Oct 25, 2018 - ISO/IEC. 20000-1:2011 vs. 9001:2015 matrix White paper, PDF format A. GMT ISO 20000. & ITIL Free Downloads. Download iso iec 20000 certification and implementation guide PDF, ePub, Mobi.
- Iso 20000 Pdf Free Download Torrent
- Iso 20000-2 Pdf Free Download
- Iso 31000 Pdf Free Download
- Iso 20000 Pdf Free Download For Pc
- Hello, and welcome to the first modulefor the IT Service Management Foundation coursebased on ISO/IEC 20000.My name is Dr. Suzanne Van Hove,and I am gonna work with you as we go through this course.But before we get started, we need to do some legal things,and take care of some trademark,trademark statements and copyright.So let's go ahead and get that outta the way.Unfortunately, I have to read themword for word, so bear with me.First of all, ISO is a registered trade markof the International Organization for Standardization.
IEC is as registered trade mark ofthe International Electrotechnical Commission.ITIL and the IT Infrastructure Libraryare registered trade marks of AXELOS Limited.The Swirl logo is a trade mark of AXELOS Limited.COBIT is a registered trade markof ISACA and the IT Governance Institute.And finally, CMMI is a registered trade markof Carnegie Mellon University.Now you may have recognized some of those names.Obviously, they're frameworks within service management.
Iso 20000 Pdf Free Download Torrent
ISO/IEC 20000: Similarities and Differences & Process Mapping (PDF) Download a free white paper. This white paper describes the similarities and differences between ITIL 2011 and ISO/IEC 20000. ISO 27000 - free and legal download. Anything to download a LEGAL and official ISO 27000 PDF. A legal copy for free! To download the standard just CLICK.
Maybe you also might have recognized the fact thatITIL is now under the control of AXELOS.But, more about that later.The ones that we are concerned with is ISO and IEC,and we are looking at ISO/IEC 20000as an international standard.So now you know what ISO stands for,the International Organization for Standardization,and IEC as the International Electrotechnical Commission.Okay.Course materials here, from the download page,you should be able to get the Student Guide.
That Student Guide, free download for you,has the slide deck, it has course handouts,course exercises, as well as the answers, and a sample exam.I encourage you to download that information.You're gonna be able to print it out at your,at your convenience or just look at it electronically.It will be a PDF.There is a supplemental text.This is an excellent book, it's calledImplementing Service Quality based on ISO/IEC 20000,and it is the third edition.
Iso 20000-2 Pdf Free Download
Michael Kunas did a wonderful job of describing 20000,and giving you enough detail that,quite frankly, for the Foundation Class,the standard itself is not really required.Some of the handouts that we provide for youwill have parts of the standard in it,so you can get an idea of what it is like.But this is an excellent book.The ISBN number is listed for you here,as well as a link to the publisher, so thatyou could go out and purchase this book if you so desire.
It is not a mandatory course text.Lastly, is the standard.Now, I'm a big fan of the standard.There are two parts that are important,specifically for this class, and thatwould be dash one and dash two.So, ISO 20000-1, 2011,this is what it looks like.In the handouts, we actually give you the cover,the table of contents, as well assome of the processes that are involved in 20000.
You can get this, if I flip through here really quickly,from the ANSI store, from the eStandards Store in ANSI.I've pulled up a web page for you.Of course, if you Google, you'll findmultiple providers of that standard.ANSI just happens to be in North America.You can get the standardelectronically, or as a print version.You'll notice that what I've got listed on hereis the package of what's currently available for 20000,and there are five parts that are currently available.
That will make more sense as we get into the course.Do consider it, there's some great informationin those two documents, Part One and Part Two.And we'll tell you about what the other partsare doing for you as we go through the course.But, this is the place that you can purchase them.If you just purchase Part One and Part Two,and it's certainly not at $500.So, do poke around, look for the best price.And if it's within your budget,I would suggest strongly that you purchase that course.
Okay.So we have our course materials, andlet's see what else we're going to be doing.First of all, the whole purpose of this Foundation Courseis really to introduce you to 20000.Many of you may have had some introduction to ITIL,and you may have had the Foundation Course in ITIL,and we'll talk about that in just a few minutes.You may have had a COBIT class.You may have had other service management framework classesfrom a beginning, or to an intermediateor an advanced level.
I strongly encourage folks to look at 20000,because it is the internationally acceptedbest practice for service management.And it's something that your organizationcan be audited against, and it's a consistent audit.Now the internationally accepted best practice, that's huge,because now we have level set service managementno matter where you are, and if you achieve the certificate,then we know at what level your organization is delivering.
Secondly, we're gonna prepare you for the Foundation Exam.That Foundation Exam is basedon the specification from EXIN.There are multiple service management,or I should say, multiple ISO 20000 courses out there, and,they all have a different flavor, so to speak.The ones that we've seen and the onesthat we have worked with specifically within EXIN,seems to have, in our mind,the nature of the information that you wantto walk away with as a practitioner,and being able to apply these conceptsto your own organization.
So by the end of the course, you will be preparedto take that Foundation Exam.Specifically for that exam, it is a multiple choice,very similar, if you've had that ITIL foundation.It is 40 questions, there is a single, one best answer.It is closed book, you have 60 minutes to complete it.You still have to score 65% or better, which is 26 or above.That successful completion allows you to go upinto the educational schema from EXIN,and the next step would be that Associate course.
Here is the schema from EXIN.It's very simple, very straightforward,and it's very practical.This is the only schema that we've seenthat demands the student demonstrate skillsas they go up into the more advanced classes.You'll be starting at that Foundation Course.It is basically, if you're doing this live,a two day course. the exam's atthe end of the day, of the second day.Successful candidates go up to the Associate.It's a full five day course, and you reallyget down into the processes themselves,learning exactly what they do, what they don't do.
And this is where the standard becomes very, very important,because we look at Part One, which isthat service management system requirements,and then Part Two, which really expandson those requirements to a level of detailthat makes deployment maybe a little bit clearer.From the Associate, you can then go to an Auditor course,which is a wonderful course that will allow you to becomean internal auditor for your organization for 20000.And it does bring up all the information abouthow to be an auditor, what's the characteristicsof an auditor, you know, what's the,the schema that you should be following.
From the Associate, you could also go up a levelto that Consultant/Manager level.The Consultant/Manager now is,you're a leader in your organization.And how am I gonna manage the deployment,or manage the improvement, or evenmanage the process of getting that organizationto achieve the 20000 Certificate?So here now, we would be overseeing the individualsas they learn and they grow within 20000.And the highest level is the Executive Consultant/Manager,and this is a wonderful course.
There's only three people in the globe who areaccredited to teach this course.I'm one of them, my partner,my colleague up in Canada, is the second.We teach this course together, and it'sa two part course that is actually a seminar,where you demonstrate your skill sets,and then you actually do a deploymentof a project under the supervisionof my colleague and myself.So it's about a six month spanbetween Course One and Course Two.
Absolutely lovely, you have to demonstrate skills.It's not just about knowledge, so,that's really a very fun course to teach.Now,across the sides here, to the Associate and the Foundation,you notice that there's two bridging entries.If you have ITIL courses under your belt,they will count,and move you through this schema a little bit quicker.So in other words, you could take a Bridge Associate class,which is only three days, you could takethe Foundation Bridge, which is only one day.
Iso 31000 Pdf Free Download
The exams are shorter, the requirements are less.Because we're recognizing that you've already achievedelements within service management.So, as you go through this,think about it, we'll come back to that Foundation Bridgeat the end of this course, when we talk abouthow to take that, the Foundation Exam.And we'll bring up some more informationabout the Foundation Bridge.So that's the certification scheme, andthat's what we're gonna be working forward.Our next module is gonna get right intothose core concepts of IT service management.
So, come back and join us for module number two.
Iso 20000 Pdf Free Download For Pc
4.1.1
Checklist Brief Description item no
Questions- (for initial level system implemented <1 year)
Audit methods and Expected evidences
4.1 Service Management system/Management Responsibility 101 Management commitment -Service Policy, scope
Has the management established a service policy and objectives?
102 Objectives for service management
Are objectives derived from the service policy?
103 communicating the importance of fulfilling service requirements
How well has the communication on service policy been done?
104 communicating the importance of fulfilling statutory and legal requirements 105 ensuring provision of resources
What are the means of communicating the regulatory and legal requirements ?
Look for the date of release of policy, authorisation, evidences of wide publicity Look for function/dept wise objectives. Check for a review that objectives are current and address the various elements of policy. Take the channels of communication (web site, notice boards) and look for the impact. You may ask 3 persons , preferably those who have joined recently and ascertain the reach of the communication same as above
106 conducting management reviews
4.1.2
107 Ensuring risks are assessed and managed 111 Establishment of service policy as per a to e
How does the top management provide adequate resources for the establishment of a service management system ? Have the management reviews been conducted as required by the manual? How well the process of risk assessment been deployed? Has the service policy been reviewed for adequacy? In what periodicity is it reviewed?
Check annual budget and the allocations made for improvements related to service delivery and customer satisfaction. check the Minutes of Meeting and the presence of top management among attendees. check for actions. Is there a risk assessment system for each service in place? Check with people how well they understand the policy and how they have internalised it in their functions.
ISO 200001:2011 Clause no 4.1.3
4.1.4
4.2
Checklist Brief Description item no
Questions- (for initial level system implemented <1 year)
Audit methods and Expected evidences
121 Defining authorities and responsibilities
Is the present organisation chart comprehensive enough to include all responsibilities as envisaged by the standard?
Select a few aspects of service management like Information security and check whether the roles have been clearly defined. Look for all locations and check for overlaps and gaps.
122 documented procedure for communication
Is a documented procedure for internal communication available?
Check for the instances in which the procedure has been deployed. Like appointment of MR or internal audit schedule.
131 Appointment of MR
Has the MR been appointed from the internal staff?
Look for the appointment letter and check whether the role is reporting is to the top management.
132 MR's work (see a to e)
Does MR have the required mandate to carry out his/her responsibilities as defined in the standard?
Take two or three areas from standard like a) planning of internal audits b) reports to top management on implementation of standard or c) the status of licenses for software products used as part of service delivery
133 Governance of processes under others ( see a to d)
How is the Governance process led by top management? Which are the internal groups and vendors who are covered by the Governance process currently?
Check that the a) service providers and vendor selection mechanism exists b) vendors have defined the service delivery processes c) accountability exists for processes. This has to overlap with cl no 7.2for external suppliers and 6.1 for internal groups.
ISO 200001:2011 Clause no 4.3.1
Checklist Brief Description item no
Questions- (for initial level system implemented <1 year)
Audit methods and Expected evidences
141 Establishing and maintaining documents
is there a master list of documents? Are the release of documents done after due approval? Is there a system for version control?
Check a few entries in master list verify with actual documents , and check a few documents and trace it to the master list for correct version.
4.3.2
151 Control of DocumentsProcedure
Is there a procedure for control of documents and is it followed?
Take some key documents like Service level agreements or service catalogues and check for all aspects of conformance to documents control procedure
4.3.3
161 Control of Recordsprocedure
Is there a procedure for control of records and is it followed?
Take some key records like back up records or audit reports and check for all aspects of conformance to procedure
4.4.1
171 Determination of resources and provision
How timely the resources are provided to enable the company to improve service management system and customer satisfaction?
Take a few resource requests from associates like requirement for software and check that they have been approved depending on priority. Note any case of customer dissatisfaction due to inadequacy in provision of resources.
4.4.2
181 Competency determination for personnel
Is there a process for determining the competency of existing people and providing the necessary training (or taking other actions) to improve them?
Check for 10% (20 which ever is lesser) of the key resources across functions that competencies are mapped and if there are gaps, actions are taken.
182 Training for people
is there a structured plan for training people and is it well deployed
Take the training plan/calendar and check for the successful completion of programmes, nominations
ISO 200001:2011 Clause no
4.5.1
Checklist Brief Description item no
Questions-( for initial level system implemented< 1 year)
Audit methods and Expected evidences
183 evaluation of effectiveness of training
How does the management evaluate the effectiveness of the training programmes ( or other actions taken)?
Take a few training programmes conducted recently and check for the evaluation of effectiveness. If the HR or L&D dept has any other actions like mentoring or on the job training intended to improve competencies those also are to be checked for effectiveness.
184 ensuring awareness of the service management
How does the management ensure that all the associates and service providers are aware of the Service management objectives and contribute to them?
Check with a few associates about their awareness of Service policy and objectives and about the understanding of their role in service management system.
185 Maintaining records
What are the records maintained to demonstrate the achievement of skills by training, education and other actions?
check the training records and also the updating of other personnel records for the competencies they had gained recently.
191 scope definition of SMS
Scope should cover location of customers , location wherefrom service is delivered and the technology used.
Check the scope for its comprehensiveness and for any change made recently.
ISO 200001:2011 Clause no 4.5.2
Checklist Brief Description item no
Questions- (for initial level system implemented <1 year)
Audit methods and Expected evidences
201
service management plan see a to l
In an organisation which is a captive IT dept their service Quality manual will be adequate as a service management plan but for IT organisations which are providing services to the world at large the service management plan is required to be existing.
4.5.3
211
Operation of SMS as per a to f
4.5.4.2
221
Internal audit
For the captive IT organisation, this is audited as a part of auditing other requirements of standard. For IT organisations which are providing services to market at large, how well these aspects a to f are understood from customers and customised? Are internal audits conducted as per plan?
For IT organisations which are providing services to market at large, look for key customers who account for significant revenue and check whether service management system has been customised (like in incident management) to suit their priorities. In the IT organisation which is providing services to market at large, look for key customers and check atleast two aspects from a to l (like limitations of meeting SLAs, risk management , technology in terms of customisation)
4.5.4.3
231
Management review
are management reviews conducted as per plan ?
4.5.5.2
241
Management of Improvements.
Is there a service improvement plan (or plans?)
Look for the internal audit schedules and check for competence of auditors, timely completion of audits and filing of reports. Look for action points in management reviews and check whether they are acted upon by attendees and others. Check whether the agenda is up to date. Check that the service improvement plans are updated with latest incidents or NCRs and other inputs for improving the service management system.
ISO 200001:2011 Clause no
Checklist Brief Description item no
Questions-( for initial level system implemented< 1 year)
Audit methods and Expected evidences
Take a service which is changed or a service which is new and check whether the planning activities are demonstrated. New means the service spec is different and change means that the scope is changed. Planning will be evident in a. timelines 2. Project plan. 3. Review meetings. 4. Team formation. 5. Finalising the requirements and validation criteria. Take any instance of removal of a service or transitioning to others and check whether the removal was done according to a plan.
5
Design and transition of new or changed services
5.2
301 Plan new services Introduction see a to j302 Plan for changed service introduction see a to j -make a demo plan
How the planning for introduction of a new service go on? how the planning has been done for changed service?
303 Plan for removal of service
How is the planning done for removal of service? Or incase of transitioning to other service providers?
ISO 200001:2011 Clause no 5.3
5.4
Checklist Brief Description item no
Questions-( for initial level system implemented< 1 year)
Audit methods and Expected evidences
311
Service specification apply a to k selectively
How is design and development of service carried out?
312
Service Delivery specification (apply a to k selectively)
313
Quality Control Specification
321
Transition of new/changed service
Design and development of service is seen as the preparation of service specs ie what customers can expect at their interfaces and service delivery specs ie what are the elements designed to be in place like the availability of server. Take any one new service and check how the service specs are developed . these include SLAs, response time for tickets , criticality of backups, BCP etc. Take the same two new services changed or new and check whether the service delivery specs which are consisting of those elements about which customer is not aware but at the same time are important for customer satisfaction. These could be people , IT infrastructure or communication link. Take any elements which are hardware or material which go to augment the service and check whether they are inspected . take any service and check whether the team verified the service with service spec and service delivery spec for a planned period and then released the service
How does the organisation verify the service before it is launched?
ISO 200001:2011 Clause no
Checklist Brief Description item no
Questions-( for initial level system implemented< 1 year)
Audit methods and Expected evidences
Check whether the catalogue is updated with the latest changes in service specifications
6
Service level management
6.1
401 Catalogue of services
Is the service catalogue available?
402 SLAs for each service 403 Reviews of SLAs with customer
Are SLAS documented for each service individually? Are these SLAs being reviewed with customer?
404 Trends of performances against targets
what are the trends ? are targets for the SLAs available?
405 causal analyses of non conformities
How instances of non conformities in meeting SLAs are dealt with?
406 Review of other groups' performances
How are other groups' performances reviewed?
411 Service report for each service
How does the IT report about the status of its service to the customers?
6.2
Check the tracking of SLAs. What is the frequency in which SLAs are reported ? Who in customer's side participates in the reviews? Take a few services and go through last six months trends check whether the trends have been analysed for instability. Check whether in instances of failure to meet SLAs causal analysis have been carried out. check whether the performance of other groups which contribute to the service are monitored regularly. In case of gaps, do the findings trigger some SIPs? Select two services and two months and go through to see whether the report contained all relevant information. Like backlogs, incidents, risks and workload changes. .
ISO 200001:2011 Clause no 6.3
Checklist Brief Description item no
6.3.1
421
6.3.2
6.3.3
6.4
Questions-( for initial level system implemented< 1 year)
Audit methods and Expected evidences
service continuity requirements
how has the IT team collected the requirements for service continuity?
422
service availability requirements
How has the IT team collected the requirements for service availability??
431
service continuity plan
what is the plan for service continuity and availability ?
432
service availability plan
Check for mission critical services how service continuity requirements have been collected. These include helpdesks, ticket resolution teams etc Check for mission critical and other projects how availability requirements for service components like data communication or mail servers are collected Check whether a BCP (business continuity plan ) is available which states the strategy in case of failures Check for BCP plan and check whether availability of link etc is available by providing redundancy.
441
service continuity testing and monitoring
How are the continuity plans getting tested?
442
service availability testing and monitoring
How are availability plans getting tested?
451
Procedures for budgeting and accounting
what are the procedures for cost accounting and monitoring budgets?
Service continuity and availability management
Check BCP drill schedule and how are they carried out in the last two months. Check whether reviews are taken after drills and whether the reports trigger SIPs Check whether redundancy has been tested in case of achieving 100% availability requirements. Check whether budget includes key aspects of service like renewal of license, payments to external service providers
ISO 200001:2011 Clause no 6.5
Checklist Brief Description item no
Questions-( for initial level system implemented< 1 year)
Audit methods and Expected evidences
461
Capacity management
How is the capacity being planned in advance?
6.6.1
471
Information security policy
Is there an information security policy?
472
Risk Management
Is the approach to security risk management defined ?
Look for capacity plan for the current year and take two aspects eg expected impact of revised SLAs and forecasted demand for services and check whether capacity plan addresses the same. Does the security policy address the concern of stakeholders and define a methodical approach? Has it been communicated to all? Look for risk registers for IT assets.
473
Physical security controls on premises
What are the physical security controls?
Take two areas like data centre and check whether physical security controls are complied with.
474
Security Objectives
Are these objectives for IT security?
Check whether IT security objectives are understood . Are they being communicated?
475
controls on external organisations
Are controls defined for external organisations who are involved in service delivery?
476
change request analysis
How are security risks analysed for changes proposed?
477
Incidents register
Is there a system for registering security incidents?
Choose one or two external organisations and look for agreements and implementation of IT security controls. Go through some change requests to check whether these changes have been evaluated from security point of view Check the incident register for security incidents and their resolution.
6.6.2
6.6.3
ISO Checklist Brief Description 20000- item no 1:2011 Clause 7 Relationship processes 7.1
7.2
Questions-( for initial level system implemented< 1 year)
Audit methods and Expected evidences
501 Account manager allocation list
Are designated account managers available for key customers?
502 Review of performance with customers
what is the system for performance review with customers?
503 complaint management process
How does the organisation manage its complaints? Is there a documented procedure? Is there an agreement with customer on what is a complaint?
511 List of account managers (supplier wise)
Are designated account managers for key suppliers available?
512 contract of service
Does organisation have a documented contract with each supplier?
513 relationship of lead to subcontracted suppliers
are the relationship between lead supplier and the sub supplier documented?
514 monitoring of the performance of suppliers
How does the organisation monitor the performance of suppliers? Is here a documented procedure for resolving disputes?
For key customers check whether an individual has been designated to ensure customer satisfaction. Is periodicity for reviews defined? Are the reviews taking place as per the defined periodicity? Check whether the complaints are recorded, investigated and acted upon. Check for two complaints the entire process up to closure. Check whether the complaints have triggered a SIP. Check whether the organisation as designated individuals who are responsible for managing relationship and contract with key suppliers.. Take two contracts and check whether important aspects (out of 7.2.a to l) like workload, SLAs, reporting etc are defined. Check whether the lead suppliers have sub contracts and in that case check whether the relationship is clearly defined like back to back SLAs. check whether the performance of suppliers is reviewed regularly. Check whether the results of reviews are getting recorded for SIPs
ISO 200001:2011 Clause 8
Checklist Brief Description item no
8.2
Audit methods and Expected evidences
Take a few service incidents and track as per the requirements a to g. check whether customers kept informed about the status of resolution of incident are major incidents reviewed and taken up for improvement through SIPs? Track two service requests whether they have been dealt with as per the procedure Problems are causes for major incidents or repeated minor incidents/chronic service requests. Check two of the above and look for a problem solving process in place to prevent their recurrence. Look for effectiveness by tracking the incidents post resolution. Look for KEDB. (Known error data base)
Resolution processes
8.1
8.1
Questions-( for initial level system implemented< 1 year)
Incident and service request management 601
procedure for dealing with service incidents
Is there a documented procedure for dealing with incident management ? Does it define major and minor service incidents?
602
Procedure for dealing with service requests
Is there a documented procedure for dealing with service request ?
611
Procedure for problem management
is there a documented procedure for resolution management?
ISO Checklist Brief Description 20000- item no 1:2011 Clause no 9 9.1
9.2
Control processes 701 Configuration management
Questions-( for initial level system implemented< 1 year)
Audit methods and Expected evidences
Is there a documented procedure for configuration management?
Check for list of CIs . Whether each CI is uniquely identified and recorded in a CMDB. Check whether the organisation is auditing the CMDB regularly. check traceability of CIs. Are master copies of CIs recorded in CMDB stored in secure physical environment? Are change requests handled according to procedure? Check whether the organisation has agreed about what is an emergency change with customer. Check whether the approved changes are developed and tested. Is schedule of changes available with dates for deployment? Are unsuccessful changes investigated? Do such investigations lead to SIPs? check whether the plan for new releases are done with agreement of customer. Check what constitutes an emergency release and whether they are handled according to the procedure. Check whether the lessons learnt from failures are documented and are taken up for service improvement .
702 Configuration management-CMDB
How are changes to CIs handled?
711 Change Managementchange requests 712 Emergency changes
is there a documented procedure for change management? How does the organisation handle emergency changes?
713 Change management Check whether the - Deploying the deployment of changes is changes taking place as per the procedure.
9.3
721 Release and Deployment Policy
Has the organisation formulated a release policy?
722 definition of emergency release
Is emergency release defined? Is there a documented procedure?
723 monitoring success and failure of release
How does the organisation monitor success or failure of its releases?
Abbreviations used in checklist:
1. 2. 3. 4. 5. 6. 7. 8.
CMDB Configuration management data base CI- Configuration item ISO – International organisation for standardisation MR- Management Representative SIP- Service Improvement plan. SLA- Service level agreement. SMS- Service Management system For all terms used, definitions are as per clause no 3 of the ISO 20000-1:2011 standard.
Notes: For information on conduct of Internal audits, Please refer to ISO 19011. The above checklist is intended only for organisations which are at the start of the journey of implementation. Hence, the auditors need to spend more time even in questions related to the documentation part of the system. As the organisations mature, such questions are not essential and instead auditor can spend more time in checking effectiveness. In checklist, time allocation is not given and it is expected that the auditors customise the checklist in terms of the time allocation for individual areas. Author Profile: C P Chandrasekaran is a practising Quality management consultant and an empanelled third party auditor for IT organisations. He has about 15 years experience in Quality system consulting and auditing. He lives in Pune, India and his email address is [email protected]