Documentos de Académico
Documentos de Profesional
Documentos de Cultura
ISO - IEC 20000 (PDFDrive) PDF
ISO - IEC 20000 (PDFDrive) PDF
© Copyright 2013
ISBN: 978-84-8414-097-9
Edición abril 2013
Mediagora, SL
C. Lucà, 1
08022 Barcelona
España
Tel.: 93 602 55 00
informacion@nhbarcelona.com
ISO/IEC 20000
Fundamentos
de Gestión de Servicios de TI
Índice de Contenidos
Prólogo
Esquema de Certificación
Descripción del Curso
Temario
Descripción del Examen
Bibliografía
Prólogo
ISO/IEC 20000 es el estándar internacional e independiente para la calidad en
la Gestión de Servicios TI. Un estándar que posibilita que las organizaciones
puedan demostrar la calidad de los servicios TI que ofrecen a sus clientes, así
como construir y mantener un Sistema de Gestión de Servicios TI que cumpla
con los requisitos internacionales de calidad establecidos por la ISO/IEC
20000.
La gestión de servicios de TI describe el diseño, provisión, soporte y mejora de
servicios relacionados con tecnologías de la información para soportar los
objetivos de negocio. El estándar internacional para la gestión de servicios de
TI, denominada ISO/IEC 20000:2011, especifica claramente los elementos
esenciales en este ámbito: Definir y acordar los requisitos de los servicios,
planificar los recursos para alcanzar los objetivos de negocio, soportar la
provisión de servicios y proporcionar valor al cliente y al proveedor del servicio.
Todo ello con el objetivo de crear una ventaja competitiva significativa, ya que
los clientes demandan cada vez más mayor calidad en los servicios TI. De ahí
que estas organizaciones necesiten contar con profesionales TI que estén
certificados en la norma ISO/IEC 20000.
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Esquema de Certificación
Objetivos
El curso Fundamentos de ISO/IEC 20000 está diseñado para proporcionar
conocimientos acerca de qué es un sistema de gestión de los servicios de TI y
los requisitos mínimos a los que deben aspirar los proveedores de servicio
dentro del contexto de ISO/IEC 20000. A lo largo del curso los asistentes se
familiarizan con los contenidos del estándar ISO/IEC 20000, su implementación
orientada hacia la práctica en forma de sistema de gestión –incluidas las
relaciones con otros estándares relevantes– y las mejores prácticas, métodos y
marcos asociados con él.
Entre los temas que cubre el curso de Fundamentos figuran los siguientes:
- Conceptos básicos de la gestión de servicios y marcos de calidad
- El sistema de gestión de servicios (SMS) y el valor y aplicación del ciclo
PDCA
- Conceptos de alto nivel en torno al diseño y la transición de servicios
- Objetivos, actividades y requisitos de calidad aplicados al proceso de
gestión de servicios.
Duración
El curso tiene una duración de 15 horas.
Participantes
Este curso est á dirigido a todos aquellos que desempeñen un papel o tengan
interés en la gestión de servicios de TI. Entre los cargos específicos a los que
va dirigido destacan los siguientes: Gestores, personal de negocio y
supervisión, jefes de equipo, diseñadores de servicios, arquitectos y/o
planificadores de TI, consultores de TI, directores de auditoría/auditores de TI,
gestores/gerentes de seguridad de TI, directores de proyectos/programas,
suministradores, adinistradores principales y suministradores subcontratados, y
clientes de proveedores de servicios.
Material didáctico
Los participantes reciben el material didáctico correspondiente a los contenidos
impartidos durante el curso:
- Fundamentos de ISO/IEC. Mediagora, SL. ISBN: 978-84-8414-097-9
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Temario
Bibliografía
Michael Kunas
Implementing Service Quality based on ISO/IEC 20000, 2nd Edition
United Kingdom, IT Governance Publishing, 2012
ISBN 978-1-84928-402-8
B Mart Rovers
ISO/IEC 20000-1:2011: A Pocket Guide
The Netherlands, Van Haren Publishing, 2012
ISBN 978 90 8753 6824
EXIN
IT Service Management Foundation
based on ISO/IEC 20000
Course Introduction
• Course Administration
– Who are you?
• Purpose of course
– Base concepts around ISO/IEC
20000‐1
• Adopt/adapt Service
Management principles in
the delivery of quality
services
– Preparation for the
Foundation Exam according
to the specification from EXIN
2
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Foundation Exam
• Multiple choice
– 40 questions
• Single correct answer
– Closed book
– 60 minutes to complete
– Must score 65% (26/40) or higher to pass
• Successful completion allows the candidate to enroll
in the Associate course
Foundation Bridge Exam
• Must have an ITIL® Foundation certificate
– Any version
• Complete the Bridge course
– 7 hours instruction
– 30 minute exam; 20 multiple choice questions
• Closed book
• Must score 65% or higher (13/20 or more)
– Successful completion allows the candidate to enroll in the
Associate course
4
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
5
EXIN’s Qualification Scheme
• Start date: July 2012
• One story
– Simpler – ‘one’ language
– Simpler – ‘specified way of working’
– Stronger mind‐set
– Multi‐source to assemble
the best for all
• Side entries
– ITIL®
Core Concepts to
IT Service Management
6
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
A Process‐based Approach
• Cabinet Office (ITIL® 2011)
– “A process is a structured set of activities designed to
accomplish a specific objective…”
• ISO 9000:2005
– “A process is a set of interrelated or interacting activities which
transforms inputs into outputs…”
• Processes control…
– Individual behavior
– Use of technology
– Use of knowledge/information
• Processes provide predictable results
– Measurable
– Repeatable
Process Assessment
• Critical Success Factors (CSFs)
– Meet all critical conditions to achieve success
• What are the basic conditions of the process?
• Does the process operate effectively?
– Qualitative consideration
• Key Performance Indicators
– Metrics reflect the degree of target achievement
• Calculation based on parameter values measured during process
execution
• Does the process actually operate (now, last month, last quarter,
etc…) effectively and efficiently?
– Quantitative consideration
8
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Process Roles
• Role
– Responsibility, authority, activities
– Part 1: 4.1.3a and 4.1.4b
• Roles within ISO/IEC 20000‐2
– Process Owner
• Responsible for process results
– Process Manager
• Responsible for realization of the process, day‐to‐day control and
management
– Process Operatives (Team, Practitioner)
• Responsible for defined activities
• Notes
– Results assessed based upon agreed performance indicators
– One person or team may have multiple roles
Tools
• Tools
– Support automation
– Produce management information
• Typical tools
– Monitoring tools
– Software distribution
– Integrated Service Management toolset
– Workflow tools
– Remote infrastructure management tools
– ‘Paper & pencil’
• Tools used to ‘enable the processes to be effective and
efficient’ (ISO/IEC 20000‐1)
– Support the processes in the SMS (ISO/IEC 20000‐2)
10
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
What is a Service?
• Cabinet Office (ITIL® 2011)
– “Means of delivering value by facilitating outcomes customers
want to achieve without the ownership of costs and risks”
• Mirrored in ISO/IEC 20000:2011
• Components of an IT Service
– Information Systems
• People, process, products, partners
• Used to manage information
– Support
• Changes, system restoration
• Maintenance
• Ensure performance meets agreed requirements
– Quality Specifications
• Availability, capacity, performance, security, scalability, portability,
adjustability, confidentiality, etc….
• Each needs to be specified and agreed
11
Gaps between Services and Quality
• Gaps in Quality Perception / Customer Satisfaction
– Customer expectations and provider’s perception of
expectation
– Translation between expectation to physical service
– Physical service and perceived service
– Perceived service and expected service
• ISO 10002: Quality Management – Customer Satisfaction
• Communication
– Changing customer requirements and business environments
– Changing technology capabilities
– Common language (COBIT®, ITIL®, etc…)
• On‐going Assessment & Review
– Definition of a service
– Costs
12
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Service Management
• ISO/IEC 20000:2011:
– “set of capabilities and processes to direct and control the
service provider's activities and resources for the design,
transition, delivery and improvement of services to fulfill
the service requirements”
• Cabinet Office (ITIL® 2011)
– “…is the implementation and management of quality IT
Services that meet the needs of the business by IT Service
Providers through a mix of people, process and
technology”
13
ITSM: Basic Relationships
• Business Processes are
supported by IT Services
• Delivering IT Services is the
key task of an IT provider Is responsible
• Customers of the IT provider
are basically organizations that
are involved in business
processes supports Users use…
• Users use IT Services to carry
out day‐to‐day activities
Applying ITSM
delivers Best Practice
• ITSM Frameworks describe
Best Practices of IT Service
Management
14
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Benefits & Risks Service Management
• Benefits • Potential Risks & Challenges
– Understand/fulfill service – Bureaucratic procedures, more
requirements to achieve paperwork.
customer satisfaction – Lower effectiveness and
– Policy/objective driven service efficiency, if…
delivery • The staff is not aware of
– Services designed and processes and measures
delivered following a defined • Personnel do not accept the
management system system
– Continual monitor, measure, • Senior Management only pays
lip‐service to the system
review of management
• Important work is done
systems and service
outside of the system
performance
• No process compliance
– Continual improvement of the
management system and
services based on objective
measures
15
Continual Improvement ‐ PDCA
16
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Core Concepts of Quality
Frameworks
17
What is ISO/IEC 20000‐1:2011?
• Main Concepts
– Integrated process approach
• Plan, establish, implement, operate, monitor, review, maintain, improve
– Service Management System (SMS)
• Deliver ‘quality’ via the SMS
– Based in PDCA Methodology
• Understand/fulfill service requirements to achieve customer satisfaction
• Establish policy/objectives for Service Management
• Design/deliver services based on the SMS that add value for customer
• Monitor, measure, review performance of SMS and services
• Continual improve SMS and services based on objective measures
– Allows integration to other management system standards
• ISO 9001 (Quality Management System)
• ISO/IEC 27001 (Information Security Management System)
– Owner
• ISO (International Organization for Standardization)
• IEC (International Electro‐technical Commission)
– Developed by…
• JTC 1 / SC 7 (Joint Technical Committee 1 Subcommittee 7)
18
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
ISO/IEC 20000 Parts
• Part 1 (2011) (IS)
– Service Management System requirements (“Shalls”)
• Part 2 (2012) (IS)
– Guidance on the Application of Service Management
Systems (“Shoulds”)
• Part 3 (2009) (TR)
– Guidance on Scope Definitions & Applicability of ISO/IEC
20000‐1
• Part 4 (2010) (TR)
– Process Reference Model
• Part 5 (to be re‐published summer 2012) (TR)
– Exemplar Implementation Plan for ISO/IEC 20000‐1
19
ISO/IEC 20000 Parts
• Part 7 (future)
– Guidance on cloud deployment and ISO/IEC 20000‐1
• Part 8 (future)
– Process Assessment Model; 15504‐8/20000‐8
• Part 10 (future)
– Service management ‐ Concepts and terminology‐1
• Part 11 (future)
– Guidance on the relationship between ISO/IEC 20000‐1
and related frameworks, volume 1
• ISO/IEC 27013 (security series)
– Guidelines on the integrated implementation of ISO IEC
27001 and ISO/ IEC 20000‐1
20
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
PDCA Methodology
• Plan
– Establish, document, agree the SMS
(policies, objectives, plans, processes to
design/deliver services according to
business need, customer requirements,
service provider policies)
• Do
– Implement/operate the SMS for design,
transition, delivery and improvement of
services
• Check
– Monitor, measure, review SMS and
services against the plans, policies,
objectives and requirements and
reporting results
• Act
– Actions to continually improve SMS
performance; includes Service
Management processes and services
21
ITSM20 Program Principles
Management system • Integration of lean
processes in a Service
… not technology
Management System!!
Based on communications
… not communication tools
To provide negotiated services
… not products!
Delivered in a simple adapted
measurable way
… not textbook approach
And continuously improved
… not once in a while
22
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Who Uses ISO/IEC 20000?
• Organizations…
– Seeking services, requiring assurance that their requirements
will be fulfilled
– Requiring a consistent approach – from provider through the
supply chain
• Service Providers…
– Demonstrate capability for design, transition, delivery and
improvement of services fulfilling service requirements
– Improve design, transition and delivery of services through an
effective implementation and operation of an SMS
• Assessors/Auditors…
– Criteria for conformity assessment of an SMS to the
requirements within ISO/IEC 20000
23
ISO/IEC 20000: The SMS
24
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Complementary Frameworks/Technologies
• ITIL®
• COBIT®
• Six Sigma®
• CMMI®
• ISO 9001
• ISO/IEC 27001
• ISO/IEC 38500
• New Technologies
– Green IT
– Cloud
– Tmap NEXT
25
ITIL® 2011
CSI
26
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
ITIL® & ISO/IEC 20000
• History
– The ‘ITIL®’ standard
– A way to quantitatively assess ‘best practice’ deployment
Pt. 1
27
COBIT® 4.1
• Control Objectives for
Information and Related
Technologies
– IT Governance framework
• Assures value of IT
• Manages IT related risks
• Control of information
– Four domains supported by 34
processes
• Plan & Organize
– Direction for solution and
service delivery
• Acquire & Implement
– Provides service solution
• Deliver & Support
– Service solution
operationalized
• Monitor & Evaluate
– Ensures direction is followed
– Each process supported by control
objectives
28
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
COBIT® 5
• Two main process domains
– Governance
• Five governance processes
– Each have Evaluate, Direct and
Monitor (EDM) responsibilities
– Management
– Responsibilities of plan, build, run,
monitor (PBRM)
• Align, Plan and Organize (APO)
• Build, Acquire and Implement (BAI)
• Deliver, Service and Support (DSS)
• Monitor, Evaluate and Assess (MEA)
– Integrates Risk IT and Val IT process
models
– 37 total governance and
management processes
29
Six Sigma®
• Originally designed to improve
manufacturing quality
– Goal: to reduce defects
• Uses statistical analysis and
normal curve
• 6σ: 3.4 defects/million
opportunities (DPMO)
• 99.99966%
– Follows PDCA Cycle
• DMAIC (for business
processes)
– Define, Measure, Analyze,
Improve, Control
• DMADV (project
methodology)
– Define, Measure, Analyze,
Design, Verify
30
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
CMMI®
• Capability Maturity Model
– Process improvement/maturity
– Carnegie Mellon University
– Software oriented
– SCAMPI – Standard CMMI
Appraisal Method for Process
Improvement
– Maturity levels commonly used
in assessment activities
• CMMI for Services (CMMI‐
SVC)
– Improve processes that deliver
services http://en.wikipedia.org/wiki/File:Characteristics_of_Capability_Maturity_Model.svg
• http://www.sei.cmu.edu/libra
ry/abstracts/reports/10tr034.c
fm
31
ISO 9001: Quality Management Systems
• States the organization has
consistently followed process but
does not guaranteed quality of
the product
– Customer focus: understand needs
and requirements
– Leadership: drives purpose and
direction of organization
– Involvement: ‘chain is only as
strong as its weakest link’
– Process approach: drives efficiency
– Continual improvement: increases
performance and satisfaction
– Fact‐based: uses data/information
for decisions
– Suppliers: supporting relationships
Basis for ISO/IEC 20000 to drive service delivery
– System approach: identify,
understand and manage process
relationships as a unit
32
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
ISO/IEC 27001
• Requirements for an Information • If the organization has a 27001
Security Management System certificate, and the scope is the
(ISMS) same, ISO/IEC 20000‐1:2001
– Establishing, implementing, section 6.6 is not required
operation, monitoring, reviewing,
maintaining and improving a
documented ISMS
– Based on PDCA methodology
• Family of standards
– 27000 – Overview, vocabulary
– 27001 – Requirements
– 27002 – Code of Practice
– 27003 – Implementation
– 27004 – Measurement
– 27005 – Security Risk Mgt.
– 27006 – Audit
– 27011, 27031, 27033, 27035
– …
33
ISO/IEC 38500
• Corporate Governance of Information Technology
– Principles for effective, efficient and acceptable use of IT
• Corporate governance – system to control/direct organizations
• Management – system of controls to achieve strategic objectives from
the organization’s governing body
• Govern via three tasks
– Evaluate
• Review/judge strategies/proposals taking into account current and
future business need
– Direct
• Define/assign responsibilities for implementing plans/policies
– Monitor
• Using measurement systems, monitor performance and conformance
to external obligations
34
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
ISO/IEC 38500 ‐ 2
35
“New” Technologies
• Green IT
– Sustainable operations
– Awareness of energy and material use
• Cloud Technologies
– Provision and procurement of internet‐based IT services
– Scalability, cost reductions, efficiency
• SAAS
• Tmap NEXT
• Test Management Approach
• www.tmap.net
36
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
How it all fits…
37
ISO/IEC 20000‐1:2011
38
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Key Terms (3)
• Terms that differ from ITIL® • Pay close attention to the
– Certification following:
– Compliance – Document
– Corrective action • Shows intent
– Customer – Record
– Information Security • Shows evidence
• Confidentiality, integrity, – Effectiveness
accessibility of information
(availability)
– Interested Party
• Stakeholders
– Preventive action
– Service Component
– Top Management
39
Service Management System
40
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
SMS General Requirements (4.1)
• Management Responsibility
– Management Commitment
• Plan, establish, implement, operate, monitor, review, maintain,
improve the SMS
– Service Management Policy
• Appropriate for the service provider, demonstrates commitment
– Authority, responsibility and communication
• Define authorities/responsibilities; procedures for communication
– Management representative
• Delegates the necessary authority to ensure activities are
performed, legal requirements followed
41
Governance…Operated by Other Parties
(4.2)
• Ensure SP demonstrates governance over processes,
aspects of processes fulfilled by other parties
– Accountability/authority, define interfaces,
performance/compliance requirements, process
improvements
– Supplier Management
– Service Level Management
• Scope of control
– Part 3
42
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Documentation Management (4.3)
• Establish and maintain documents
– Ensures effective planning, operation and control of SMS
• Policy, objectives, plans, catalog of services, SLAs, processes,
procedures and records
• Additional docs as necessary
– Control of Documents
• Develop procedure, with necessary authority and responsibility for
all types of documents
– Create, approve, communicate, review, maintain, change, version
control, identification, distribution, manage obsolete docs
– Legible
– Control of Records
• Necessary to demonstrate compliance (audit)
– Identify, store, protect, retrieve, retention, disposal
43
Resource Management (4.4)
• Provision of resources
– Human, technical, information, financial resources
• Establish the SMS
• Customer satisfaction
• Human resources
– Appropriate education, training, skills, experience
• Define competencies, maintain records
• Personnel aware of how they contribute to SM objectives and
fulfilling service requirements
44
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Establish & Improve SMS (4.5) ‐ 1
• Define scope
– Entered in SM plan
• Includes organizational name providing services and services
delivered
– Geographic location, customer locations, technology used
– ISO/IEC 20000‐3
• Plan the SMS (Plan)
– SM objectives achieved, service requirements, policies,
standards, statutory/regulatory requirements, contractual
obligations,
– Authorities, responsibilities, roles
– Resources, interfaces for design/transition, processes
– Risk management
– Technology
– Measuring/reporting
45
Establish & Improve SMS (4.5) ‐ 2
• Implement and Operate the SMS (Do)
– Implement the SMS
– Manage resources (budget, other)
– Assign/manage authorities/responsibilities/roles
– Identify/manage risk
– Manage/maintain policies, plans, procedures
– Manage SM processes
– Monitor/report on SM activities
• Progress of Service Management Plan
46
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Establish & Improve SMS (4.5) ‐ 3
• Monitor and Review the SMS (Check)
– Internal Audits
• Planned intervals following documented procedures (defines audit
criteria, scope, frequency, methods) to ensure SMS is fulfilling
requirements (service, ISO20K)
• Nonconformities communicated, prioritized, responsibilities assigned
– Corrective actions, follow‐up activities
– Assessment and audits
• Self‐assessment, Internal audit, Vendor audit, External audit
– Management Review
• Top management ensuring suitability, effectiveness
– Resource utilization, trends, satisfaction, service performance
• Input sources
– Customer feedback, performance, conformity, resources and capabilities
(forecast, current), risk, audit results and actions, improvement
opportunities
47
Establish & Improve SMS (4.5) – 3
• Maintain and improve the SMS (Act)
– Must be a policy for continual improvement (evaluation
criteria)
• Preventative actions
– Management of Improvements
• Prioritized, decided via evaluation criteria
• Improvements should affect…
– Quality, value, capability, cost, productivity, resource utilization, risk
reduction
• Document revision where necessary
• Implement against targets and correct if targets not reached
48
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
The SMS
49
Service Design & Transition
50
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Design & Transition of New/Changed Services (5)
• General guidance on how to manage new/changed
services (5.1)
– Authority from the Change Management process
• Change activities include assessment, approval, scheduling, reviewing
– CIs controlled via Configuration Management
– All services based on agreed service requirements and each
service assessed to the requirements
• Plan New/Changed Services (5.2)
– Identify service requirements and plan to meet them; agree
with customer
• Service provider consider financial, organizational, technical impact
• Consider suppliers of necessary service components
– Removal of services must also be planned
• Includes archiving, disposal/transfer of data, documentation, CIs
51
Design & Transition… (5) ‐ 2
• Design/development of new/changed services (5.3)
– Details roles, activities, resources, technology, contracts,
supporting documentation, measures
– Ensures designs enable the fulfillment of requirements
• Transition of new/changed services (5.4)
– Testing
• Ensures that service requirements are fulfilled
• Service Acceptance Criteria
• RDM process deploys new/changed service under authority of
Change Management
52
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Service Delivery Processes (6)
53
Service Level Management (6 .1)
• Key Terms
– Service Level
– Service Target
– Service Level Agreement (SLA)
• Activities
– Agrees with customer what services are provided
• Define service levels
– Catalog of services
• Includes dependencies between services and service components
• Updated to reflect approved changes to services and SLAs
– SLAs are based on service requirements and include performance targets,
exceptions, etc…
– Review SLA and services at ‘planned intervals’
– All changes controlled by Change Management
– Monitor services to understand performance and identify improvements
– Develop agreement to ensure that delivery/support of service
components are controlled and managed
54
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Service Reporting (6.2)
• Key Terms
– Report
• Activities
– Thoroughly define report parameters
• Purpose, audience, frequency, details of data sources, etc…
– Reports are produced for services
• Data from SMS, SM processes, service performance data
– Report contents
• Achievement of service targets, technical performance (e.g.,
workload, etc…)
– Trends
• Relevant events (major incidents, changes, etc…)
• ISO/IEC 20000‐1 nonconformities
• Customer satisfaction (e.g., complaints, compliments, etc…)
– Use reports for improvement actions
– Reports communicated to ‘interested’ parties
55
Service Continuity & Availability Mgt (6.3)
• Key Terms
– Availability
– Availability Plan
– Service Continuity
– Service Continuity Plan
– Risk
• Activities
– Assess/document service delivery risks under normal and extreme conditions
• Agree with customer appropriate countermeasures
• Ensure countermeasure fit within business plans, requirements, SLAs other risks
– Requirements include access to services, service response times, end‐to‐end
availability
– Create appropriate plans under control of Change Management
• SCM Content – procedures for major service loss, targets to trigger invocation, recovery
requirements, return to normal procedures; contact lists, CMDB availability
• AM Content – agreed requirements and targeted
– All changes assessed against the SC & AM plans
• Can be combined
56
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Service Continuity & Availability Mgt (6.3) – 2
• Activities (con)
– Monitoring & Testing
• Availability
– Compare results with agreed targets
– Unplanned availability investigated and actioned
• Continuity & Availability Plans
– Tested against requirements; re‐tested after major change to service
requirements
– Record all results
– Review after each test and after invocation of Continuity Plan
» Address deficiencies via Change Management
57
Budgeting & Accounting for Services (6.4)
• Key Terms
– Budgeting
– Accounting
– Charging (outside the scope of ‐1)
• Activities
– Relationship with organizational (corporate) financial processes
– Policies/procedures incorporating…
• Budgeting/accounting for service components (e.g., assets, shared
resources, overheads, capital/operational expenses, external services,
personnel, facilities…)
• Calculating/distributing indirect costs and direct service costs
– Cost by service
• Effective financial control
– Costs monitored and reported against budget, basis for
forecasts
– Support Change Management to cost requests for change
58
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Capacity Management (6.5)
• Key Terms
– Capacity
– Capacity Plan
– Demand Management
• Activities
– Agree capacity and performance requirements
– Create a Capacity Plan
• Human, technical, information and financial resources
• Controlled by Change Management
• Contents
– Current/forecasted demand; timescales for ‘upgrades’
» Predictive analysis
– Impact of agreed availability, continuity and service levels
– Impact on regulatory/legal/statutory/contractual/organizational changes
– New technologies/techniques
– Monitor, analyze, tune capacity
– Provide sufficient capacity to fulfill agreed requirements
59
Information Security Management (6.6)
• Key Terms
– Information Security Policy
– Risk
• Activities
– Information Security Policy
• Addresses service requirements, statutory/regulatory/contractual agreements
– Communicate policy and importance of conformance by all
– Create ISM objectives
– Define what is and manage information security risks
• Risk assessments completed on planned intervals
– Internal information security audits
• Review results and action improvements
• ISO/IEC 27000 family of standards
– ISO/IEC 27001 & 27002
• Information Security Management System (ISMS) & Code of Practice, respectively
60
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Information Security Mgt (6.6) ‐ 2
• Information Security Controls
– Physical, administrative, technical controls to protect…
• Confidentiality, integrity, accessibility of information
• Implement Information Security Policy, achieve objectives, manage risks
• Documented, reviewed, applied to external suppliers
• Information Security Changes & Incidents
– RFCs assessed…
• For impact to Information Security Policy
• Identify new/changed risks
– Incidents
• Managed by Incident Management process
– Priority to reflect Information Security risks
• Analyzed by service provider to understand types, volumes and impacts
– Review and report
– Identify improvements
61
Relationship Processes (7)
62
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Relationship Process Relationships
63
Business Relationship Management (7.1)
• Key Terms
– Customer satisfaction
– Service Compliant
– Escalation
• Activities
– Identify customers, users, interested parties of services
– Identify representative who manages the customer relationship and
satisfaction
– Define communication mechanism
• Promote understanding of business environment where services operate or is used
– Performance reviews on planned intervals
– Service requirement changes controlled by Change Management
• SLA changes via Service Level Management
– Service complaints procedure
• Record, investigate, act, report, close, escalate
– Customer satisfaction measures on planned intervals
• Analyze/review for improvement opportunities
64
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Supplier Management (7.2)
• Key Terms
– Supplier
• Lead Supplier
• Subcontracted Supplier
– Contract
• Contractual disputes
• Early termination
• Activities
– “MAY USE” suppliers to assist in service delivery
– Identify representative who manages the supplier
relationship, contract and performance
– Align with SLAs
• Customer service requirements in SLA, supported in contracts
Supplier Management (7.2) – 2
• Activities (con)
– Agree contracts
• Contract contents: scope, dependencies, supplier requirements, service
targets, supplier‐provider process interfaces, integration to the SMS, workload
characteristics, contract exceptions, responsibilities of the supplier and
provider, reporting/communicating, financials (charging)…
• Expected or early termination or transfer of services
• Changes to contracts managed by Change Management
– Managing the relationship
• Service Provider Æ Supplier
– Performance reviewed and managed by service provider
– Assess against service targets and contract conditions
» Analyze/review for improvement opportunities, change in requirements…
• Lead supplier Æ Subcontracted suppliers
– Service Provider ensures lead supplier is managing but does NOT manage the
subcontractor
– Procedure to manage contractual disputes
– ISO/IEC 20000‐3
66
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Supply Chain Relationships
67
Resolution Processes (8)
68
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Incident & Service Request Mgt (8.1)
• Key Terms
– Incident
– Service Request
– Priority
• Impact and urgency
– Escalation
• Activities
– Incident procedures to…
• Record, prioritize, classify, update records, escalate, resolution, close
– Service request procedures to…
• Fulfill request from recording to closure
– Access and use relevant information
• Procedures, known errors, problem resolutions, CMDB,
success/failure of releases, release dates
69
Incident & Service Request Mgt (8.1) ‐ 2
• Activities (con)
– Communication
• Resolution progress;
• Inform if resolution/fulfillment will exceed service target
– Escalation
– Major Incidents
• Defined/documented
• Top management will…
– Be informed
– Ensure appointment of manager responsible for managing the major
incident
• After restoration, review and identify improvements
70
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Problem Management (8.2)
• Key Terms
– Problem
– Known Error
• Root cause
• Activities
– Procedures to…
• Identify, record, prioritize, classify, update records, escalate, resolve,
close
– Analysis of incident/problem trends and data
– Identify root cause and preventative action
• Known error – record and review effectiveness
– Mitigate/remove via Change Management
– Communicate known errors/resolutions to Incident & Service
Request Management
71
IM & PM Compared/Contrasted
• Two separate process
– IM: restoration of service as quickly as possible with minimal
impact
• Shorter timescales
• Most visible to the organization
• Could negatively impact satisfaction
• Captured as availability ‘hit’
– PM: minimize/avoid incident (and problem) impact
• Typically longer timescales for resolution
• Lack of PM is very visible (more incidents, more repeats)
• ‘Easy’ to deploy with great benefit
– Know what’s wrong, need authority to ‘fix’
• Could positively impact satisfaction (remove of repetitive incidents…)
• Links to Availability Management
– Design to mitigate failure
72
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Control Processes (9)
73
Configuration Management (9.1)
• Key Terms
– Configuration Item (CI)
– Configuration Management Database (CMDB)
– Configuration baseline
• Activities
– Define CI types
– CI information includes…
• Unique identifier, Description, status, version, location
• Relationships
– CI Æ CI
– CI Æ service component
– CI Æ request for change
– CI Æ problems/known errors
• All changes traceable and auditable to ensure integrity of CI/CMDB
74
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Configuration Management (9.1) ‐ 2
• Activities (con)
– Manage Configuration Management Database (CMDB)
• Reliability, accuracy, controlled updates
– Version control
– Audits
• Planned intervals, check accuracy of CI information in the CMDB
• If discrepancies, resolve and report actions
– Support Change Management in assessing request for Change
– Capture configuration baseline before release deployment
– Store master copies of CIs in secure physical/logical libraries
• Documentation, license information, software, hardware images
– Interface between Financial Asset Management and
Configuration Management
75
Change Management (9.2)
• Key Terms
– Request for Change
– Emergency change
– Risk
– Schedule of change
• Activities
– Produce a policy which defines which CIs are under change
control and method for assessing CI changes that could have
major impact
• All changes to service/service component must use request for
change
• Procedure to record, classify, assess and approve requests for change
– Removal/transfer of services are changes that must be
controlled
– Define emergency change procedures
– Changes with major impact to services managed via section 5.0
76
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Change Management (9.2) – 2
• Activities (con)
– Requests for change
• Assessed from Change Management and other processes
• Decision‐making based on risk, impact to service/customer, service
requirements, business benefits, technical feasibility, financial impact
– Changes must be approved before developed and tested
– Schedule of change
• Holds approved changes, proposed deployment dates
• Communicated to ‘interested parties’
• Basis for release planning
– All changes have a plan to reverse/remedy unsuccessful
changes
• Unsuccessful changes investigated, actioned
– CMDB records updated following successful deployment
– Analyze for trends; identify/action improvements
77
Release & Deployment Mgt (9.3)
• Key Terms
– Release
– Release Policy
– Emergency release
– Acceptance criteria
• Activities
– Release policy
• Defines type and frequency
– Release plan
• With customer input; coordinated with Change Management
– Tie to known errors, changes and problems that will be mitigated with
release
• Includes deployment dates, deliverables, deployment method
– Define emergency release
• Coordinate with emergency change procedure
78
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Release & Deployment Mgt (9.3) – 2
• Activities (con)
– Release actions
• Built/tested prior to deployment; controlled test environment used
• Assessed via acceptance criteria
– If criteria not met, decide appropriate actions
• Deploy protecting integrity of hardware/software/service
components
– All releases have a plan to reverse/remedy unsuccessful release
• Unsuccessful release investigated, actioned
– Monitor/analyze all releases
• Measure incidents related to a release, assess impact to customer
• Record/review, identify improvement opportunities
– Communicate success/failure releases, future release dates
• Change Management , Incident & Service Request Management
– Assist Change Management on change assessment and
potential impact to release plans
79
Control Process Relationships
80
ISO/IEC 20000: Fundamentos de Gestión de Servicios de TI
Role of Process: New Service Deployment
Notes:
•Some activities in practice will
occur in parallel
•Incident and Service Request
Management and Problem
Management will manage the
impact of failure
81
Summary – What you need to Know!
• IT Service Management
– Quality, service, process, Service Management, tools,
continual improvement
– Quality frameworks
• Service Management System (SMS)
– Requirements, governance, resources, documentation
– PDCA
• Design & Transition
– Management, plan, design, transition
• Service Management processes
– Objectives, quality, activities, practical application
82
PARTE 2
| Modelos de Examen |
Preguntas de muestra
Fundamentos de gestión
de servicios de TI
basade en la certificación
ISO/IEC 20000
Edición de noviembre de 2012
Copyright © 2012 EXIN
All rights reserved. No part of this publication may be published, reproduced, copied or
stored in a data processing system or circulated in any form by print, photo print, microfilm
or any other means without written permission by EXIN.
Introducción 4
Preguntas de muestra 5
Soluciones 17
Evaluación 39
El número máximo de puntos que se pueden obtener en este examen es de 40. Cada
respuesta correcta tiene un valor de un punto. Si usted consigue 26 puntos o más,
habrá aprobado el examen.
¡Buena suerte!
1 de 40
¿Cómo puede determinar una empresa la eficacia del proceso de gestión de niveles
de servicio (SLM)?
2 de 40
A. De describir el proceso.
B. De operar el proceso.
C. De proporcionar informes del proceso.
D. De establecer el proceso.
3 de 40
¿Qué detalles deberían registrarse como una línea de base antes de implantar un plan
de mejora del servicio?
5 de 40
A. ISO 9001
B. ISO/IEC 27001
C. COBITTM
D. ITIL®
6 de 40
7 de 40
¿Qué es SixSigma®?
9 de 40
10 de 40
12 de 40
13 de 40
¿Dónde se registran los acuerdos relativos a la entrega del servicio y su relación con
la gestión de la seguridad de la información?
A. En un plan de capacidad
B. En una base de datos de gestión de la configuración (CMDB)
C. En una biblioteca definitiva de software (DSL)
D. En un acuerdo de nivel de servicio (SLA)
15 de 40
16 de 40
17 de 40
A. Gestión de la disponibilidad
B. Gestión de cambios
C. Gestión de problemas
D. Gestión de niveles de servicio (SLM)
19 de 40
A. Gestión de la disponibilidad
B. Gestión de la capacidad
C. Gestión de cambios
D. Gestión de incidentes
20 de 40
¿Qué proceso garantiza que pueda diagnosticarse lo más rápido posible una
interrupción en la prestación de los servicios?
A. Gestión de cambios
B. Gestión de incidentes y de solicitudes de servicio
C. Gestión de problemas
D. Gestión de niveles de servicio (SLM)
22 de 40
Los procesos de relación describen las relaciones definidas con la empresa y los
suministradores y el negocio.
23 de 40
A. La mejora continua
B. La orientación al cliente
C. El diseño de nuevos servicios
D. El cálculo de costes
24 de 40
¿Qué proceso es responsable de registrar las relaciones lógicas y físicas entre los
diversos componentes de la infraestructura de TI?
A. Gestión de la disponibilidad
B. Gestión de la configuración
C. Gestión de la entrega
D. Gestión de incidentes
26 de 40
A. Los cambios de emergencia solo deben ser autorizados por el gestor senior.
B. El proceso de cambio debe ser evitado por completo.
C. Existe un proceso aparte para la adopción de cambio de emergencia.
D. Deberá seguirse el proceso de cambio cuando sea posible.
27 de 40
¿Cuál sería una buena razón para que las empresas adoptasen la norma ISO/IEC
20000?
28 de 40
30 de 40
31 de 40
33 de 40
34 de 40
A. Gestión de cambios
B. Gestión de la configuración
C. Gestión de la entrega
D. Centro de atención a usuarios
36 de 40
A. Comunicarse con los clientes en relación con futuras interrupciones del servicio.
B. Asociar los nuevos incidentes con errores conocidos.
C. Restaurar los servicios lo más rápido posible.
D. Hacer un seguimiento de los problemas en la base de datos de errores conocidos
(KEDB).
37 de 40
38 de 40
A. En el marco de trabajo de TI
B. En el catálogo de servicios
C. En el acuerdo de nivel de servicio (SLA)
D. En el informe del servicio
40 de 40
A. Gestión de la disponibilidad
B. Elaboración de informes de servicios
C. Gestión de niveles de servicio
D. Presupuestos y contabilidad de los servicios