Happy Users. Happy IT Team. ISO20k.
When you look at IT support for an organization, you find a wide range of maturity. Working in GovCon over the years, I’ve found that internal IT gets less attention from the company than the paid projects that we do for clients. What’s the end result? Lower quality IT support that leads to an unhappy IT team and unsatisfied users across the organization.
Why does the IT team need to be happy? They work for a living and who said the job has to be fun, right? I’ve worked on service desks. Sometimes a call goes to voicemail because no one feels like answering it. It’s pretty easy to hide in the storage room when you’re looking for a replacement keyboard. It’s also easy to tell a user a patch is downloading for 4 hours… they have no idea if it’s a 5 minute download or not.
Now happy might be an overstatement. It’s important for the IT team to feel respected. It’s also important that every day doesn’t feel like a disorganized crisis response event. ISO20000 helps to make the IT service better for the everyone in the organization if it’s implemented correctly.
What does ISO20k do to benefit the IT organization?
There are numerous benefits of ISO20k for an organization. Those benefits depend on the particulars of the organization: the size, the complexity of the IT architecture, the construct of the IT team, etc. Generally speaking, the benefits include:
1.?????ITIL Alignment for Better Services. ISO20k has a lot of ITIL (a common best practice for IT Service Management) woven throughout the standard. Implementing IS20k means that the basic way the team delivers IT services is going to improve by using best practice ITIL concepts.
2.?????Continuous Improvement. IT, like any activity, only gets better with focused effort around improvement. These improvements, driven by ISO20k processes, make services better for the users and they also improve the work experience for IT staff. Automating processes means that someone can stop doing a manual, boring, repetitive task. Those are the kind of tasks that make you want to hide in the storage closet to avoid doing them.
3.?????Agreement on Scope. I used to get calls from a user who’d ask me to find clipart for their presentations. No one wants to do that. ISO20k helps you build a Service Catalog that shares the available services with the IT team and the users. That makes it easier to train your IT team because you’ve got a definitive list of what they need to know. It also helps users understand what they can ask for and what’s not the job of the IT team.
4.?????Performance Tracking. I’ve worked in IT organizations where we didn’t even track tickets. Metrics help you understand the workload of the IT team. They also show you areas that might require automation, investment, or better planning. Once you have a service catalog, you can more easily discuss metrics for the finite list of services available. ??
What are the main steps in implementing 20k?
First, you’ll author an IT Service Management Plan. This is the unifying document that talks about things like stakeholders, scope, and the overall context of the organization. This doesn’t have to be a massive document and doesn’t need to take that long. The first draft of the plan we use at Highlight took less than 5 hours to pull together. It has certainly been updated many times, but a ‘good enough’ draft gets you started.
Now the organization needs to cover 13 different topics that are required by the standard. Again, the motivation here is to start with ‘good enough’ and allow the continuous improvement mindset to increase maturity over time. At Highlight, our answer to each of these topics was about a page long and started with a very basic answer to the requirement.
The topics/process areas that must be addressed are (and these are a general summary, there’s certainly a little more detail in the standard):
·???????Service Level Management and Reporting – Metrics and how the IT team will report them. Service levels can begin with something simple like user satisfaction (from a simple automated email survey) and a ticket metric like response time.
领英推荐
·???????Information Security Management – This is basic cyber protection. The process can cover how the organization manages passwords and disposes of hardware while ensuring data has been wiped.
·???????Budgeting and Accounting for Services – Just explain how you budget for IT. In early maturity phases, that might be just the salaries of the IT team. Over time, it’s beneficial to forecast license renewals and hardware purchases. Buying one laptop a quarter doesn’t make a big dent but doing a 33% annual refresh for 1000 users becomes a big number. ?
·???????Problem Management – This says you should look at incident (help calls) periodically and see if there are trends. When the trends indicate a bigger issue (maybe you keep having user calls over broken monitors – you might need to replace them all) then you come up with a solution.
·???????Business Relationship Management – The name on this one is a little misleading. It asks you to think about what’s important to your users. As an example, the proposal team might treat SharePoint and Adobe as mission critical applications while finance would consider Excel and the accounting system to be mission critical. It’s possible that no one really uses the color printers. Those conversations illustrate requirements that should shape how you plan your services because you can all agree that printer tickets can wait longer than Adobe tickets.
·???????Supplier Management – You buy things. This process requires a little thinking about how you’d like to select and manage your suppliers.
·???????Incident and Service Management – Incidents (help it’s broken) and Service Requests (can you give me something I’m allowed to have) are different ticket types and it’s a best practice to document the steps in those workflows. Service requests are often easier and can be a good starting point for new IT staff while the troubleshooting required for incidents and be sent over to more experienced technicians.
·???????Configuration Management – How do we make sure we’re using the right version of software? How do we make sure we’re using the right model of hardware? This seems like common sense, but it will make the lives of the IT team so much easier. Non-standard components cause a ton of issues. The first time you build a piece of Ikea furniture takes twice as long as the second and third time. That holds true for working on a printer or application… the technicians work more efficiently on gear that they’ve fixed every day.
·???????Change Management – What kind of testing do we do before we make a major change in the IT environment? Who gets to approve what kind of change?
·???????Release Management – How do we test something before we put it into service and who approves that it’s ready to be deployed?
·???????Capacity Management – This saves money. How many user licenses do we need and how much cloud space? This is a helpful topic because you run out of capacity or can be paying for capacity you don’t need. The process here requires a periodic review of capacity and that can simply be looking at the user count and the licenses being used. It’s very common that the enterprise bills end up in finance and are just paid like any other bill if there isn’t a focused effort to scrutinize what’s being paid for versus what you need.
·???????Service Continuity and Availability Management – This area asks the organization what services are critical and how are you going to keep them working for users. Cloud providers and Software as a Service (SaaS) have made this a much easier conversation because you are generally buying highly available services. This will likely end up driving planning around cloud backups and review of the SLAs with the cloud providers.
Level of effort and next steps
The Service Management Plan, as a first draft, is a day or less. Each of the topics in the previous section can likely be completed in a two-hour working session. ?That adds up to a full week of time to architect ISO20k at the most basic level of maturity for the organization. ?At that point, if you already have ISO9000 active, you can reach out to your appraiser and schedule the external (certification) audits. If you don’t have ISO9000 active you’re going to have to do some other remedial work to create an internal audit program. That’s why most quality leads will recommend implementing ISO9000 as the foundation of the quality program for an organization.
The big point here is… it’s easy to start, but all you’ve done is start. ISO20k, like most of the quality best practice standards, creates the environment to continuously improve maturity. The best practices and thoughts help inform every conversation and plan about IT moving forward. The benefits come quickly… users will have a better experience and the IT team will have a better workday. The benefits continue over time.