LEARNING ACTIVITY

Strategic Information system



Strategic Information system

ITIL and ISO 20000

The ITIL is not a standard and has no auditing criteria. Some chose CobiT for audits, but CobiT isn't a standard either. The British Standards Institute (BSI) created British Standard BS 15000 as an audit standard, but it wasn't an international standard (Fitzsimmons, 2005 ). However, BS 15000 delivered specifications for managing IT, implementing the ITIL, established audit criteria and corporate-level certification.

Used in the UK, BS 15000 had slow adoption elsewhere in the world. Then BSI submitted BS 15000 to the International Standards Organization (ISO) and ISO released it as ISO 20000 in December of 2005. For the first time, IT now had an international standard for auditing and certifying IT.

ISO 20000 is an industry standard like ISO 9000/9001, and like ISO 9000/9001, ISO 20000 offers organizational certification — this means that some very major changes are coming to an IT shop near you, and soon! Following is an explanation of ISO 20000, and how it relies upon the ITIL (Reuther Dirk, 2008 ).

The ITIL offers certifications for individuals; ISO 20000 is an organizational certification with international recognition. This removes one of the toughest problems we face in IT today -- management commitment. Every senior manager in an ISO 9000 certified company knows the benefits that came from gaining that status (Fisher, 2006 ). With ISO 20000, it will now be far easier to gain mind share among senior management -- a key benefit for those implementing or planning to adopt the ITIL.

ISO 20000 is really two specifications, ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005, I will refer to them as ISO 20000-1 and 20000-2. * ISO 20000-1 is the specification for Service Management. It defines the processes and provides assessment criteria and recommendations for those responsible for IT Service Management. Organizational certification uses this section.

* ISO 20000-2 documents a “code of practice” that explains how manage IT with regard to ISO 20000-1 audits.

Both ISO 20000-1 and ISO 20000-2 derive directly from the ITIL best practice. ISO 20000 groups the ITIL processes we all know into five core bundles:

1. Service Delivery Processes -- Service Level Management, Availability Management, Capacity Management, Continuity Management, and Budgeting and Accounting for IT Services (Financial Management) along with Information Security Management and Service reporting

2. Relationship Processes -- Business Relationship Management and Supplier Management

3. Resolution Processes -- Incident Management and Problem Management

4. Control Processes -- Configuration Management and Change Management

5. Release Process -- Release Management

As the industry recognizes the value of ISO 20000, more and more companies will require their partners and vendors to reach ISO 20000 certification -- just as they did for ISO 9000/9001. If your organization is already ISO 9000/9001 certified, you will have a much easier time gaining and maintaining management commitment for your ITIL implementation! In addition, if you are already implementing or adopting ITIL, there is now an organizational certification (Cater-Steel 2007).

ISO 20000 certification is already becoming a requirement, so you should ...