In April 2011 the long-awaited revision to ISO/IEC 20000 Part 1 was released. It has better alignment with ITIL V3 and ISO9001 and many areas have been clarified and additional definitions added, which is great. But it’s also harder to achieve; with roughly sixty percent more “shalls” than the 2005 version.
So here at CertiKit we’re going to give you our top 10 ways to get to certification to ISO/IEC 20000 as fast and cost-effectively as possible. Some of what we’re about to say is controversial and we don’t pretend it applies in all circumstances and to all organisations. But if you’ve been told by senior management or your customer that you need to “get certified – now!” then we hope these tips will come in useful to you.
Here we go….
This is probably the biggest single source of confusion and misunderstanding around the ISO/IEC 20000 standard. You will often hear that an organisation “has ISO/IEC 20000”. What is not usually mentioned is exactly what they have it for, leading to the often incorrect assumption that it must be everything. There is a whole extra part of the standard dealing with this question but in essence you can choose the scope of your certification by service, by geography or by business area. The smaller the scope, generally the less work involved so adjust your scope according to how quickly you want to be certified. A single service to a single customer at a single location is perfectly acceptable and scoping small will allow you to learn the lessons early and apply them when you gradually widen the scope post-certification. Small is beautiful.
Leading on from your scoping, make life easy for yourself and choose a business unit or customer that is already friendly to the IT service provider and open to participating in the various activities you will need to start doing such as SLA negotiation, reporting and service review meetings. They will then also be your best supporter when widening the scope to less friendly parts of the organisation or customer base.
You will learn lessons in the early days and possibly make some mistakes and it’s best to do this in a positive and co-operative environment.
Now, you will need an external auditor to get the certification and auditors aren’t allowed to do consultancy. But they can do reviews to tell you how far they think you are from achieving the standard. You could do such a gap analysis yourself or you could get a consultant to do it for you, but the advantage of getting the auditor to do it is that a) you will get his/her interpretation of the requirements and b) he/she will get to know you, both of which help when the certification audit day comes along.
Talk to your chosen auditor (Registered Certification Body, RCB) to see if they offer this service.
As we said, the point here is to get certified and to do that, you need to meet all the requirements in Part 1 of the standard. But no more. Yes, there are benefits to be had in going further but leave those until after you have been certified. They will kick in under continual service improvement anyway and so will represent great evidence at your first surveillance audit a year later. Don’t try to perfect one area before moving on to the next; once you have met the standard, move on. There are some areas of the standard that require meetings and reviews to happen “at planned intervals”. Resist the temptation to make them too often as they can be quite time-consuming. In many cases annual reviews meet the standard without making a rod for your own back.
It’s been said many times before that the best people to achieve change are the people that actually do the job and that’s still as true today as it ever was. Make sure everyone has a copy of the sections of the standard that are relevant to their job and that they understand the urgency. Get them involved in the process definition workshops and delegate as much of the work as possible in their area to them. Biggest challenge here of course is that they have the day job too and there are no easy answers to that; it comes back to our old friend “management commitment”.
If you decide to swap out your existing service desk system for something else, be very very sure that it’s necessary. Nothing delays certification quite like a lengthy software implementation (and they always take longer than you think). Ok, if your current tool simply doesn’t provide the functionality then you may be forced to, but often this perception is down to a lack of understanding of the tool rather than a lack of modules. Invest in a training course or a day out to read the manuals and click on things you’ve never clicked on before rather than reaching for your cheque book.
We’ve already suggested keeping your current service desk system, but there are some other areas in which the right tool will save you heaps of time and address the key parts of a process at a stroke. The best example is probably a network monitoring tool which will not only tell you if something goes down but will also collect your availability stats and monitor and report on your performance and capacity data too. Relatively cheap and easy to set up also.
As part of your preparations you will need to create a significant number of policies, processes and procedures and if you do this from scratch it will take a long time. The CertiKit ISO/IEC 20000 toolkit will save you a lot of effort and guide you through the process without having to re-invent the wheel. Re-use is king.
The usual reaction to training is to send everyone on a 3 day foundation course leading to a qualification for the individual. This is fine, but not everyone needs it or even wants it. ISO/IEC 20000 does not require individuals to have specific qualifications for the organisation to be certified and you may be better to provide shorter, in-house courses focussed on job roles instead, or combination training/workshop events where teaching is mixed with process definition.
If ISO/IEC 20000 is all new to you, you may need some outside help. Pick and choose the points at which you use consultants carefully. Your aim should be to maximise the benefit you get from each consultancy day and keep them busy from the time they arrive to the time they leave. If you can, do it yourself but if you get to a point where you’re not sure what to do next or how to do it, that’s when a consultant earns his keep.
ISO/IEC 20000 has the potential to raise the standard of IT service management worldwide, but only if it is considered useful and attainable. We hope these 10 tips will go a little way to helping you to achieve the standard quickly and effectively and provide real benefits for your organisation and its customers.