How to build assurance into IT services
Not satisfied with just achieving certification to ISO 9001, this IT Services company is certified to
- Quality – ISO 9001
- Information Security – ISO 27001
- Service Management – ISO 20000
- Environmental Management – ISO 14001
- Secure shredding standards
As a Quality Manager with responsibility for looking after the Management System, Damian highlights in the ISO Show Podcast this week:-
- Benefits ISO 9001 – Some people struggle with the term ;Quality’ and prefer ‘Customer’ requirements
- How standards are used to run an IT business
- How to focus on what is important and not using standards as a ‘tick-box’ exercise
- How ISO Standards can be used as a great communication tool – making everything transparent and not hidden form employees.
- Approaches to Leadership commitment at XFM – How the ‘Big conversation’ provides areas for employees to focus on (objectives) and provide an update on changes.
- As an employer of 500 people, how an IT firm reduces its environmental impact through an Environmental Management System (ISO 14001).
- How the Service Management Team have embraced high standards by introducing ISO 20000 and how this compares with the other ISO’s
- Two top tips for overcoming challenges – Focus on communication and Top Management commitment.
To find out more about XMA, visit their Website.
If you would like to find out more about ISO 20000, we have a free webinar available to watch on demand.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
- Also available on Spotify and YouTube
This is the second of a series of blogs, relating to Clause 8 of the new ISO 20000-1:2018, designed to unpack the requirements of the standard and remove that air of mystery that can so often form around standards. This week we’ll continue to look at clause 8.2 of the standard.
Service catalogue management
The Service Catalogue is often undervalued in service management systems, but it has a critical part to play in communicating to customers exactly what you can provide, and, above all, it should be used by Sales when selling services to a customer. If anyone sells anything that is not in the catalogue it is not the responsibility of your organisation to bend your processes to meet that service agreement. First, Sales should go back to the customer and advise them that the service cannot be delivered and second, the proposal put forward by Sales could be passed through the Design, Build and Transition process to produce a new service.
Sometimes it helps to see that Service Catalogue as something like an ‘Argos’ catalogue where all the wares for sale are recorded, but the customer doesn’t have to buy everything; they may choose to just by Incident Management or Service Request Management, but the catalogue will show them clearly how they might develop that service in the future.
The catalogue does not have to have the service prices printed in it as this will be part of the Sales discussion. One way of making the catalogue available to all interested parties is to put in on the company website or in a ‘customers only’ area of the website.
Don’t look at Asset Management as purely being related to customer assets as the standard clearly states that ‘the organization shall ensure that assets used to deliver services are managed…’ So, a good asset management system can help here (if you are certified to ISO55001, much of the work will have been completed). What are the assets that should be considered?
– Service Desk tools (Service Now etc)
– Vehicles to get engineers and equipment to a customer site
– IT equipment
This isn’t by any means an exhaustive list but just listing 4 items can show how broad this small clause can be. But don’t run away with the idea that you need to create a new job role to manage assets, instead look for where these are managed naturally in the business; staff by HR; Vehicles by facilities; Service Desk tools and IT equipment by the IT department; Spares by Procurement and Logistics. All these teams might be providing reports to the Service Delivery Manager/Director about the availability of the assets in their control.
Focus on Customer Assets takes place here. First, we need to understand what is meant by a Configuration Item (CI) – a CI is an asset that makes up part of the service.
The service itself could be a Configuration Item and all the assets used to deliver that service could all be classed as configuration items; but the main point of configuration management is to ensure that your organisation only services equipment under contract.
For every service established it is key to understand the exact equipment to be serviced; this can be determined through Model Numbers, Serial Numbers and or Asset Numbers (see below). This will enable the Service Desk staff to know what equipment is under contract and which equipment should be subject to a Service Charge. Without this you will end up servicing equipment that is not under contract
The standard is quite specific about what information should be recorded for each Configuration Item:
– Unique identification (serial number, asset number)
– Type of CI (the item or model number)
– Description of the CI (detailed description of the item)
– Relationship with other CIs (does this CI have any dependencies on or for other items; if changes are made will other CIs be affected?)
– Status (is the CI still live or obsoleted in the service contract).
A configuration management list will be produced for each customer, but it is important that the list is reviewed at planned intervals (add this to the audit schedule) and audited to ensure that changes to the configuration estate have been captured. It is useful to ensure that a step in the Change Management process includes a review of the customer’s configuration list.
Need assistance with ISO 20000-1? We’d be happy to help, simply contact us at: email@example.com
This is the first of a series of blogs, relating to Clause 8 of the new ISO 20000-1:2018, designed to unpack the requirements of the standard and remove that air of mystery that can so often form around standards.
8.1 Operational Planning and Control
Clause 8.1 of the standard relates to Operational planning and control. At first glance, it appears to be a copy of the requirements of ISO 9001:2015, but further reading shows that it is different.
If you are setting up your Service Management System in the order that the standard has been written, you will have arrived at clause 8 of the standard with risks, opportunities and objectives that need to be considered when establishing the Service Management System. Without this knowledge to hand you could develop and management system that does not address these risks and opportunities or enables the setting objectives.
The standard requires us to ‘establish performance criteria for the processes based on requirements’ or, in other words, what performance measures are needed to determine the effectiveness of processes in the service management system. These might include, performance against targets; numbers of incidents and problems; lost and gained services; volumes against Supply and Demand; Security breaches; customer satisfaction and complaints… plus much more. These measures must be appropriate to each individual business; don’t measure and monitor things that do not bring service improvement or customer satisfaction.
Once you understand the measurement criteria you can begin to build the Service Management system to meet these requirements; ‘implementing control of the processes in accordance with established performance criteria’, performance criteria communicated through SLAs, OLAs and KPIs.
A good management system doesn’t stop there as it will have determined what documented information needs to be kept, to demonstrate achievement of measures and compliance to the standard.
The control of planned changes and the review of the consequences of unintended changes leaves many with a challenge. We all understand planned changes, especially if we have an effective Change Management Process in place which will naturally control planned changes. However, the consequences of unintended change are a little vaguer, probably because it covers a broad subject; so, let’s unpack this further.
Unintended change might result from process creep where a process has been developed and moved away from its agreed path, without consultation with other departments that might be affected, and the consequence is the unintended change brought upon other processes which rely on the initial process that has been changed.
Other areas where the consequences of unintended change may be found are related to impacts of Incidents; Problems and Non-conformities where the errors have repercussions that are either unexpected or unintended and need further attention.
Another example in relation to this standard is ‘service creep’ where items of equipment owned by a customer and outside the contracted service agreement are swallowed up in the service contract because of poor asset management and configuration management, and you are effectively end up servicing equipment for free.
If these types of things occur it is important that the actions are investigated through to the root cause level to prevent their recurrence.
The final line ins 8.1 is about outsourced processes – one line that is very important to ensure compliance to the standard. In this standard, if any process is outsourced to a third party the organisation has a responsibility to ensure that the outsourced process is effective through setting appropriate SLAs or OLAs; and agreed service review meetings should be set up.
By implementing the rest of clause 8 of this standard then compliance to 8.1 will be achieved naturally.
ISO20000-1:2018 – International Standard’s best-kept secret.
The ISO 20000-1 IT service management standard is often overlooked by organisations and has become the ‘best kept secret’
in the world of management system certification. This is now set to change with ISO20000-1:2018 being welcomed into the fold of the High-Level Standard (HLS) framework.
Whether your service is IT, Transport, providing Health-Related Day Care services, or any kind if Service Management that involves service planning and helpdesk activities, ISO20000-1 is the ideal tool for helping your organisation to establish the systems and processes necessary for achieving improved service planning and implementation, cost-effective delivery of service and customer satisfaction through continual improvement. Furthermore, ISO20000-1 lends itself to enhancing other standards such as ISO9001:2015; ISO27001:2013 and can be supported by ISO22301:2012.
This webinar was held on the 15th of November and covers the following:-
- What is ISO 20000-1:2018?
- Who should implement ISO20000-1?
- What’s the difference between the 2011 and 2018 standards?
- What are the benefits of ISO 20000-1:2018?
- How ISO20000-1:2018 can enhance existing ISO certifications
- How Blackmores can help you to achieve ISO 20000-1 certification
Need assistance with ISO 20000-1? Contact us on: firstname.lastname@example.org
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our isologist consultants or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
What our clients have to say
The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.
“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”
“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year. We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”
“We have been extremely impressed with the service and support provided by Blackmores. There knowledge and assistance through out our ISO journey has been amazing!”
“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”
“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.