Improving your business processes? You need ISO/IEC20000

A business process improvement exercise is incomplete if IT processes are not considered simultaneously.

IT is more than a supporting function, it provides the backbone that allows the business to function. Efficiency gained in optimizing business processes are quickly negated if the IT department cannot provide seamless, integrated and proactive services that keep business systems operating optimally. How this can be done is not a mystery. ITIL is the framework that IT professionals have been trusting for well over 2 decades to ensure that they are able to rise to the conflicting challenges of business growth demanding greater maturity in IT capability while keeping IT costs in check; responding to a high rate of technological change and the need to be reliable and predictable; the need to keep existing systems maintained day on day vs. the business reliance on IT innovation in order to remain relevant in a changing market place.

Using an international standard shows your stakeholders that you are serious about the way that you handle your greatest business asset – your Information. A measurable benchmark of compliance with an international standard provides local and international clients, investors, partners and suppliers with a real reason to believe that you are able to deliver on customer service promises.

ITIL tackles how best to manage the four “P’s” that ensure a solid IT service management foundation, namely, people, process, products and partners. ISO/IEC 20000 is the international standard to benchmark capability across the ITIL process domains. The approach and guidance provided by the suite of ISO/IEC20000 documents provide the know-how and clearly defined requirements that allow an organisation to adopt a coordinated approach to managing IT across all technology silos. It is a tried and tested formula for success.

ISO/IEC20000 provides a “checklist” of the key elements that need to be implemented in order to create a set of integrated, complementary ITIL processes, with the added ISO maturity of a Service Management System (SMS). This is a similar concept to the Quality Management System of ISO9000; it provides a “self-cleaning” engine at the heart of your IT department and ensures that Continual Improvement is embedded in how things are done, rather than an added on afterthought.

The importance of a functional SMS cannot be overstated. The investment of revamping IT processes and procedures will not deliver long term benefits if you find you have to start again every few years. Increasingly complex system integration, IT staff attrition and constantly changing business systems will quickly unravel any well designed processes unless there is an integral way of maintaining them.

No IT department does everything very well, but it is important that all the basics are in place and understood in order to avoid unidentified risk to the business.

ISO/IEC20000 does not prescribe how you implement the necessary procedures and controls. It allows you to focus on getting a foundation capability in place across all of the ITIL process areas. Your organisational culture and current IT maturity will determine how well each area is implemented, and which areas you focus on next.

The continual improvement element of the SMS ensures that the right areas are matured so that business and customer needs are satisfied without undue cost or risk. The SMS approach also allows IT to pivot when business demands change without losing quality of service. It doesn’t matter whether you run the business from spreadsheets with a small IT Operations team or whether you have an Enterprise ERP automating your back office with a complex outsourcing model for managing IT resources, the IT capabilities remain the same. Companies that are growing or shrinking need IT to be able to scale accordingly, but the base IT services need to continue to operate at full capability during transition periods.

About ISO/IEC 20000-1

The processes in ISO/IEC 20000-1 include:

• Management responsibility
• Governance of processes operated by other parties
• Documentation management
• Resource management
• Establish and improve the SMS
• Design and transition of new or changed services
• Service level management
• Service reporting
• Service continuity and availability management
• Budgeting and accounting for services
• Capacity management
• Information security management
• Business relationship management
• Supplier management
• Incident and service request management
• Problem management
• Configuration management
• Change management
• Release and deployment management

An ISO/IEC20000 certification is typically provided through independent assessment by an independent party (i.e. third party certification) or may be provided by self-declaration. Self-declaration should be considered where the ‘customers’ are ‘internal’ and it is sufficient to demonstrate to internal stakeholders such as GRC or the Risk and Audit Committee, that IT best practices have been adopted (For a reference to self-certification, refer to ISO/IEC 17050-1,2).