|ISO 20000 Clauses|
|1||The first clause details the scope of the standard.|
There are no normative references, for example other additional requirements in other standards, that have to be considered. This clause is retained in order to maintain the same numbering as ISO/IEC 20000-2, guidance on the application of Service Management Systems.
|3||Terms and definitions
This clause provides an overview of the key terms and definitions detailed in the standard.
|4||Service management system general requirements
Clause 4 covers the general requirements of the IT Service Management System (ITSMS), management responsibility, documentation, resource management as well as putting PDCA into action.
Initially the clause focuses on management responsibility, who must commit to plan, establish, implement, operate, monitor, review and maintain the ITSMS and services. This ensures that the importance of the ITSMS and its role is communicated in the organization. Top management will define the scope and objectives of the system. They will develop and maintain the service management policy to ensure itís appropriate, meets the objectives and continually improves.
The clause moves on to look at processes operated by other parties and ensuring they are governed appropriately. Procedures that support the effective operation of your ITSMS need to be documented, maintained and controlled. Resources are key and you need to identify the human, technology, information and financial resources necessary to plan, implement and effectively manage your ITSMS overtime.
Finally the clause focuses on how you put PDCA into action
- Plan: Youíll start with developing a service management plan, which brings together a number of ITSMS requirements. It involves defining the scope of your system, including your ITSMS objectives, service requirements, measurement effectiveness and contractual obligations and regulatory requirements.
- Do: Your attention moves onto how to implement and operate your system and provide services as defined in your plan. This will include activities such as budgeting, risk and resource management, assigning roles and responsibilities, and monitoring and reporting on performance.
- Check: You now need to monitor, measure, and review your system against your objectives, as agreed in the initial plan. An internal audit programme needs to be carried out, as well as management reviews. Both of these must be performed at planned intervals and the findings will need to be retained as documented information.
- Act: To maintain and improve the system, youíll develop a policy that provides criteria to evaluate and prioritize opportunities for improvement. A procedure to outline responsibilities and actions for implementing and managing improvements is also required. Approved improvements shall be planned and reviewed against targets.
|5||Design and transition new or changed services
This clause focuses on identifying and evaluating the requirements for new or changed services, and where appropriate youíll design and transition the approved services.
- Youíll need to involve and regularly communicate with interested parties who contribute to these services throughout the process.
- All approved new services must be tested before you put the service live using the release and deployment management service.
|6||Service delivery processes
- Firstly, you need to put in place service delivery agreements so that the service requirements of the customer or internal team are clear and the best service can be delivered.
- Next, you need to put service reporting in place so the performance of your service delivery can be reviewed against agreed targets and you can identify nonconformities or opportunities for improvement. This clause also identifies the importance of having continuity and availability of your services for both you and your customers.
- You need to assess the risks associated with the services not being available and identify your customersí requirements. Youíll need to develop and test a plan that outlines availability requirements and procedures for getting the service back up and running.
- Youíll also need to have effective forecasting, budgeting and financial control over service delivery costs, as well as develop and maintain a capacity management plan to ensure you meet service requirements.
- Finally, you need to ensure an information security policy and controls are in place. ISO/IEC 27000 family of standards can provide further guidance in this area.
This clause focuses on building business relationships to support the operation of your ITSMS.
- Youíll need to identify the different requirements for customers, users and interested parties and regularly review your performance to ensure your service effectively delivers.
- Youíll also need to develop a documented contract with any suppliers delivering parts of your service management. This will ensure there is clarity between you and the supplier on the service delivered and allow you to review performance against agreed targets.
This clause is all about setting up and training relevant employees on the procedure to deal with incident and service requests.
- Youíll identify with the customer what is classified as a major incident and ensure top management are engaged when these occur so they can be resolved and reviewed.
- To help reduce problems, incidents and potential impact, a documented procedure must also be produced for managing problems. This means you focus on any root causes and preventive actions that can be put in place.
This clause is all about makings sure there is appropriate control for your ITSMS.
- Youíll need to develop and maintain a configuration management database, a change management policy and a release policy to help control your ITSMS.
- Documentation must be developed and maintained to track any changes and all control processes must be reviewed at planned intervals to ensure they are efficient and allow you to identify opportunities for improvement.