Skip to content
SM Tutorials & Certification

Managed Services Based on ISO 20000

Managed Services allows customers receive value from a service provider, also knows as a managed services provider (MSP). ISO 20000 is the international standard for service providers, no matter if they are internal or outsourced.

This article will introduce some key concepts of IT service management prior to introduce the new version of ISO / IEC 20000-1:2011 (Part II) and Design and development of new or changed services managing as a project (Part III). I will also cover the requirements of Part I of the standard referring especially to points 4, 6, 7, 8 and 9. Additionally includes ITSM best practices that can serve as support to meet these requirements.

It can be also helpful to those who are now in the process of re-certification to the new version or want to implement a Service Management System (SMS) based on the 2011 version of the standard.

What’s a Managed Service?

A managed service is the added value of a service to a client, is to facilitate the achievement of its results without assuming specific costs or risks.

What’s an IT Service?

A IT Service is based on the use of Information Technology to meet the needs of the user or project.

A IT service consists of a combination of people, process and technology and its scope should be defined in Service Level Agreement ( SLA ).

Many organizations in the crisis are opening new strategic markets, which makes it necessary that adequate overall management of the services that will maintain control and coordination with the teams involved.

In addition to the current scenario, organizations need to be as competitive as possible and for this they need support with appropriate management of IT, and that will enable the services improvement in a timely and cost-effective manner.

What’s a Service Management System?

Implement a Service Management System will enable the organization to move in that line , defining the policies, objectives , plans and processes to meet service requirements . Just as work activities necessary for an organization to make an efficient implementation and subsequent management of IT services.

There are several service management frameworks such as ISO 9001 family, ISO / IEC 27000, ITIL , COBIT , Six Sigma , CMMI for Services , Green IT , Cloud , Tmap NEXT, however in this article we will focus on the ISO / IEC 20000, and the highlights of the new version 2011 .

Why ISO/IEC 20000 for Managed Services?

ISO / IEC 20000 is a global standard that describes the implementation of an integrated process approach to delivering IT services by providing the following benefits:

  • Define the requirements for Service Providers.
  • Create a basis terminology for IT Service Management.
  • Ensures consistency in supply chain approach.
  • As benchmarking services Management.
  • As a basis for an independent assessment.
  • To test the ability to meet customer requirements.
  • To improve the Service.

The new version of ISO / IEC 20000:2011 incorporates some news regarding the previous version: important planning aspects, management of improvements, requests management or manage the design process and transition of services, which can be the nexus to integrate a Service Management Office (SMO) that has the organization to the management of services.

These highlights of the new version will be further discussed in two articles giving continuity to this first, hoping it will be of interest to those organizations that are addressing the update to that version.

Aspects of High Level for Managed Services

You must apply the continuous improvement cycle or Deming cycle at three levels: Management System (MS), processes and services. Will be required to set targets at all three levels and included in the management plan of service. From the point of view of certification emphasize the need to identify at least one goal of the MS/process and other services. The objectives should be measurable and quantifiable terms, describing in terms of purpose.

As an example: comment that implement a BSC to measure the SMS at three levels, is not a valid objective defined from the point of view of the standard, should describe the purpose of implementing a BSC , as it might be to extend the accessibility of the service reporting the group of responsible service or reduce the time spent on reporting by 20%. May be a good practice to have a template Business Case to define these goals.

Furthermore note that the integrated process approach and methodology PDCA facilitates the integration or alignment with other MS as quality is based on the ISO 9001 or the Information Security based on ISO 27001.

Discuss new terms and definitions (point 3 of the standard) are included, such as:

  • The concept of service component (to be included in the technical specifications of a service catalog).
  • Service requirements, which must be defined in the SLA, and translate into goals should be measurable through KPIs.
  • Service Transition point that described in greater detail in (Part III) of this series of three articles.
  • Service Management System, as described in the article (part I).

Looking to certification, to comment that regardless of the size of the organization, activity, etc.) can not exclude compliance with the requirements described in items 4 .. 9 of standard. Unable to delegate to third parties any of the requirements referred to in point 4.

Finally remark that one of the fruits of SMS are improvements , and as such should be properly managed , prioritizing on the basis of cost , timescales and impact or interest in the organization.

Item 4: General Service Management System Requirements

To emphasize this point the standard, management commitment to establishing and communicating the scope, policy and objectives SMS.

The policy should be reviewed every year, should be aligned with the strategy of the organization so that the goals of SMS facilitate the achievement of organizational goals. The policy can be defined in the general manual or in a separate document and publishes accessible to users of the organization.

Regarding the documentation comment that is mandatory to have a technical catalog and business catalog. Very useful to advertise IT services offered to the organization, must be updated and the updates should be recorded as RFC documentaries.

Training is a topic of special interest that we must work as one of the critical success factors for implementing an SMS. It is good practice in the early seminars introducing concepts to SM, purpose, benefits and processes. Subsequently, with increasing maturity of the SMS, it is good practice to conduct group seminars to strengthen those weaknesses identified (rightly guided the management ITSM tool, or any process as manage changes that are costing more internalized in the day to day responsibility of the services).

Item 6: Service Delivery Processes

This item is to highlight the continuity plans should describe the solution to take a case of major disasters, including the objectives of availability and recovery requirements of the alternate location specified in the SLA service.

Highlighting the importance of the direct and indirect costs of services and perform regularly track costs vs budget too.

It is good practice to have a matrix relations business catalog services with technical services. This facilitates the identification of the most critical services for the organization.

Item 7: Relationship Processes

Highlight in the analyzing Business Relationship Management analyze customer satisfaction, it is good practice to use surveys and statistical analysis of the information obtained and identify improvement proposals result of comments received.

To check the alignment between the requirements of SLA’s and contracts for each Service Catalog, is a good practice to develop a matrix of relations.

Item 8: Resolution Processes

Regarding resolution processes, service requests management is reinforced in this new version and requires developing a procedure for management.

Be advisable to include in the SLA, resolution times agreed with the customer requests and follow up on the service reporting.

Regarding the problem management is a process that begins to bear fruit when the service management system is mature, and you need support with other processes like incident management. It is good practice to conduct regular meetings between the heads of incidents and problems to identify repeated incidents that its root cause is unknown.

Item 9: Control Processes

In process control, highlight the importance of a policy change management where to describe what are the high impact changes to the organization and they will pass through the point 5 of the Standard for example.

It is very important maintain the integrity of CMDB. We will have to raise the awareness of responsible service to update the baselines before and after making a change.

I hope this little guide will serve to clear some doubts regarding certification ISO/IEC 20000:2011, and help focus and meet the requirements of the new version of the standard facilitating best practices based on experience.

Have you implemented yet a Service Management System for your Managed Services?

Source: Original text, based upon first hand knowledge and the following references:

  1. Information technology- Service management System. Part 1: Requirements. International Standard ISO/IEC 20000-1.
  2. Information technology- Service management. Part 2: Guidance on the application of service management systems. International Standard ISO/IEC 20000-2.
  3. AENOR. Guía Orientativa cambios realizados en la nueva versión UNE/ISO 20000-1:2011 respecto a UNE/ISO/IEC 20000-1:2007. Madrid: AENOR, 2012.