ISO20000 is the international standard for implementing an IT Service Management System. First revised in 2011, and then recently in 2018, ISO20000 specifies the requirements that your Service Management System will need to meet in order for your organization to become certified to the standard.
At CertiKit, we know how daunting complying to standards can be if you’re not in the know, which is why we’ve put together these ten tips from our expert consultants, to help make your compliance journey as seamless as possible.
This is probably the biggest single source of confusion around the ISO20000 standard. You will often hear that an organization “has ISO20000”. What is not usually mentioned is exactly what they have it for, leading to the often incorrect assumption that it must be for everything.
You can choose the scope of your certification by service, by geography or by business area. The smaller the scope, generally the less work involved so you can adjust your scope according to how quickly you want to be certified. A single service to a single customer at a single location is perfectly acceptable and scoping small will allow you to learn the lessons early and apply them when you gradually widen the scope post-certification.
Leading on from your scoping, make life easy for yourself and choose a business area that is already friendly to the IT service provider and open to participating in the various activities you will need to start doing such as SLA negotiation, reporting and service review meetings. You will learn lessons in the early days and possibly make some mistakes, so it’s best to do this in a positive and co-operative environment.
Your external auditor for certification isn’t allowed to do consultancy, but they can do reviews to tell you how far they think you are from achieving the standard. You can complete a gap analysis yourself, but the advantage of getting the auditor to do it is that a) you will get his/her interpretation of the requirements and b) he/she will get to know you, both of which help when the certification audit day comes along.
Talk to your chosen auditor to see if they offer this service.
As we said, the point here is to get certified and to do that, you need to meet all the requirements in Part 1 of the standard. But no more. Yes, there are benefits of going into more details, but we’d recommend leaving those until after certification. They can be completed during continual service improvement and will represent great evidence at your first surveillance audit a year later.
Don’t try to perfect one area before moving on to the next; once you have met the standard, move on. There are some areas of the standard that require meetings and reviews to happen “at planned intervals”. Resist the temptation to make them too often as they can be quite time-consuming. In many cases annual reviews meet the standard without taking on too much work.
It’s been said many times before that the best people to achieve change are the people that actually do the job. Make sure everyone has a copy of the sections of the standard that are relevant to their job and they understand what is required of them and by when. Get them involved in the process definition workshops and delegate as much of the work as possible in their area to them. The biggest challenge here being they have the day job too, so be aware of this when setting deadlines.
If you decide to swap out your existing service desk system for something else, be completely sure that it’s necessary. Nothing delays certification quite like a lengthy software implementation (and they always take longer than you think). If your current tool simply doesn’t provide the functionality then you may be forced to, but often this perception is down to a lack of understanding of the tool rather than a lack of modules. Invest in a training course or a day out to read the manuals and become fully familiar with the software before deciding on a new tool.
We’ve already suggested keeping your current service desk system, but there are some other areas in which the right tool will save time and address the key parts of a process easily. The best example is probably a network monitoring tool which will not only tell you if something goes down but will also collect your availability stats to report on your performance and capacity data too. This tool isn’t a big investment in set-up time, or financially.
ISO standards rely on evidence as part of the certification process. As part of your preparations you will need to create a significant number of policies, processes and procedures, and if you do this from scratch it will take a long time. The CertiKit ISO20000 toolkit will save you a lot of time and effort, whilst guiding you through the process without having to re-invent the wheel.
Implementing ISO20000 does not require individuals to have specific qualifications for the organisation to be certified. Instead of certifying certain team members, it may be better to provide in-house courses focussed on job roles, or training/workshop events where teaching is mixed with process definition. This will ensure all relevant parties are on-board and have the right knowledge.
If implementing ISO20000 is all new to you, and you’re not using a toolkit, you may need some outside help. Pick and choose the points at which you use consultants carefully. Your aim should be to maximise the benefit you get from each consultancy day and keep them busy from the time they arrive to the time they leave. If you get to a point where you’re not sure what to do next or how to do it, that’s when a consultant can be useful.
Implementing ISO20000 has the potential to raise the standard of IT service management worldwide, but only if it is considered useful and attainable. We hope these ten tips will go a little way to helping you to comply to the standard quickly and effectively.
For more guidance on implementing the ISO20000:2018 standard, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.