Upload
felicia-moody
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Introduction
Law regulation from the National bank of the Republic of Macedonia
ISO 20000:2005 standard requirements
Practical experience from implementation of ISO 20000:2005
19.04.23 2
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
First worldwide standard specifically aimed at IT Service ManagementDescribes processes for delivery of services
Aligned with and complementary to the process approach defined within ITIL
ISO/IEC 20000 consists of two parts: ISO/IEC 20000-1, the formal Specification ISO/IEC 20000-2, the Code of Practice
Formerly British Standard 15000, adopted by ISO in December, 2005
19.04.23 4
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Introduction and overview
Scope, terms and definitions
Requirements for a management system
Planning and implementing ITSM
Planning and implementing new or changed IT services
Process groupings19.04.23 6
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
19.04.23 7
Control processesConfiguration management
Change management
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
DECISION on the bank's information system security ("Official Gazette of the Republic of Macedonia" No. 31/2008)
DECISION on amending the Decision on the bank's information system security ("Official Gazette of RM" No. 78/08)
DECISION on amending the Decision on the bank's information system security ("Official Gazette of RM" No. 31/2009)
19.04.23 9
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Outsourcing company of the bank with main activity of managing data processing system and which based on written agreement manages and stores bank data while performing bank or financial activities.
The outsourcing company shall obligatorily be certified in accordance with the international standard ISO/IEC 20000.
19.04.23 10
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
To provide a management system, including polices
and a framework to enable the effective management
and implementation of all IT services
19.04.23 12
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
PoliciesService management and improvement
policy, Budgeting and accounting policy, Release policy etc.
PlansService management plan, Service
improvement plan, Capacity plan etc.
Processes Improvement process, supplier
management process, Change management process etc.
19.04.23 13
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
ProceduresDocument control, Incident management,
Problem management etc.
RecordsService level agreements, Management
review report, Proposal for new or changed services, Risk Assessments, Configuration management database (CMDB)etc.
19.04.23 14
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Implemented QMS based on ISO 9001:2000
Implemented ISMS based on ISO 27001:2005
Implementing ITSMS based on ISO 20000:2005 The Scope of the IT Service Management
System are all the services that the organization provides for its customers and for the internal users.
ITSMS Framework + ITSM processes
Connections and overlaps between the management systems
19.04.23 16
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
ISO/IEC 20000-1:2005ISO
9001:2008
ISO/IEC
27001:20051 Scope 1 12 Terms & definitions 3 33 Requirements for a management system
4 4, A.6.1
4 Planning and implementing service management
7.1 A.6
5 Planning and implementing new or changed services
7.2 A.10.3, A.12.1
6 Service delivery process 7.27 Relationship processes 7.2.3/4.1 4.1, 4.2, A.10.88 Resolution processes 8.5 A.10.109 Control processes 7.5.1 A.12.210 Release management 7.3
19.04.23 17
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
1. Introduction2. Service Management and Improvement
Policy3. IT Service Management System Overview4. Management Responsibility5. Organization for Service Management6. ITSMS Documentation7. Services overview8. Planning and implementing service
management9. Planning and implementing new or
changed services10. Service Management Process Model
19.04.23 18
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Defined 13 processes based on ISO 20000:2005 standardService Improvement Planning and implementing new or changed
servicesService level management and reportingService continuity and availability
managementBudgeting and accounting for IT servicesCapacity managementBusiness Relationship management Supplier management Incident management Problem management Configuration management Change management Release management
19.04.23 19
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Service Level ManagementISO20000-1:2005 ref. number: 6.1
Service Level Management GoalTo maintain and improve IT Service
quality, through a constant cycle of agreeing, monitoring and reporting upon IT Service Achievements.
Service Level Management objectiveTo define, agree, record and manage levels
of service
19.04.23 20
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
List of all services IT provides to Customers
Provides a clear explanation of the services, Customers/Users, descriptions and costs
Essential to any service provider business in order to define products and services
Managed and updated by the Business Development Department
19.04.23 22
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Separate catalogs for services provided to clients and internal services
Each service separately described through the following information: Service name, Status of service, Description
of service, Standard and additional service features, Frequency of service delivery, Service availability, Client technical requirements for using the service, Service support (description and hours), Service owner, Standard and additional Tariff costs, Service delivery level
19.04.23 23
If you
don
’t wan
t to h
elp
you
rself, n
o o
ne c
an
Services included/excluded Service hours Availability / Reliability targets Throughput, transaction response times,
batch turnaround times Support arrangements / targets Change targets Security Plan IT Service Continuity Plan Service costs and charges Reviews and reporting Penalties and Incentives
19.04.23 24