ITIL consultancy services because of the conflict of interest;an audit must be independent hence the need to separate audit from consultancy services. The list ofaccredited RCBs is available from the scheme owner.

The RCBs will certify IT service providers against the requirements of the standard and issue a

certificate.

Certified service providers are permitted to use the official logo, in accordance with specified

restrictions and requirements, and are listed at a public web page.

Certified service providers will be re-assessed on a regular basis to confirm their compliance to

ISO/IEC 20000.

You can find additional information on the procedure, the RCBs, the certified service providers, and the

latest news on ISO/IEC 20000 certification via www.bs15000certification.com.



12/64


page 2 - !0

ISO/IEC 20000 RC-

& -SI .nge(ent Sy'te('

& -QI Ftd

& :B Certifiction Ftd

& :QS 1()

& G$.1 %udit plc

& FRQ% Ftd

& SQS 4SwitHerlnd6

& S=QC 4Indi6

& = .nge(ent Ser#ice 1()

A list of Accredited RCBs can also be found via www.bs15000certification.com.

$ge 2 ! "0 Copyright 2006, Quint Wellington Redwood


13/64


page 2 - !!

So(e %udit Re(inder'

& %'A the uditor' wht they re looAing for )efore n udit

& O#er!prepre

& .Ae 'ure to li't your percei#ed ri'A'

& :ocu(ent your pre#enti#e control', nd h#e detecti#e control' in plce

& Geep current nd ccurte CI in#entory of hrdwre nd 'oftwre

& :ocu(ent ll internl udit procedure' nd proof tht they re )eing

followed

& :ocu(ent ll un'cheduled downti(e in the 'y'te(' plu' ction'

& Geep current docu(enttion of ll e@ception' to policie'

& Fi't ny 'ecurity incident' plu' ction'

& -e )le to produce pre#iou' udit finding' plu' ction'

& Sur#i#ing n ISO/IEC 20000 udit re+uire' co(plying to ll ISO/IEC 20000!"re+uire(ent'



14/64


page 2 - !2

Que'tion'



15/64


ISO/IEC 20000-!"2005



16/64


page 2 - !4

I(portnt Bote'

& On the 'lide', the Stndrd i' prphr'ed nd ))re#ited

& 'e the 'lide' to help you lern the concept'

& :O BO= u'e the 'lide' ' n lternti#e to ''e''ing the

Stndrd

& =he 'tudent note' contin the theory re+uired to p'' the e@(

On the 'lide', the ISO/IEC 20000 prt " Stndrd i' prphr'ed nd ))re#ited

'e the 'lide' to help you lern the concept', )ut refer the'e 'tudent note' or the for(l

docu(ent 4IS-B 0 50 808J0 6 for the co(plete nd lte't updted #er'ion of the for(l te@t9

:O BO= u'e the 'lide' ' n lternti#e to the Stndrd

So t#e $tudent note$ contain t#e t#eor% re&uired to pa$$ t#e e'a(



17/64


page 2 - !5

Content' of ISO/IEC 20000

& $rt "! Specifiction% 'et of (ndtory re+uire(ent' 4KShll'D6

& $rt 2! Code of $rctice% 'et of guideline' 4KShould'D6

& Content' for )oth prt' Introduction nd o#er#iew

Scope

=er(' nd definition'

Re+uire(ent' for (nge(ent 'y'te(

$lnning nd i(ple(enting 'er#ice (nge(ent

$lnning nd i(ple(enting new or chnged 'er#ice'

Ser#ice deli#ery proce''e'

Reltion'hip proce''e'

Re'olution proce''e'

Control proce''e' Rele'e proce''

$rt "! Specifiction, 'et of (ndtoryre+uire(ent' 4KShll'D

$rt 2! Code of $rctice, 'et of guideline'4KShould'D

Content'7

Introduction nd o#er#iew

Scope =er(' nd definition'

Re+uire(ent' for (nge(ent

'y'te(

$lnning nd i(ple(enting 'er#ice

(nge(ent

$lnning nd i(ple(enting new or

chnged 'er#ice'




Control proce''e'

Rele'e proce''

Content'7

Introduction nd o#er#iew

Scope =er(' nd definition'

Re+uire(ent' for (nge(ent

'y'te(


(nge(ent

$lnning nd i(ple(enting new or

chnged 'er#ice'




Control proce''e'

Rele'e proce''



18/64


page 2 - !6

ISO/IEC 20000!"

$rt " of the 'tndrd contin' 'et of re+uire(ent' for

effecti#e 'er#ice (nge(ent gin't which n

orgni'tion cn )e udited for co(plince

$rt " of the 'tndrd contin' 'et of re+uire(ent' for effecti#e 'er#ice (nge(ent gin't which norgni'tion cn )e udited for co(plince )y n RC-9 =he'e re+uire(ent' 4S%FF' need to )e Anownfor the e@(9 =he prgrph 'tructure of the officil docu(ent ISO/IEC 20000!"72005 i' ' follow'7

" Scope

2 =er(' nd definition' =he (nge(ent 'y'te( 9" .nge(ent re'pon'i)ility 92 :ocu(enttion re+uire(ent' 9 Co(petence, wrene'' ndtrining8 $lnning nd i(ple(enting 'er#ice(nge(ent 89" $ln 'er#ice (nge(ent 4$ln 892 I(ple(ent 'er#ice (nge(entnd pro#ide the 'er#ice' 4:o

89 .onitoring, (e'uring, re#iewing4ChecA

898 Continul i(pro#e(ent 4%ct+,+,- 'oli!y+,+,2 $anage"ent of i"pro(e"ents+,+,. &!ti(ities

5 $lnning nd i(ple(enting new orchnged 'er#ice'

6 Ser#ice deli#ery proce''e'

69" Ser#ice le#el (nge(ent 692 Ser#ice reporting 69 Ser#ice continuity nd #il)ility(nge(ent 698 -udgeting nd ccounting for I='er#ice' 695 Cpcity (nge(ent 696 Infor(tion 'ecurity (nge(entJ Reltion'hip proce''e' J9" 1enerl J92 -u'ine'' reltion'hip (nge(entJ9 Supplier (nge(ent Re'olution proce''e' 9" -cAground 92 Incident (nge(ent 9 $ro)le( (nge(ent> Control proce''e' >9" Configurtion (nge(ent >92 Chnge (nge(ent"0 Rele'e proce'' "09" Rele'e (nge(ent proce''



19/64


page 2 - !7

-cAground

& Introduction

=he 'tndrd pro(ote' the doption of 'et of integrted

proce''e' for the effecti#e deli#ery of (nged 'er#ice' to (eet

the )u'ine'' nd cu'to(er re+uire(ent'

& Scope

=he 'tndrd define' the re+uire(ent' for n orgni'tion to

deli#er (nged 'er#ice' of n ccept)le +ulity for it'

cu'to(er'

& =er(' nd definition'

or the purpo'e' of thi' prt of ISO/IEC 20000 rele#nt ter(' nddefinition' re 'tted in the 'tudent )ooA

Introduction

=hi' prt of ISO/IEC 20000 pro(ote' the doption of n integrted proce'' pproch to effecti#ely deli#er(nged 'er#ice' to (eet the )u'ine'' nd cu'to(er re+uire(ent'9 or n orgniHtion to functioneffecti#ely it h' to identify nd (nge nu(erou' linAed cti#itie'9 %n cti#ity u'ing re'ource', nd(nged in order to en)le the trn'for(tion of input' into output', cn )e con'idered ' proce''9Often the output fro( one proce'' for(' n input to nother9

Coordinted integrtion nd i(ple(enttion of the 'er#ice (nge(ent proce''e' pro#ide' the ongoingcontrol, greter efficiency nd opportunitie' for continul i(pro#e(ent9 $erfor(ing the cti#itie' ndproce''e' re+uire' people in the 'er#ice de'A, 'er#ice 'upport, 'er#ice deli#ery nd opertion' te(' to)e well orgniHed nd co!ordinted9 %pproprite tool' re l'o re+uired to en'ure tht the proce''e' reeffecti#e nd efficient9

It i' ''u(ed tht the e@ecution of the pro#i'ion' of thi' prt of ISO/IEC 20000 i' entru'ted toppropritely +ulified nd co(petent people9

%n Interntionl Stndrd doe' not purport to include ll nece''ry pro#i'ion' of contrct9 'er' ofInterntionl Stndrd' re re'pon'i)le for their correct ppliction9

Co(plince with n Interntionl Stndrd doe' not of it'elf confer i((unity fro( legl o)ligtion'9



20/64


! Scope

=hi' 'pecifiction define' the re+uire(ent' for n orgniHtion to deli#er (nged 'er#ice' of nccept)le +ulity for it' cu'to(er'9 It (y )e u'ed7

)y )u'ine''e' tht re going out to tender for their 'er#ice'

)y )u'ine''e' tht re+uire con'i'tent pproch )y ll 'er#ice pro#ider' in 'upply chin )y 'er#ice pro#ider' to )ench(rA their I= 'er#ice (nge(ent

' the )'i' for n independent ''e''(ent

)y n orgniHtion who need' to de(on'trte the )ility to pro#ide 'er#ice' tht (eet cu'to(er

re+uire(ent'

)y n orgniHtion which i(' to i(pro#e 'er#ice through the effecti#e ppliction of proce''e'

to (onitor nd i(pro#e 'er#ice +ulity9

)igure ! * Ser+ice (anage(ent proce$$e$

=hi' prt of ISO/IEC 20000 'pecifie' nu()er of clo'ely relted 'er#ice (nge(ent proce''e', ''hown in igure "9

=he reltion'hip' )etween the proce''e' depend on the ppliction within n orgniHtion nd regenerlly too co(ple@ to (odel nd therefore reltion'hip' )etween proce''e' re not 'hown9

=he li't of o)*ecti#e' nd control' contined in thi' 'tndrd re not e@hu'ti#e, nd n orgniHtion (ycon'ider tht dditionl o)*ecti#e' nd control' re nece''ry to (eet their prticulr )u'ine'' need'9=he nture of the )u'ine'' reltion'hip )etween the 'er#ice pro#ider nd )u'ine'' will deter(ine how there+uire(ent' in thi' prt of ISO/IEC 20000 re i(ple(ented in order to (eet the o#erll o)*ecti#e9

%' proce'' )'ed 'tndrd thi' prt of ISO/IEC 20000 i' not intended for product ''e''(ent9owe#er, orgniHtion' de#eloping 'er#ice (nge(ent tool', product' nd 'y'te(' (y u'e )oth thi'prt of ISO/IEC 20000 nd the code of prctice to help the( de#elop tool', product' nd 'y'te(' tht'upport )e't prctice 'er#ice (nge(ent9

$ge 2 ! " Copyright 2006, Quint Wellington Redwood


21/64


2 ,er($ and definition$

or the purpo'e' of thi' docu(ent, the following ter(' nd definition' pply9

2-! A+aila.ilit%" )ility of co(ponent or 'er#ice to perfor( it' re+uired function t 'tted

in'tnt or o#er 'tted period of ti(e

BO=E %#il)ility i' u'ully e@pre''ed ' rtio of the ti(e tht the 'er#ice i' ctully #il)le for u'e )y the)u'ine'' to the greed 'er#ice hour'

2-2 a$eline" 'np'hot of the 'tte of 'er#ice or indi#idul configurtion ite(' t point in ti(e

4'ee 298

2- C#ange record" record contining detil' of which configurtion ite(' re ffected nd how

they re ffected )y n uthoriHed chnge

2-4 Configuration ite( 1CI" co(ponent of n infr'tructure or n ite( which i', or will )e, under

the control of configurtion (nge(entBO=E Configurtion ite(' (y #ry widely in co(ple@ity, 'iHe nd type, rnging fro( n entire 'y'te( includingll hrdwre, 'oftwre nd docu(enttion, to 'ingle (odule or (inor hrdwre co(ponent9

2-5 Configuration Manage(ent 3ata.a$e 1CM3" dt)'e contining ll the rele#nt detil'

of ech configurtion ite( nd detil' of the i(portnt reltion'hip' )etween the(

2-6 3ocu(ent" infor(tion nd it' 'upporting (ediu(BO=E " In thi' 'tndrd, record' 4'ee 29> re di'tingui'hed fro( docu(ent' )y the fct tht they function 'e#idence of cti#itie', rther thn e#idence of intention'9BO=E 2 E@(ple' of docu(ent' include policy 'tte(ent', pln', procedure', 'er#ice le#el gree(ent' ndcontrct'9

2-7 Incident" ny e#ent which i' not prt of the 'tndrd opertion of 'er#ice nd which cu'e'

or (y cu'e n interruption to, or reduction in, the +ulity of tht 'er#iceBO=E =hi' (y include re+ue't +ue'tion' 'uch '


22/64


page 2 - !8

ISO/IEC 20000

e&uire(ent$ for a (anage(ent $%$te( .nge(ent re'pon'i)ility:ocu(enttion re+uire(ent'

Co(petence, wrene'' trining

lanning i(ple(enting $er+ice (anage(ent $ln, I(ple(ent, .onitor, I(pro#e 4$:C%6

lanning i(ple(enting ne9 or c#anged $er+ice$ $lnning i(ple(enting new or chnged

'er#ice'

& Ser#ice Reporting

& Ser#ice Fe#el .gt& -udgeting %ccounting for

I= Ser#ice

elea$e roce$$e$& Rele'e .nge(ent e$olution roce$$e$& Incident .nge(ent& $ro)le( .nge(ent

elation$#ip roce$$e$& -u'ine'' Reltion'hip.nge(ent

& Supplier .nge(ent

Control roce$$e$

Configurtion .nge(entChnge .nge(ent

Ser+ice 3eli+er% roce$$e$

& Cpcity .gt

& Ser#ice Continuity %#il)ility .gt

& Infor(tion Security .gt



23/64


page 2 - !






'er#ice'

& Ser#ice Reporting


I= Ser#ice

elea$e roce$$e$& Rele'e .nge(ent e$olution roce$$e$& Incident .nge(ent& $ro)le( .nge(ent


& Supplier .nge(ent

Control roce$$e$

Configurtion .nge(entChnge .nge(ent


& Cpcity .gt





24/64


page 2 - 20

& O)*ecti#e7 To proide a "anage"ent syste" in!luding poli!iesand a fra"eor1 to enable effe!tie "anage"ent and

i"ple"entation of all IT seri!es

& Co#er' the re'

.nge(ent re'pon'i)ility

:ocu(enttion re+uire(ent'

.nging docu(ent'

Co(petence, wrene'' nd trining

& =hi' i' 'u)'et of ISO>00"72000


=he (nge(ent 'y'te( co#er' the following re'7

.nge(ent re'pon'i)ility


.nging docu(ent'

Co(petence, wrene'' nd trining

=he'e o)*ecti#e' nd re+uire(ent' re 'u)'et of ISO>00"72000 'tndrd9 ISO>00@ i' 'erie' ofinterntionl 'tndrd' de#eloped )y +ulity e@pert' fro( round the world for u'e )y co(pnie' thteither wnt to i(ple(ent their own in!hou'e +ulity 'y'te(' or to en'ure tht 'upplier' h#e pproprite+ulity 'y'te(' in plce9 =he 'tndrd' were de#eloped under the u'pice' of the InterntionlOrgniHtion for StndrdiHtion for )oth +ulity (nge(ent nd +ulity ''urnce tht h' )eendopted )y o#er >0 countrie' in the world9 =he ISO>000 'tndrd' re de#eloped nd (intined )y theInterntionl OrgniHtion for StndrdiHtion 4ISO9 Interntionl 'tndrd' pro(ote interntionl trde)y pro#iding one con'i'tent 'et of re+uire(ent' recogniHed round the world 4Source7 Stndrd' Councilof Cnd, http7//www9'cc9c/9

http://www.scc.ca/http://www.scc.ca/http://www.scc.ca/


25/64


page 2 - 2!

& .nge(ent 'hll pro#ide e#idence of co((it(ent to

i(pro#ing 'er#ice (nge(ent

E't)li'h policy, o)*ecti#e' pln'

Co((unicte i(portnce

En'ure cu'to(er re+uire(ent' re deter(ined (et

E't)li'h 'ingle point of re'pon'i)ility

:eter(ine pro#ide re'ource'

.nge ri'A'

Conduct plnned re#iew'

Re+uire(ent' for (nge(ent 'y'te($anage"ent responsibility

e&uire(ent$ for a (anage(ent $%$te(Obe!ti(e: To pro(ide a "anage"ent syste"/ in!luding poli!ies and a fra"e0or1 to enable the effe!ti(e"anage"ent and i"ple"entation of all IT ser(i!es,

-! Manage(ent re$pon$i.ilit%=hrough leder'hip nd ction', top/e@ecuti#e (nge(ent S%FF pro#ide e#idence of it' co((it(entto de#eloping, i(ple(enting nd i(pro#ing it' 'er#ice (nge(ent cp)ility within the conte@t of theorgniHtionD' )u'ine'' nd cu'to(er'D re+uire(ent'9

.nge(ent S%FF7

e't)li'h the 'er#ice (nge(ent policy, o)*ecti#e' nd pln'

co((unicte the i(portnce of (eeting the 'er#ice (nge(ent o)*ecti#e' nd the need for

continul i(pro#e(ent

en'ure tht cu'to(er re+uire(ent' re deter(ined nd re (et with the i( of i(pro#ing

cu'to(er 'ti'fction

ppoint (e()er of (nge(ent re'pon'i)le for the co!ordintion nd (nge(ent of ll

'er#ice'

deter(ine nd pro#ide re'ource' to pln, i(ple(ent, (onitor, re#iew nd i(pro#e 'er#ice

deli#ery nd (nge(ent e9g9 recruit pproprite 'tff, (nge 'tff turno#er

(nge ri'A' to the 'er#ice (nge(ent orgniHtion nd 'er#ice' conduct re#iew' of 'er#ice (nge(ent, t plnned inter#l', to en'ure continuing 'uit)ility,

de+ucy nd effecti#ene''



26/64


page 2 - 22

& $ro#ide docu(ent' nd record' to en'ure effecti#e, plnning,opertion nd control, including7

$olicie' nd pln'

Ser#ice le#el gree(ent'

$roce''e' nd procedure' re+uired )y thi' 'tndrd

Record' re+uired )y thi' 'tndrd

& $rocedure' nd re'pon'i)ilitie' for docu(ent nd record(nge(ent

Cretion, re#iew, ppro#l, (intennce, di'po'l nd control

Re+uire(ent' for (nge(ent 'y'te(3o!u"entation re4uire"ents

-2 3ocu(entation re&uire(ent$Ser#ice pro#ider' S%FF pro#ide docu(ent' nd record' to en'ure effecti#e plnning, opertion ndcontrol of 'er#ice (nge(ent9

=hi' S%FF include7

docu(ented 'er#ice (nge(ent policie' nd pln' docu(ented 'er#ice le#el gree(ent'

docu(ented proce''e' nd procedure' re+uired )y thi' 'tndrd

record' re+uired )y thi' 'tndrd

$rocedure' nd re'pon'i)ilitie' S%FF )e e't)li'hed for the cretion, re#iew, ppro#l, (intennce,di'po'l nd control of the #riou' type' of docu(ent' nd record'9

BO=E =he docu(enttion cn )e in ny for( or type of (ediu(9



27/64


page 2 - 2

& %ll 'er#ice (nge(ent 4S.6 role' nd re'pon'i)ilitie' definednd (intined with their re+uired co(petencie'

& Stff co(petencie' nd trining need' 'hll )e re#iewed nd

(nged

& =op (nge(ent 'hll en'ure

E#ery)ody under'tnd' the rele#nce of their role / cti#itie'

%wrene'' of how they contri)ute to the chie#e(ent of S.

o)*ecti#e'

Re+uire(ent' for (nge(ent 'y'te(Co"peten!e aareness training

- Co(petence: a9arene$$ and training%ll 'er#ice (nge(ent role' nd re'pon'i)ilitie' S%FF )e defined nd (intined together with theco(petencie' re+uired to e@ecute the( effecti#ely9

Stff co(petencie' nd trining need' S%FF )e re#iewed nd (nged to en)le 'tff to perfor( their

role effecti#ely9

=op (nge(ent S%FF en'ure tht it' e(ployee' re wre of the rele#nce nd i(portnce of theircti#itie' nd how they contri)ute to the chie#e(ent of the 'er#ice (nge(ent o)*ecti#e'9



28/64


page 2 - 24


(nge(ent 4S.6





'er#ice'

& Ser#ice Reporting& Ser#ice Fe#el .gt

& -udgeting %ccounting for

I= Ser#ice

elea$e roce$$e$& Rele'e .nge(ent e$olution roce$$e$

& Incident .nge(ent

& $ro)le( .nge(ent

elation$#ip roce$$e$& -u'ine'' Reltion'hip

.nge(ent

& Supplier .nge(ent

Control roce$$e$Configurtion .nge(ent

Chnge .nge(ent


& Cpcity .gt& Ser#ice Continuity

%#il)ility .gt




29/64


page 2 - 25

$:C% .ethodology for

Ser#ice .nge(ent $roce''e'

4 lanning and i(ple(enting $er+ice (anage(entBO=E =he (ethodology Anown ' $ln!:o!ChecA!%ct 4$:C% cn )e pplied to ll proce''e'9 $:C% cn )ede'cri)ed ' follow'7

$ln 7 e't)li'h the o)*ecti#e' nd proce''e' nece''ry to deli#er re'ult' in ccordnce with cu'to(er

re+uire(ent' nd the orgniHtionD' policie'

:o 7 i(ple(ent the proce''e'

ChecA 7 (onitor nd (e'ure proce''e' nd 'er#ice' gin't policie', o)*ecti#e' nd re+uire(ent' nd

report the re'ult'

%ct7 tAe ction' to continully i(pro#e perfor(nce

Figure 2 Plan-Do-Check-Act methodology for service management processes

=he (odel 'hown in igure 2 illu'trte' the proce'' nd proce'' linAge' pre'ented in clu'e' 8 to "09



30/64


page 2 - 26

$lnning nd i(ple(enting S.'lan

& O)*ecti#e7 To plan the i"ple"entation and deliery of seri!e"anage"ent

& %t (ini(u(, the pln' 'hll define7

Scope, o)*ecti#e', re+uire(ent' proce''e'

r(eworA of (nge(ent role' re'pon'i)ilitie'

$roce'' interfce' ' well ' interfcing to pro*ect'

-udget, re'ource', fcilitie', tool' ri'A (nge(ent

ow +ulity will )e (e'ured, (nged, re#iewed i(pro#ed

& Cler (nge(ent direction nd docu(ented re'pon'i)ilitie'

& $roce'' 'pecific pln' ! co(pti)le with o#erll S. pln

4-! lan $er+ice (anage(ent 1lanObe!ti(e: To plan the i"ple"entation and deli(ery of ser(i!e "anage"ent9

Ser#ice (nge(ent S%FF )e plnned9 =he pln' S%FF t (ini(u( define7

the 'cope of the 'er#ice pro#iderD' 'er#ice (nge(ent

the o)*ecti#e' nd re+uire(ent' tht re to )e chie#ed )y 'er#ice (nge(ent

the proce''e' tht re to )e e@ecuted

the fr(eworA of (nge(ent role' nd re'pon'i)ilitie', including the 'enior re'pon'i)le owner,

proce'' owner nd (nge(ent of 'upplier'

the interfce' )etween 'er#ice (nge(ent proce''e' nd the (nner in which the cti#itie' re

to )e coordinted

the pproch to )e tAen in identifying, ''e''ing nd (nging i''ue' nd ri'A' to the

chie#e(ent of the defined o)*ecti#e'

the pproch for interfcing to pro*ect' tht re creting or (odifying 'er#ice'

the re'ource', fcilitie' nd )udget nece''ry to chie#e the defined o)*ecti#e'

tool' ' pproprite to 'upport the proce''e'

how the +ulity of the 'er#ice will )e (nged, udited nd i(pro#ed

=here S%FF )e cler (nge(ent direction nd docu(ented re'pon'i)ilitie' for re#iewing, uthoriHing,co((unicting, i(ple(enting nd (intining the pln'9

%ny proce'' 'pecific pln' produced S%FF )e co(pti)le with thi' 'er#ice (nge(ent pln9



31/64


page 2 - 27

$lnning nd i(ple(enting S.3o

& O)*ecti#e7 To i"ple"ent the seri!e "anage"ent obe!tiesand plan

& =he 'er#ice pro#ider 'hll i(ple(ent the S. pln, including7

%lloction of fund', )udget', role' nd re'pon'i)ilitie'

:ocu(enting (intining rele#nt docu(ent'

Identifiction nd (nge(ent of ri'A'

.nging te(' fro( R per'pecti#e

.nging fcilitie' nd )udget

.nging 'er#ice de'A opertion' te('

Reporting progre'' gin't the pln', nd

Co!ordinting S. proce''e'

4-2 I(ple(ent $er+ice (anage(ent and pro+ide t#e $er+ice$ 13oObe!ti(e: To i"ple"ent the ser(i!e "anage"ent obe!ti(es and plan9

=he 'er#ice pro#ider S%FF i(ple(ent the 'er#ice (nge(ent pln to (nge nd deli#er the'er#ice', including7

lloction of fund' nd )udget' lloction of role' nd re'pon'i)ilitie'

docu(enting nd (intining the policie', pln', procedure' nd definition' for ech proce'' or 'et

of proce''e'

identifiction nd (nge(ent of ri'A' to the 'er#ice

(nging te(', e9g9 recruiting nd de#eloping pproprite 'tff nd (nging 'tff continuity

(nging fcilitie' nd )udget

(nging the te(' including 'er#ice de'A nd opertion'

reporting progre'' gin't the pln'

coordintion of 'er#ice (nge(ent proce''e'



32/64


page 2 - 28

$lnning nd i(ple(enting S.Che!1

& O)*ecti#e7 To "onitor "easure and reie that the S$obe!ties and plan are being a!hieed

& %pply 'uit)le (ethod' for (onitoring nd (e'uring

proce''e'

& Conduct re#iew' t plnned inter#l'

& $ln n udit progr((e with the following con'idertion'7

Sttu' i(portnce of proce''e', pre#iou' udit'

%udit criteri, 'cope, fre+uency (ethod' 4defined in procedure6

O)*ecti#ity i(prtility of uditor' 4no uditing of own worA6

& Record o)*ecti#e', finding' nd re(edil ction'L co((unicte

non!co(plince

4- (onitoring: (ea$uring and re+ie9ing 1C#ecObe!ti(e: To "onitor/ "easure and re(ie0 that the ser(i!e "anage"ent obe!ti(es and plan are beinga!hie(ed9

=he 'er#ice pro#ider S%FF pply 'uit)le (ethod' for (onitoring nd, where pplic)le, (e'ure(ent

of the 'er#ice (nge(ent proce''e'9 =he'e (ethod' S%FF de(on'trte the )ility of the proce''e'to chie#e plnned re'ult'9

.nge(ent S%FF conduct re#iew' t plnned inter#l' to deter(ine whether the 'er#ice (nge(entre+uire(ent'7

confor( with the 'er#ice (nge(ent pln nd to the re+uire(ent' of thi' 'tndrd

re effecti#ely i(ple(ented nd (intined

%n udit progr((e S%FF )e plnned, tAing into con'idertion the 'ttu' nd i(portnce of theproce''e' nd re' to )e udited, ' well ' the re'ult' of pre#iou' udit'9 =he udit criteri, 'cope,fre+uency nd (ethod' S%FF )e defined in procedure9 =he 'election of uditor' nd conduct of udit'S%FF en'ure o)*ecti#ity nd i(prtility of the udit proce''9 %uditor' S%FF not udit their own worA9

=he o)*ecti#e of 'er#ice (nge(ent re#iew', ''e''(ent' nd udit' S%FF )e recorded together withthe finding' of 'uch udit' nd re#iew' nd ny re(edil ction' identified9 %ny 'ignificnt re' of non!co(plince or concern S%FF )e co((unicted to rele#nt prtie'9



33/64


page 2 - 2

$lnning nd i(ple(enting S.&!t4"6

& O)*ecti#e7 To i"proe the effe!tieness and effi!ien!y ofseri!e deliery and "anage"ent

& $u)li'h policy on 'er#ice i(pro#e(ent nd re(edy ny non!

co(plince with the 'tndrd / S. pln'

& :efine 'er#ice i(pro#e(ent role' nd re'pon'i)ilitie'

& Record, ''e'', prioriti'e nd uthori'e ll i(pro#e(ent',

u'ing pln to control i(pro#e(ent cti#itie'

& Identify, (e'ure, report nd (nge ongoing i(pro#e(ent

4)oth indi#idul cro'' nu()er of proce''e'6

4-4 Continual i(pro+e(ent 1ActObe!ti(e: To i"pro(e the effe!ti(eness and effi!ien!y of ser(i!e deli(ery and "anage"ent9

4.4.1 Policy=here S%FF )e pu)li'hed policy on 'er#ice i(pro#e(ent9 %ny non!co(plince with the 'tndrd or

the 'er#ice (nge(ent pln' S%FF )e re(edied9 Role' nd re'pon'i)ilitie' for 'er#ice i(pro#e(entcti#itie' S%FF )e clerly defined9

4.4.2 Management of improvements%ll 'ugge'ted 'er#ice i(pro#e(ent' S%FF )e ''e''ed, recorded, prioritiHed nd uthoriHed9 % plnS%FF )e u'ed to control the cti#ity9

=he 'er#ice pro#ider S%FF h#e proce'' in plce to identify, (e'ure, report nd (ngei(pro#e(ent cti#itie' on n ongoing )'i'9 =hi' S%FF include7

i(pro#e(ent' to n indi#idul proce'' tht cn )e i(ple(ented )y the proce'' owner with the u'ul

'tff re'ource', e9g9 perfor(ing indi#idul correcti#e nd pre#enti#e ction'

i(pro#e(ent' cro'' the orgniHtion or cro'' (ore thn one proce''



34/64


page 2 - 0

$lnning nd i(ple(enting S.&!t (2

& =he 'er#ice pro#ider 'hll perfor( cti#itie' to7 Collect nd nlyHe dt to )'eline nd )ench(rA perfor(nce

Identify, pln nd i(ple(ent i(pro#e(ent'

Con'ult rele#nt prtie'

Set trget' 4+ulity, co't' re'ource utiliHtion6

Con'ider rele#nt input'

.e'ure, report nd co((unicte

Re#i'e S. policie', proce''e' procedure' nd pln'

En'ure tht ll ppro#ed ction' re deli#ered ccording to

intended o)*ecti#e'

4.4.3 Activities=he 'er#ice pro#ider S%FF perfor( cti#itie' to7

collect nd nlyHe dt to )'eline nd )ench(rA the 'er#ice pro#iderD' cp)ility to (nge nd

deli#er 'er#ice nd 'er#ice (nge(ent proce''e'

identify, pln nd i(ple(ent i(pro#e(ent'

con'ult with ll prtie' in#ol#ed 'et trget' for i(pro#e(ent' in +ulity, co't' nd re'ource utiliHtion

con'ider rele#nt input' )out i(pro#e(ent' fro( ll the 'er#ice (nge(ent proce''e'

(e'ure, report nd co((unicte the 'er#ice i(pro#e(ent'

re#i'e the 'er#ice (nge(ent policie', proce''e', procedure' nd pln' where nece''ry

en'ure tht ll ppro#ed ction' re deli#ered nd tht they chie#e their intended o)*ecti#e'



35/64


page 2 - !

$lnning nd i(ple(enting new

or chnged 'er#ice'





'er#ice'

& Ser#ice Reporting& Ser#ice Fe#el .gt

& -udgeting %ccounting forI= Ser#ice


& Incident .nge(ent

& $ro)le( .nge(ent


.nge(ent

& Supplier .nge(ent

Control roce$$e$

Configurtion .nge(ent

Chnge .nge(ent



%#il)ility .gt




36/64


37/64


page 2 -

$lnning nd i(ple(enting new

or chnged 'er#ice' 426

& %ccept new / chnged 'er#ice' )efore i(ple(enting

& Report on outco(e' chie#ed gin't plnned

& $o't i(ple(enttion re#iew

Co(pring plnned ctul outco(e'

i chnge (nge(ent proce''

Bew or chnged 'er#ice' S%FF )e ccepted )y the 'er#ice pro#ider )efore )eing i(ple(ented into theli#e en#iron(ent9

=he 'er#ice pro#ider S%FF report on the outco(e' chie#ed )y the new or chnged 'er#ice gin'ttho'e plnned following it' i(ple(enttion9 % po't i(ple(enttion re#iew co(pring ctul outco(e'

gin't tho'e plnned S%FF )e perfor(ed through the chnge (nge(ent proce''9



38/64


page 2 - 4

Ser#ice :eli#ery $roce''





'er#ice'

& Ser#ice Reporting


I= Ser#ice


& Incident .nge(ent& $ro)le( .nge(ent


.nge(ent& Supplier .nge(ent


Chnge .nge(ent


& Cpcity .gt





39/64


page 2 - 5

Ser#ice :eli#ery $roce''Ser#ice Fe#el .nge(ent

& O)*ecti#e7 To define agree re!ord and "anage leels ofseri!e

& Record nd gree of ll 'er#ice' together with their indi#idul

'er#ice trget' within SF%'

& :ocu(ent nd gree ll 'upporting 'er#ice gree(ent'

& SF%' 'hll )e under control of chnge (nge(ent re#iewed

regulrly

& Ser#ice le#el' 'hll )e (onitored nd reported gin't trget'

6 Ser+ice deli+er% proce$$

6-! Ser+ice le+el (anage(entObe!ti(e: To define/ agree/ re!ord and "anage le(els of ser(i!e9

=he full rnge of 'er#ice' to )e pro#ided together with the corre'ponding 'er#ice le#el trget' ndworAlod chrcteri'tic' S%FF )e greed )y the prtie' nd recorded9

Ech 'er#ice pro#ided S%FF )e defined, greed nd docu(ented in one or (ore 'er#ice le#elgree(ent' 4SF%'9 SF%', together with 'upporting 'er#ice gree(ent', 'upplier contrct' ndcorre'ponding procedure', S%FF )e greed )y ll rele#nt prtie' nd recorded9

=he SF%' S%FF )e under the control of the chnge (nge(ent proce''9

=he SF%' S%FF )e (intined )y regulr re#iew' )y the prtie' to en'ure tht they re up!to!dte ndre(in effecti#e o#er ti(e9

Ser#ice le#el' S%FF )e (onitored nd reported gin't trget', 'howing )oth current nd trend

infor(tion9 =he re'on' for non!confor(nce S%FF )e reported nd re#iewed9 %ction' fori(pro#e(ent identified during thi' proce'' S%FF )e recorded nd pro#ide input into pln for i(pro#ingthe 'er#ice9



40/64


page 2 - 6

Ser#ice :eli#ery $roce''Ser#ice Reporting

& O)*ecti#e7 To produ!e agreed ti"ely reliable a!!urate reportsfor infor"ed de!ision "a1ing and effe!tie !o""uni!ation

& Ser#ice report' produced to (eet cu'to(er need'7

Cler de'cription M identity, purpo'e, udience, 'ource of dt

$erfor(nce gin't 'er#ice le#el trget'

Bon!co(plince i''ue', e9g9 SF% )reche'

WorAlod chrcteri'tic', e9g9 #olu(e, re'ource utiliHtion

.*or e#ent reporting nd nly'i'

=rend infor(tion

Sti'fction nly'i'

& .nge(ent deci'ion' nd correcti#e ction' )'ed onnly'i' of 'er#ice report finding'

6-2 Ser+ice reportingObe!ti(e: To produ!e agreed/ ti"ely/ reliable/ a!!urate reports for infor"ed de!ision "a1ing andeffe!ti(e !o""uni!ation9

=here S%FF )e cler de'cription of ech 'er#ice report including it' identity, purpo'e, udience nddetil' of the dt 'ource9 Ser#ice report' S%FF )e produced to (eet identified need' nd cu'to(er

re+uire(ent'9

Ser#ice reporting S%FF include7

perfor(nce gin't 'er#ice le#el trget'

non!co(plince nd i''ue', e9g9 gin't the SF%, 'ecurity )reech

worAlod chrcteri'tic', e9g9 #olu(e, re'ource utiliHtion

perfor(nce reporting following (*or e#ent', e9g9 (*or incident' nd chnge'

trend infor(tion

'ti'fction nly'i'

.nge(ent deci'ion' nd correcti#e ction' S%FF tAe into con'idertion the finding' in the 'er#icereport' nd S%FF )e co((unicted to rele#nt prtie'9

$ge 2 ! Copyright 2006, Quint Wellington Redwood


41/64


page 2 - 7

Ser#ice :eli#ery $roce''Ser#ice Continuity nd %#il)ility .nge(ent

& O)*ecti#e7 To ensure that agreed seri!e !ontinuity and aailability

!o""it"ents to !usto"ers !an be "et in all !ir!u"stan!es

& Re+uire(ent' 'hll )e identified on the )'i' of )u'ine'' pln',

SF%' nd ri'A ''e''(ent' nd 'u)'e+uently

:e#elop, (intin nd re#iew pln'

%ll chnge' 'hll )e ''e''ed for i(pct on the )o#e pln'

.e'ure nd record #il)ility

In#e'tigte unplnned non!#il)ility nd tAe pproprite

correcti#e / pre#enti#e ction'

.Ae 'er#ice continuity pln', li't' nd C.:- #il)le off!'ite

Re!te't pln' t e#ery (*or chnge to )u'ine'' en#iron(ent

Record continuity te't' nd for(ulte ction pln' fro( te't

filure'

6- Ser+ice continuit% and a+aila.ilit% (anage(entObe!ti(e: To ensure that agreed ser(i!e !ontinuity and a(ailability !o""it"ents to !usto"ers !an be"et in all !ir!u"stan!es9

%#il)ility nd 'er#ice continuity re+uire(ent' S%FF )e identified on the )'i' of )u'ine'' pln', SF%'nd ri'A ''e''(ent'9 Re+uire(ent' S%FF include cce'' right' nd re'pon'e ti(e' ' well ' end toend #il)ility of 'y'te( co(ponent'9

%#il)ility nd 'er#ice continuity pln' S%FF )e de#eloped nd re#iewed t le't nnully to en'ure

tht re+uire(ent' re (et ' greed in ll circu('tnce' fro( nor(l through to (*or lo'' of 'er#ice9

=he'e pln' S%FF )e (intined to en'ure tht they reflect greed chnge' re+uired )y the )u'ine''9

=he #il)ility nd 'er#ice continuity pln' 'hll )e re!te'ted t e#ery (*or chnge to the )u'ine''en#iron(ent9

=he chnge (nge(ent proce'' S%FF ''e'' the i(pct of ny chnge on the #il)ility nd 'er#icecontinuity pln9

%#il)ility S%FF )e (e'ured nd recorded9

nplnned non!#il)ility S%FF )e in#e'tigted nd pproprite ction' tAen9

6OTE 7here possible/ potential issues S8&99 be predi!ted and pre(enti(e a!tion ta1en,

Ser#ice continuity pln', contct li't' nd the configurtion (nge(ent dt)'e S%FF )e #il)lewhen nor(l office cce'' i' pre#ented9 =he 'er#ice continuity pln S%FF include the return to nor(lworAing9

=he 'er#ice continuity pln S%FF )e te'ted in ccordnce with )u'ine'' need'9

%ll continuity te't' S%FF )e recorded nd te't filure' S%FF )e for(ulted into ction pln'9



42/64


page 2 - 8

Ser#ice :eli#ery $roce''-udgeting nd ccounting for I= 'er#ice'

& O)*ecti#e7 To budget and a!!ount for the !ost of seri!eproisioning Bote7 Chrging i' optionl, )ut where chrging i' u'ed, it i' reco((ended tht the

(echni'(' re fully under'tood )y ll prtie'

& Cler policie' nd proce''e' for7

-udgeting nd ccounting

%pportion(ent of indirect co't' lloction of direct co't'

Effecti#e finncil control nd uthoriHtion

& Co't' 'hll )e )udgeted with 'ufficient detil

& .onitor nd report co't' gin't )udgetL re#iew forec't'

& Co't nd ppro#e chnge' through chnge (nge(ent

6-4 udgeting and accounting for I, $er+ice$Obe!ti(e: To budget and a!!ount for the !ost of ser(i!e pro(ision9

BO=E =hi' 'ection co#er' )udgeting nd ccounting for I= 'er#ice'9 In prctice, (ny 'er#ice pro#ider' will )ein#ol#ed in chrging for 'uch 'er#ice'9 owe#er, 'ince chrging i' n optionl cti#ity, it i' not co#ered )y the'tndrd9 Ser#ice pro#ider' re reco((ended tht where chrging i' in u'e, the (echni'( for doing 'o i' fully

defined nd under'tood )y ll prtie'9 %ll ccounting prctice' in u'e 'hould )e ligned to the wider ccountncyprctice' of the 'er#ice pro#iderD' orgniHtion9

=here S%FF )e cler policie' nd proce''e' for7

)udgeting, nd ccounting for ll co(ponent' including I= ''et', 'hred re'ource', o#erhed',

e@ternlly 'upplied 'er#ice, people, in'urnce nd licen'e'

pportioning indirect co't' nd llocting direct co't' to 'er#ice'

effecti#e finncil control nd uthoriHtion

Co't' S%FF )e )udgeted in 'ufficient detil to en)le effecti#e finncil control nd deci'ion (Aing9

=he 'er#ice pro#ider S%FF (onitor nd report co't' gin't the )udget, re#iew the finncil forec't'nd (nge co't' ccordingly9

Chnge' to 'er#ice' S%FF )e co'ted nd ppro#ed through the chnge (nge(ent proce''9



43/64


page 2 -

Ser#ice :eli#ery $roce''Cpcity .nge(ent

& O)*ecti#e7 To ensure that the seri!e proider has at all ti"essuffi!ient !apa!ity to "eet !urrent and future agreed de"andsof the !usto"ers business needs

& :e#elop cpcity (nge(ent pln proce'', ddre''ing7

Current / predicted cpcity perfor(nce re+uire(ent'

=i(e'cle', thre'hold' co't' of upgrde'

E#lution of effect' of upgrde', RC', new technologie'

I(pct of e@ternl chnge'

:t proce''e' for predicti#e nly'i'

& Identify (ethod', procedure' nd techni+ue' to (onitor 'er#icecpcity nd tune 'er#ice perfor(nce

6-5 Capacit% (anage(entObe!ti(e: To ensure that the ser(i!e pro(ider has/ at all ti"es/ suffi!ient !apa!ity to "eet the !urrent andfuture agreed de"ands of the !usto"ers business needs9

Cpcity (nge(ent S%FF produce nd (intin cpcity pln9 Cpcity (nge(ent S%FFddre'' the )u'ine'' need' nd include7

current nd predicted cpcity nd perfor(nce re+uire(ent'L identified ti(e!'cle', thre'hold' nd co't' for 'er#ice upgrde'L

e#lution of effect' of nticipted 'er#ice upgrde', re+ue't' for chnge, new technologie' nd

techni+ue' on cpcityL

predicted i(pct of e@ternl chnge', e9g9 legi'lti#eL

dt nd proce''e' to en)le predicti#e nly'i'9

.ethod', procedure' nd techni+ue' S%FF )e identified to (onitor 'er#ice cpcity, tune 'er#iceperfor(nce nd pro#ide de+ute cpcity9



44/64


page 2 - 40

Ser#ice :eli#ery $roce''Infor(tion Security .nge(ent

& O)*ecti#e7 To "anage infor"ation se!urity effe!tiely ithin allseri!e a!tiities

& .nge(ent with uthority 'hll ppro#e infor(tion 'ecurity

policy co((unicte to ll rele#nt per'onnel nd cu'to(er'

& Security control' 'hll )e docu(ented7

:e'cri)ing relted ri'A', opertion nd (intennce

or(l gree(ent for e@ternl orgniHtion' tht h#e cce'' to

infor(tion 'y'te(' nd 'er#ice'

& Report, record nd in#e'tigte 'ecurity incident'

Quntify (onitor type', #olu(e' i(pct of incident' M input to

pln for i(pro#ing 'er#ice

6-6 Infor(ation $ecurit% (anage(entObe!ti(e: To "anage infor"ation se!urity effe!ti(ely 0ithin all ser(i!e a!ti(ities9

BO=E ISO/IEC "JJ>>, Infor(tion technology N Security techni+ue' N Code of prctice for infor(tion 'ecurity(nge(ent pro#ide' guidnce on infor(tion 'ecurity (nge(ent9

.nge(ent with pproprite uthority S%FF ppro#e n infor(tion 'ecurity policy tht S%FF )eco((unicted to ll rele#nt per'onnel nd cu'to(er' where pproprite9

%pproprite 'ecurity control' S%FF operte to7

i(ple(ent the re+uire(ent' of the infor(tion 'ecurity policy

(nge ri'A' ''ocited with cce'' to the 'er#ice or 'y'te('

Security control' S%FF )e docu(ented9 =he docu(enttion S%FF de'cri)e the ri'A' to which thecontrol' relte, nd the (nner of opertion nd (intennce of the control'9 =he i(pct of chnge' oncontrol' S%FF )e ''e''ed )efore chnge' re i(ple(ented9

%rrnge(ent' tht in#ol#e e@ternl orgniHtion' h#ing cce'' to infor(tion 'y'te(' nd 'er#ice'S%FF )e )'ed on for(l gree(ent tht define' ll nece''ry 'ecurity re+uire(ent'9

Security incident' S%FF )e reported nd recorded in line with incident (nge(ent procedure ' 'oon' po''i)le9 $rocedure' S%FF )e in plce to en'ure tht ll 'ecurity incident' re in#e'tigted, nd(nge(ent ction tAen9 .echni'(' S%FF )e in plce to en)le the type', #olu(e' nd i(pct' of'ecurity incident' nd (lfunction' to )e +untified nd (onitored9 %ction' for i(pro#e(ent identifiedduring thi' proce'' S%FF )e recorded nd pro#ide input into pln for i(pro#ing the 'er#ice9



45/64


page 2 - 4!

Reltion'hip $roce''e'





'er#ice'

& Ser#ice Reporting


I= Ser#ice

elea$e roce$$e$

& Rele'e .nge(ent e$olution roce$$e$


elation$#ip roce$$e$

& -u'ine'' Reltion'hip.nge(ent

& Supplier .nge(ent


Chnge .nge(ent


& Cpcity .gt





46/64


page 2 - 42

Reltion'hip $roce''e'-u'ine'' Reltion'hip .nge(ent

& O)*ecti#e7 To establish and "aintain a good relationshipbeteen the seri!e proider and the !usto"er based onunderstanding the !usto"er and their business driers

& Identify nd docu(ent 'tAeholder' cu'to(er'

& Ser#ice pro#ider nd cu'to(er h' to ttend nd docu(ent7

Re#iew' of 'er#ice 'cope, SF% )u'ine'' need' 4t le'tnnully6

Interi( (eeting' to di'cu'' perfor(nce, i''ue' ction pln'

& Bo(inte indi#idul4'6 re'pon'i)le for cu'to(er 'ti'fction )u'ine'' reltion'hip (nge(ent proce''

Co(plint' proce'' e'cltion procedure'

%wrene'' of )u'ine'' need' chnging re+uire(ent' Cu'to(er feed)cA proce'' ! identify i(pro#e(ent ction'

7 elation$#ip proce$$e$

7-! ;eneralReltion'hip proce''e' de'cri)e the two relted 'pect' of Supplier .nge(ent nd -u'ine''

Reltion'hip .nge(ent9

7-2 u$ine$$ relation$#ip (anage(entObe!ti(e: To establish and "aintain a good relationship bet0een the ser(i!e pro(ider and the !usto"erbased on understanding the !usto"er and their business dri(ers9

=he 'er#ice pro#ider S%FF identify nd docu(ent the 'tAeholder' nd cu'to(er' of the 'er#ice'9

=he 'er#ice pro#ider nd cu'to(er S%FF ttend 'er#ice re#iew to di'cu'' ny chnge' to the 'er#ice'cope, SF%, contrct 4if pre'ent or the )u'ine'' need' t le't nnully nd S%FF hold interi((eeting' t greed inter#l' to di'cu'' perfor(nce, chie#e(ent', i''ue' nd ction pln'9 =he'e(eeting' S%FF )e docu(ented9 Other 'tAeholder' in the 'er#ice (y l'o )e in#ited to the (eeting'9

Chnge' to the contrct4', if pre'ent, nd SF%4' S%FF follow fro( the'e (eeting' ' pproprite9=he'e chnge' S%FF )e 'u)*ect to the chnge (nge(ent proce''9

=he 'er#ice pro#ider S%FF re(in wre of )u'ine'' need' nd (*or chnge' in order to prepre tore'pond to the'e need'9

=here S%FF )e co(plint' proce''9 =he definition of for(l 'er#ice co(plint S%FF )e greedwith the cu'to(er9 %ll for(l 'er#ice co(plint' S%FF )e recorded )y the 'er#ice pro#ider, in#e'tigted,cted upon, reported nd for(lly clo'ed9 Where co(plint i' not re'ol#ed through the nor(lchnnel', e'cltion S%FF )e #il)le to the cu'to(er9



47/64


=he 'er#ice pro#ider S%FF h#e n(ed indi#idul or indi#idul' who re re'pon'i)le for (ngingcu'to(er 'ti'fction nd the whole )u'ine'' reltion'hip proce''9 % proce'' S%FF e@i't for o)tiningnd cting upon feed)cA fro( regulr cu'to(er 'ti'fction (e'ure(ent'9

%ction' for i(pro#e(ent identified during thi' proce'' S%FF )e recorded nd input into pln fori(pro#ing the 'er#ice9



48/64


page 2 - 4

Reltion'hip $roce''e'Supplier .nge(ent 4"6

& O)*ecti#e7 To "anage suppliers to ensure the proision ofsea"less 4uality seri!es Bote7 Scope e@clude' procure(ent of 'upplier', nd it i' the 'er#ice pro#ider

who h' to confor( to 'upplier (nge(ent re+uire(ent'

& %gree nd docu(ent 'cope, trget', proce''e' nd interfce'

Bo(inte contrct (nger for ech 'upplier

Supplier trget' to )e ligned with SF% trget' M (onitor

perfor(nce

& :ocu(ent reltion'hip' )etween led 'u)contrcted'upplier'

Fed (u't de(on'trte 'u)contrcted 'upplier' (eet

re+uire(ent'

7- Supplier (anage(entObe!ti(e: To "anage suppliers to ensure the pro(ision of sea"less/ 4uality ser(i!es,

BO=E " =he 'cope of thi' 'tndrd e@clude' the procure(ent of the 'upplier'9BO=E 2 Supplier' (y )e u'ed )y the 'er#ice pro#ider for pro#i'ion of 'o(e prt of the 'er#ice9 It i' the 'er#icepro#ider who need' to de(on'trte confor(ity to the'e 'upplier (nge(ent proce''e'9 Co(ple@ reltion'hip' (y)e pre'ent ' de(on'trted in the digr( )elow ' n e@(ple7

Figure 3 Eample of relationship !et"een service providers and suppliers

=he 'er#ice pro#ider S%FF h#e docu(ented 'upplier (nge(ent proce''e' nd S%FF n(e contrct (nger re'pon'i)le for ech 'upplier9

=he re+uire(ent', 'cope, le#el of 'er#ice nd co((uniction proce''e' to )e pro#ided )y the 'upplier4'S%FF )e docu(ented in SF%' or other docu(ent' nd greed )y ll prtie'9

SF%' with the 'upplier' S%FF )e ligned with the SF%4' with the )u'ine''9

=he interfce' )etween proce''e' u'ed )y ech prty S%FF )e docu(ented nd greed9

%ll role' nd reltion'hip' )etween led nd 'u)contrcted 'upplier' S%FF )e clerly docu(ented9Fed 'upplier' S%FF )e )le to de(on'trte proce''e' to en'ure tht 'u)contrcted 'upplier' (eetcontrctul re+uire(ent'9



49/64


Reltion'hip $roce''e'Supplier .nge(ent 426

& .*or re#iew of contrct / gree(ent' t le't nnully

& $roce''e' for hndling di'pute', end of contrct, erlyter(intion nd trn'fer of 'er#ice'

& .onitor re#iew perfor(nce gin't SF% trget' M input to

pln for i(pro#ing 'er#ice

% proce'' S%FF )e in plce for (*or re#iew of the contrct or for(l gree(ent t le't nnully toen'ure tht )u'ine'' need' nd contrctul o)ligtion' re 'till )eing (et9

Chnge' to the contrct4', if pre'ent, nd SF%4' S%FF follow fro( the'e re#iew' ' pproprite or tother ti(e' ' re+uired9 %ny chnge' S%FF )e 'u)*ect to the chnge (nge(ent proce''9

% proce'' S%FF e@i't to del with contrctul di'pute'9

% proce'' S%FF )e in plce to del with the e@pected end of 'er#ice, erly end of the 'er#ice or trn'ferof 'er#ice to nother prty9

$erfor(nce gin't 'er#ice le#el trget' S%FF )e (onitored nd re#iewed9 %ction' for i(pro#e(entidentified during thi' proce'' S%FF )e recorded nd input into pln for i(pro#ing the 'er#ice9



50/64


page 2 - 45

Su((ry ISO/IEC 20000 $roce''e'

e&uire(ent$ for a (anage(ent $%$te( .nge(ent re'pon'i)ility





'er#ice'

& Ser#ice Reporting& Ser#ice Fe#el .gt& -udgeting %ccounting for

I= Ser#ice




.nge(ent

& Supplier .nge(ent


Chnge .nge(ent


& Cpcity .gt





51/64


page 2 - 46

Re'olution $roce''e'Incident .nge(ent

& O)*ecti#e7 To restore agreed seri!e to the business as soon aspossible or to respond to seri!e re4uests

& Record %FF incident'

& $rocedure' for (nging the i(pct of incident', including7

Recording, prioritiHtion, )u'ine'' i(pct, cl''ifiction, updting,

e'cltion, re'olution for(l clo'ure

& Geep cu'to(er infor(ed of progre''

& Stff cce'' to rele#nt info ! Anown error', pro)le( re'olution'

C.:-

& $roce'' for cl''ifiction (nge(ent of (*or incident'

8 e$olution proce$$e$

8-! acground

Incident nd pro)le( (nge(ent re 'eprte proce''e', lthough they re clo'ely linAed9

8-2 Incident (anage(entObe!ti(e: To restore agreed ser(i!e to the business as soon as possible or to respond to ser(i!ere4uests9

%ll incident' S%FF )e recorded9

$rocedure' S%FF )e dopted to (nge the i(pct of incident'9 $rocedure' S%FF define therecording, prioritiHtion, )u'ine'' i(pct, cl''ifiction, updting, e'cltion, re'olution nd for(lclo'ure of ll incident'9

=he cu'to(er S%FF )e Aept infor(ed of the progre'' of their reported incident or 'er#ice re+ue't ndlerted in d#nce if their 'er#ice le#el' cnnot )e (et nd n ction greed9

%ll 'tff in#ol#ed in incident (nge(ent S%FF h#e cce'' to rele#nt infor(tion 'uch ' Anownerror', pro)le( re'olution' nd the configurtion (nge(ent dt)'e 4C.:-9

.*or incident' S%FF )e cl''ified nd (nged ccording to proce''9



52/64


page 2 - 47

Re'olution $roce''e'$ro)le( .nge(ent

& O)*ecti#e7 To "ini"ize the disruption to the business byproa!tie identifi!ation and analysis of the !ause of in!identsand by "anaging proble"s to !losure

& $rocedure' for identifying, (ini(i'ing or #oiding i(pct ofincident' nd pro)le(' including7

Recording, prioritiHtion, )u'ine'' i(pct, cl''ifiction, updting,e'cltion, re'olution for(l clo'ure

$ro#ide up!to!dte info on Anown error' pro)le(' to I.

& =Ae pre#enti#e ction

=rend nly'i'

Ri'ing chnge' to correct the underlying cu'e

& .onitoring re#iewing effecti#ene'' of pro)le( re'olution !input to pln for i(pro#ing 'er#ice

8- ro.le( (anage(entObe!ti(e: To "ini"ize disruption to the business by proa!ti(e identifi!ation and analysis of the !ause ofin!idents and by "anaging proble"s to !losure9

%ll identified pro)le(' S%FF )e recorded9

$rocedure' S%FF )e dopted to identify, (ini(iHe or #oid the i(pct of incident' nd pro)le('9 =heyS%FF define the recording, cl''ifiction, updting, e'cltion, re'olution nd clo'ure of ll pro)le('9$re#enti#e ction S%FF )e tAen to reduce potentil pro)le(', e9g9 following trend nly'i' of incident#olu(e' nd type'9

Chnge' re+uired in order to correct the underlying cu'e of pro)le(' S%FF )e p''ed to the chnge(nge(ent proce''9

$ro)le( re'olution S%FF )e (onitored, re#iewed nd reported on for effecti#ene''9$ro)le( (nge(ent S%FF )e re'pon'i)le for en'uring up!to!dte infor(tion on Anown error' ndcorrected pro)le(' i' #il)le to incident (nge(ent9

%ction' for i(pro#e(ent identified during thi' proce'' S%FF )e recorded nd input into pln fori(pro#ing the 'er#ice9



53/64


54/64


page 2 - 4

Control $roce''e'Configurtion .nge(ent

& O)*ecti#e7 To define and !ontrol the !o"ponents of the seri!eand infrastru!ture and "aintain a!!urate !onfigurationinfor"ation Bote7 inncil ''et ccounting out of 'cope

& Integrted pproch to chnge configurtion (nge(entplnning

& :efine interfce to finncil ''et ccounting

& Configurtion .nge(ent policy to include7

Wht i' CI it' co(ponent'

Reltion'hip' docu(enttion

Wht other CI infor(tion to )e recorded

& $ro#ide infor(tion for ''e''ing the i(pct of chnge'& Chnge' to )e trce)le nd udit)le

Control proce$$e$

-! Configuration (anage(ent

Obe!ti(e: To define and !ontrol the !o"ponents of the ser(i!e and infrastru!ture and "aintain a!!urate

!onfiguration infor"ation9

=here S%FF )e n integrted pproch to chnge nd configurtion (nge(ent plnning9

=he 'er#ice pro#ider S%FF define the interfce to f inncil ''et ccounting proce''e'9

BO=E " inncil ''et ccounting fll' out'ide the 'cope of thi' 'ection9

=here S%FF )e policy on wht i' defined ' configurtion ite( nd it' con'tituent co(ponent'9

=he infor(tion to )e recorded for ech ite( S%FF )e defined nd S%FF include the reltion'hip' nddocu(enttion nece''ry for effecti#e 'er#ice (nge(ent9

Configurtion (nge(ent S%FF pro#ide the (echni'(' for identifying, controlling nd trcAing

#er'ion' of identifi)le co(ponent' of the 'er#ice nd infr'tructure9 It S%FF )e en'ured tht the degreeof control i' 'ufficient to (eet the )u'ine'' need', ri'A of filure nd 'er#ice criticlity9

Configurtion (nge(ent S%FF pro#ide infor(tion to the chnge (nge(ent proce'' on the i(pctof re+ue'ted chnge on the 'er#ice nd infr'tructure configurtion'9

Chnge' to configurtion ite(' S%FF )e trce)le nd udit)le where pproprite, e9g9 for chnge'nd (o#e(ent' of 'oftwre nd hrdwre9



55/64


page 2 - 50

Control $roce''e'Configurtion .nge(ent

& Configurtion control procedure' to (intin integrity of'y'te(', 'er#ice' nd co(ponent'

& -'eline pproprite CI' prior to rele'e

& $rotection 'torge of ('ter copie' of ll electronic CI'

With reference to configurtion record' in the C.:-

& %ll CI' M uni+uely identifi)le recorded in C.:-

pdte cce'' 'trictly controlled

%cti#ely (nged to en'ure reli)ility ccurcy

Sttu', #er'ion, loction, relted chnge nd pro)le( info 4''ocited docu(enttion6 to )e (de #i'i)le to tho'e whore+uire

& Record deficiencie', initite correcti#e ction' report onoutco(e

Configurtion control procedure' S%FF en'ure tht the integrity of 'y'te(', 'er#ice' nd 'er#iceco(ponent' re (intined9

% )'eline of the pproprite configurtion ite(' S%FF )e tAen )efore rele'e to the li#een#iron(ent9

.'ter copie' of digitl configurtion ite(' S%FF )e controlled in 'ecure phy'icl or electronic li)rrie'nd referenced to the configurtion record', e9g9 'oftwre, te'ting product', 'upport docu(ent'9

%ll configurtion ite(' S%FF )e uni+uely identifi)le nd recorded in C.:- to which updte cce''S%FF )e 'trictly controlled9 =he C.:- S%FF )e cti#ely (nged nd #erified to en'ure it' reli)ilitynd ccurcy9

=he 'ttu' of configurtion ite(', their #er'ion', loction, relted chnge' nd pro)le(' nd ''ociteddocu(enttion S%FF )e #i'i)le to tho'e who re+uire it9

Configurtion udit procedure' S%FF include recording deficiencie', inititing correcti#e ction' ndreporting on the outco(e9



56/64


page 2 - 5!

Control $roce''e'Chnge .nge(ent

& O)*ecti#e7 To ensure all !hanges are assessed approedi"ple"ented and reieed in a !ontrolled "anner

& Chnge' 'hll h#e clerly defined, docu(ented greed'cope

& Chnge' 'hll )e recorded, cl''ified, ''e''ed, ppro#ed,checAed, i(ple(ented nd re#iewed

& $olicie' procedure' to control e(ergency chnge'

& .intin co((unicte 'chedule of ppro#ed chnge' 4withpropo'ed i(ple(enttion dte'6

& %nly'e chnge' for trend' M record re'ult' conclu'ion'

& %ction' for i(pro#e(ent 'hll )e recorded ! input to the pln for

i(pro#ing 'er#ice

-2 C#ange (anage(entObe!ti(e: To ensure all !hanges are assessed/ appro(ed/ i"ple"ented and re(ie0ed in a !ontrolled"anner9

Ser#ice nd infr'tructure chnge' S%FF h#e clerly defined nd docu(ented 'cope9

%ll re+ue't' for chnge S%FF )e recorded nd cl''ified, e9g9 urgent, e(ergency, (*or, (inor9

Re+ue't' for chnge' S%FF )e ''e''ed for their ri'A, i(pct nd )u'ine'' )enefit9 =he chnge(nge(ent proce'' S%FF include the (nner in which the chnge S%FF )e re#er'ed or re(edied ifun'ucce''ful9

Chnge' S%FF )e ppro#ed nd then checAed, nd S%FF )e i(ple(ented in controlled (nner9 %llchnge' S%FF )e re#iewed for 'ucce'' nd ny ction' tAen fter i(ple(enttion9

=here S%FF )e policie' nd procedure' to control the uthoriHtion nd i(ple(enttion of e(ergencychnge'9

=he 'cheduled i(ple(enttion dte' of chnge' S%FF )e u'ed ' the )'i' for chnge nd rele'e'cheduling9 % 'chedule tht contin' detil' of ll the chnge' ppro#ed for i(ple(enttion nd theirpropo'ed i(ple(enttion dte' 'hll )e (intined nd co((unicted to rele#nt prtie'9

Chnge record' S%FF )e nlyHed regulrly to detect incre'ing le#el' of chnge', fre+uently recurringtype', e(erging trend' nd other rele#nt infor(tion9 =he re'ult' nd conclu'ion' drwn fro( chngenly'i' S%FF )e recorded9

%ction' for i(pro#e(ent identified fro( chnge (nge(ent S%FF )e recorded nd input into pln fori(pro#ing the 'er#ice9



57/64


page 2 - 52

Control roce$$e$

Configurtion .nge(ent

Chnge .nge(ent

Rele'e $roce''





'er#ice'

& Ser#ice Reporting


I= Ser#ice

elea$e roce$$e$& Rele'e .nge(ent e$olution roce$$e$& Incident .nge(ent

& $ro)le( .nge(ent


& Supplier .nge(ent



%#il)ility .gt& Infor(tion Security .gt



58/64


page 2 - 5

Rele'e $roce''Rele'e .nge(ent $roce''

& O)*ecti#e7 To delier distribute and tra!1 one or "ore !hangesin a release into the lie eniron"ent

& :ocu(ent gree rele'e policy 4'tting fre+uency type6

& :ocu(ent, gree uthoriHe rele'e pln' with ll rele#nt

prtie' 4nd co((unicte to I.6, including7

Rele'e dte', deli#er)le' )cA!out procedure'

Reference to relted RC', Anown error' pro)le('

& Rele'e proce'' / procedure' to include7

pdting configurtion info chnge record'

E(ergency rele'e' 4interfce with e(ergency chnge6

.e'uring 'ucce'' / filure i(pct M input to 'er#ice

i(pro#e(ent pln

E't)li'hing controlled cceptnce te't en#iron(ent

!0 elea$e proce$$

7-! elea$e (anage(ent proce$$Obe!ti(e: To deli(er/ distribute and tra!1 one or "ore !hanges in a release into the li(e en(iron"ent9

BO=E =he rele'e (nge(ent proce'' 'hould )e integrted with the configurtion nd chnge (nge(entproce''e'9

=he rele'e policy 'tting the fre+uency nd type of rele'e' S%FF )e docu(ented nd greed9

=he 'er#ice pro#ider S%FF pln with the )u'ine'' the rele'e of 'er#ice', 'y'te(', 'oftwre ndhrdwre9 $ln' on how to roll out the rele'e S%FF )e greed nd uthoriHed )y ll rele#nt prtie',e9g9 cu'to(er', u'er', opertion' nd 'upport 'tff9

=he proce'' S%FF include the (nner in which the rele'e S%FF )e re#er'ed or re(edied ifun'ucce''ful9

$ln' S%FF record the rele'e dte' nd deli#er)le' nd refer to relted chnge re+ue't', Anownerror' nd pro)le('9 =he rele'e (nge(ent proce'' 'hll p'' 'uit)le infor(tion to the incident

(nge(ent proce''9

Re+ue't' for chnge S%FF )e ''e''ed for their i(pct on rele'e pln'9 Rele'e (nge(entprocedure' S%FF include the updting nd chnging of configurtion infor(tion nd chnge record'9E(ergency rele'e' S%FF )e (nged ccording to defined proce'' tht interfce' to thee(ergency chnge (nge(ent proce''9

% controlled cceptnce te't en#iron(ent S%FF )e e't)li'hed to )uild nd te't ll rele'e' prior todi'tri)ution9



59/64


Rele'e nd di'tri)ution S%FF )e de'igned nd i(ple(ented 'o tht the integrity of hrdwre nd'oftwre i' (intined during in'tlltion, hndling, pcAging nd deli#ery9

Succe'' nd filure of rele'e' S%FF )e (e'ured9 .e'ure(ent' S%FF include incident' relted to rele'e in the period following rele'e9 %nly'i' S%FF include ''e''(ent of the i(pct on the)u'ine'', I= opertion' nd 'upport 'tff re'ource', nd S%FF pro#ide input into pln for i(pro#ingthe 'er#ice9



60/64


page 2 - 54

Que'tion'



61/64


ISO/IEC 20000-2"2005



62/64


page 2 - 56

ISO/IEC 20000!27200

$rt 2 gi#e' conden'ed 'et of guideline' on how

the control' detiled in $rt " cn )e

i(ple(ented9



63/64


64/64


page 2 - 58

Que'tion'

Qwr Iso20000 Auditor m02 Iso-iec 20000 Us-06apr14

Documents

Transcript of Qwr Iso20000 Auditor m02 Iso-iec 20000 Us-06apr14