Although ISO goes deeply into specifying IT operations and ISO we often talk about implementation of various ISO standards, and I often hear service level management, business relationships with customers, etc. The paper proposes a classification of benefits and tests the relationship between that classification Benefits of ISO IT service management certification. Relationships with other management system standards – This . detail in ISO , which can be used in ISO implementation. Management .
Management System Audits According to ABNT , audits are used to determine in which level the quality management system requirements are met.
The audit findings are used to evaluate the efficacy of the quality management system and to identify improvement opportunities. First party audits are performed by the organization itself or on its behalf, for internal purposes, and may compose the basis for a self-declaration as for the conformity of the organization. Second party audits are performed by clients of the organization, or by other people on behalf of the client.
Third party audits are performed by independent external organizations. Such organizations, usually accredited, provide certifications or registration of compliance with requirements such as those from ISO . Since the implementation of ISO in in the company CJHT, there has been a team capacitated for internal audits composed by representatives of the each area of the organization which executes this systematic every six months, alternating with the external audits.
Similarities and differences between ISO 27001 and ISO 20000
The Integrated Management System IMS staff, in partnership with all the other areas, performs all the planning, execution control and results treatment of the company standards. Due to the importance of communication to the Services Management, one of the most important objectives of the standard is to create a terminology common to services providers, their suppliers and their clients.
The activities of measurement and service management analysis include internal audits planned by the Integrated Management System — IMS. Service improvement actions are established based on analysis of indicators, changes, quality and services levels which take place during the meetings for critical analysis and coordination .
Manages the deviations incidents in the infrastructure, seeking rapid reestablishment of the services. The Incidents Management is devoted to resolving the incident and reestablishing the service supply to the client as quickly as possible, minimizing the impact of the incident on the business. Manages the problems, seeking to identify the root causes, proposing solutions to the problems, eliminating repetitive problems, accelerating the solution time and generating a solutions bank.
The objectives of the Problem Management include: Manages changes, making sure they are quick, easy, consistent and authorized. The objective of the Change Management is to successfully complete all the adjustments and changes in the IT infrastructure in a systematic way. Manages the distributions and the release control of the software, hardware and updates.
The Release Management controls the all softwares and hardwares existing in the IT infrastructure in production and it organizes the distribution in operational environments. Manages the present, optimizes the service supply chain and follow the business up. Manages the future, monitoring and evaluating the services development, also planning new businesses. Manages disaster, keeping plans for contingency and disasters recovery, business survival, risks and vulnerabilities. Manages the effective costs, the financial resources allocation and the Return over Investment — ROI.
The Financial Management performs the correct budgetary provision of the IT services, considering involved costs and possible investments benefits, especially in decision making regarding environment changes. The authors of this article participated in the elaboration of internal documents Appendix according to the services management processes described above.
Object of Study Characterization The company CJHT of remote support in IT, located in Campos dos Goytacazes, in Rio de Janeiro state, is one of the largest Information Technology companies in Brazil, having differentials in the IT products and services provided to large corporations, as well as in the commercialization of equipment, softwares, supplies and accessories as a retailer to all customer audiences.
This multiplicity of operations makes the IT remote support company known in the market as complete. The Integrated Management System policy statement is made by the company president and it states that CJHT is a company which supplies the market with products, services and IT solutions, focusing on quality-directed client services.
The IMS policy is also extended to the IT Services Management, focusing on information security and environment responsibility, taking into consideration the existing legislation and other environmental and continuous improvement aspects. The following objectives are extracted from the IMS Policy: The measurement of the objectives listed above is performed through performance indicators and followed-up on a periodic basis.
Environment The main motivation for the implementation and consequent certification in the IT Services Management is given by the demand on the contract renewal with the unique client in the segment of the company CJHT. The other motivations are: Preparation Once the certification is decided for, the managerial group carries out a meeting to define the implementation strategy of the due standard, as described by Figure 4.
The team is defined by the managerial body according to the profile of each member. Services Management Process  Figure 5. The requirements are found in the referred standards.
Between August 3rd and 5th,to check the implementation of the requirements of the due standard. Between September 26th and 27th,by the Certification organization.
ISO vs. ISO – Similarities and differences
Between October 21st and 22nd,by the Certification organization. The certifying organization delivered the indication letter, once the certification could only be delivered within a one month. From that moment on, the news was made public to the press, clients and suppliers, and so were the benefits resulting from such achievement. Internal processes structure Figure 7. Internal Documentation from company The preparation for a certification is a moment that requires extra efforts from the organization members, for it is a period of time of continuous learning on the internal processes.
Especially about the commitment of the managerial body so the improvement suggestions may be executed in time. Processes Work focused on processes is constituted by the four premises below: Study the contract with the client and elaborate the Services Management Plan — SMP — including the implementation of the service management; issuance of service management processes; processes changes and new services.
Concerning the Objectives The general objective of the research is reached through the elaboration of a detailed certification process, with all the implementation items detailed and accomplished.
The specific objectives are met the following way: This way, it is possible to conclude that all the objectives were reached with the execution of this present research. This research presented an entire documented certification process in the ISOand contributed to the scientific communication being an important reference for future similar processes for comparisons.
IT Services Management and ISO A Case Study in an IT Remote Support Company
According to Heldman , the lessons learned are the information collected and documented during the project which may be used for the benefit of the current project, future projects or any projects which may be under execution by the organization. Such lessons may be either positive or negative. Supplier — Both standards see suppliers as one of the important elements of the management system.
ISO requires more details to be controlled in relationship to the supplier and their sub-suppliers. So, those who claim that, if you have one of the standards in place, you already have a significant part of the other one are, essentially, right.
But, are there any differences? ISO is service-based. ISO is risk management-based — it has risk management at its core. ISO considers risks as one of the building elements of the IT service management i. The basic logic of ISO How does information security work? ISO goes deep into the daily operation of the IT organization.
That means it coincides with some parts of the ISO like information classification, access control, continuity concept, etc. Further, in addition to the information security, ISO gives a degree view on the service, including financial aspects, design, release and deployment of the IT service, service level management, business relationships with customers, etc. So, in ISO some common processes such as incident, change or capacity management, go into much more detail in order to manage IT services taking into account customer requirements, all aspects of IT service delivery, characteristics of the services, roles and responsibilities, customers, etc.
ISO 20000 and ITIL – How are they related?
So, use them together or not? Sure, if you have one of the standards in place, that will be beneficial for the implementation of the other one. The fact is that both standards have re-usable elements. Fine-tune them, use the best that each of the standards brings and enjoy final results in the form of reliable and well-managed services or information security management brought to the state-of-the-art level. Your customers will know how to reward that.