USQ CIS5308: Case Study of ISO/IEC 20000 Certification in Middle East
VerifiedAdded on 2022/11/28
|17
|4795
|86
Report
AI Summary
This report presents a detailed case study of a Middle East financial institution's successful ISO/IEC 20000 certification. The institution aimed to strengthen its position in the region and compete internationally. The report outlines the steps followed, including planning, assessment, and implementation of the service management system (SMS). It discusses the benefits derived from the certification, such as standardized processes, improved service delivery, and enhanced customer satisfaction. The case study also highlights the importance of stakeholder involvement, process documentation, and the role of consultants. The report analyzes the positive impact of the certification on the institution's processes, services, and overall business performance, emphasizing the advantages for both internal and external stakeholders. The financial institution improved its position through improved IT service management, which helped them to compete on a global stage. The case study offers insights into the challenges and successes of achieving ISO/IEC 20000 certification, providing valuable information for organizations seeking to improve their IT service management practices and gain a competitive advantage.
Middle East Financial Institution Case Study
Student’s name
Institution Affiliation(s)
Student’s name
Institution Affiliation(s)
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Executive Summary...................................................................................................................2
Introduction................................................................................................................................3
Section 1: Steps followed in the ISO/IEC 20000 Certification..................................................4
Planning..................................................................................................................................4
Assessment.............................................................................................................................6
Implementation.......................................................................................................................7
Section 2: Benefits of ISO/IEC 20000 certification to an organization.....................................8
Process....................................................................................................................................8
Service....................................................................................................................................9
Overall business....................................................................................................................10
Conclusion................................................................................................................................10
References................................................................................................................................13
Appendix 1: Essay....................................................................................................................14
1
Executive Summary...................................................................................................................2
Introduction................................................................................................................................3
Section 1: Steps followed in the ISO/IEC 20000 Certification..................................................4
Planning..................................................................................................................................4
Assessment.............................................................................................................................6
Implementation.......................................................................................................................7
Section 2: Benefits of ISO/IEC 20000 certification to an organization.....................................8
Process....................................................................................................................................8
Service....................................................................................................................................9
Overall business....................................................................................................................10
Conclusion................................................................................................................................10
References................................................................................................................................13
Appendix 1: Essay....................................................................................................................14
1
Executive Summary
Organizations invested a considerable amount of funds to attain ISO/IEC 20000
service management system standard certification due to various benefits derived such
accreditation. Firms that are certified have standardized processes and procedures; their
services are aligned to the international best practices thus satisfying their customers,
employees are happy to work in an organized environment while the management is able to
track performance. However, the process of attaining and retaining the certification is long
and requires commitment, but the benefits that accrued at the end of the process are
worthwhile.
2
Organizations invested a considerable amount of funds to attain ISO/IEC 20000
service management system standard certification due to various benefits derived such
accreditation. Firms that are certified have standardized processes and procedures; their
services are aligned to the international best practices thus satisfying their customers,
employees are happy to work in an organized environment while the management is able to
track performance. However, the process of attaining and retaining the certification is long
and requires commitment, but the benefits that accrued at the end of the process are
worthwhile.
2
Introduction
ISO/IEC 20000 is a global standard or an international IT service management
(ITSM) that provides various requirements that must be met by an interested firm. ISO/IEC
20000 standard supports the company’s ITSM processes, whether outsourced or in-house. It
helps the company to be aligned with international best practice and the needs of the
business. ISO/IEC 20000 includes being formally audited to establish whether the IT
organization (ITO) is operating its service delivery proficiently (Iden & Eikebrokk, 2014a).
The ISO 20000 allows organizations to benchmark on the delivery of managed services,
assess their performance, and measure service levels. The ISO/IEC 20000 draws strongly on
and is widely aligned with the Information Technology Infrastructure Library (ITIL) (Greiner
& White, 2019). However, the only differences between the two standards are that the later
assessment focuses on best practice framework and has no minimum number of processes to
be performed. On the other hand, the certification provides a set of processes that
organizations in the same industry must be compared against. The ITIL is an ITSM
framework that is widely adopted in the world and focuses on aligning IT services with the
business requirements (Iden & Eikebrokk, 2014b).
The management framework that ISO/IEC 20000 applies are called service
management system (SMS) and are the minimum or mandatory requirements. They comprise
of management responsibility, documentation management, resource management,
governance of the processes operated by other parties and establish the SMS. There are many
organizations that are implementing the IT Service Management Service (ITSMS) based on
ISO 20000 and lasts for three years. After the completion of three years, the company is
required to undergo a reassessment audit to receive the accreditation for another three years
(Müller & Lichtenberg, 2018).
3
ISO/IEC 20000 is a global standard or an international IT service management
(ITSM) that provides various requirements that must be met by an interested firm. ISO/IEC
20000 standard supports the company’s ITSM processes, whether outsourced or in-house. It
helps the company to be aligned with international best practice and the needs of the
business. ISO/IEC 20000 includes being formally audited to establish whether the IT
organization (ITO) is operating its service delivery proficiently (Iden & Eikebrokk, 2014a).
The ISO 20000 allows organizations to benchmark on the delivery of managed services,
assess their performance, and measure service levels. The ISO/IEC 20000 draws strongly on
and is widely aligned with the Information Technology Infrastructure Library (ITIL) (Greiner
& White, 2019). However, the only differences between the two standards are that the later
assessment focuses on best practice framework and has no minimum number of processes to
be performed. On the other hand, the certification provides a set of processes that
organizations in the same industry must be compared against. The ITIL is an ITSM
framework that is widely adopted in the world and focuses on aligning IT services with the
business requirements (Iden & Eikebrokk, 2014b).
The management framework that ISO/IEC 20000 applies are called service
management system (SMS) and are the minimum or mandatory requirements. They comprise
of management responsibility, documentation management, resource management,
governance of the processes operated by other parties and establish the SMS. There are many
organizations that are implementing the IT Service Management Service (ITSMS) based on
ISO 20000 and lasts for three years. After the completion of three years, the company is
required to undergo a reassessment audit to receive the accreditation for another three years
(Müller & Lichtenberg, 2018).
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
There are many reasons why an organization seek the ISO/IEC 20000 certification. It
is a requirement to have the certification when participating in government contracts; it
serves as a marketing advantage when bidding for the contract, thus giving an organization a
competitive advantage. Further, when a company is certified, it serves as a market leader, and
consumers of its services or products view it superior to its competitors. The certification
motivates Internal changes in the organization since failure to adhere to the standards leads to
the denial of the certification (Eikebrokk & Iden, 2017). Therefore these benefits are derived
from the company's processes, services, and the overall business performance. Although the
initiative is geared towards customer satisfaction, other stakeholders enjoy the outcome. For
instance, the employees are happy to work in an organized environment where every member
of staff understand his or her roles and responsibilities while the management is able to
monitor the company's processes and performance effectively since every step is clearly
defined (Cardoso, Moreira, & Escudero, 2018).
The process towards certification has three parts, namely planning, assessment, and
implementation. The first step is to build a business case and stakeholders’ awareness to
identify whether it is worthwhile to obtain ISO/IEC 20000 (Rexhepi, 2016b). The second step
is the internal assessment to establish the present position of the ITO in relations to
requirements 403. The last step is the implementation and improvement of processes and
procedures as per the standards in order to successfully pass the final certification audit, and
others audit in the future (Esteves & Alves, 2013). There are consultant firms that guide firms
towards certification. Fox-IT has helped companies accelerate their timeframe towards
certification as well as minimize issues that may arise when RCB conduct the final audit.
4
is a requirement to have the certification when participating in government contracts; it
serves as a marketing advantage when bidding for the contract, thus giving an organization a
competitive advantage. Further, when a company is certified, it serves as a market leader, and
consumers of its services or products view it superior to its competitors. The certification
motivates Internal changes in the organization since failure to adhere to the standards leads to
the denial of the certification (Eikebrokk & Iden, 2017). Therefore these benefits are derived
from the company's processes, services, and the overall business performance. Although the
initiative is geared towards customer satisfaction, other stakeholders enjoy the outcome. For
instance, the employees are happy to work in an organized environment where every member
of staff understand his or her roles and responsibilities while the management is able to
monitor the company's processes and performance effectively since every step is clearly
defined (Cardoso, Moreira, & Escudero, 2018).
The process towards certification has three parts, namely planning, assessment, and
implementation. The first step is to build a business case and stakeholders’ awareness to
identify whether it is worthwhile to obtain ISO/IEC 20000 (Rexhepi, 2016b). The second step
is the internal assessment to establish the present position of the ITO in relations to
requirements 403. The last step is the implementation and improvement of processes and
procedures as per the standards in order to successfully pass the final certification audit, and
others audit in the future (Esteves & Alves, 2013). There are consultant firms that guide firms
towards certification. Fox-IT has helped companies accelerate their timeframe towards
certification as well as minimize issues that may arise when RCB conduct the final audit.
4
Section 1: Steps followed in the ISO/IEC 20000
Certification
Cots, Casadesús & Marimon (2016), state that there are various steps that an IT
Organization has to pass through before the final audit from the Registered Certification
Body (RCB) is performed. These steps are discussed in the subsequent paragraphs.
Planning
When a company decides to obtain ISO/IEC 20000 Certification, it is required to
identify the specific scope of ITO service delivery that will be audited by external auditors.
The scope may be narrow, thus applying to a single service or extensive or assessing many
key services that are given to one customer or multiple customers (Rexhepi, 2016a). The
company is required to create a stakeholder map that lists the number of services being
delivered by the organization. This will help the organization to gain a deeper understanding
of these features. The customer to these services could be internal or external, while the
suppliers could be internal or external; these are involved in supporting and delivering these
services. Based on the reasons for seeking certification, the organization will next determine
the most applicable scope. For instance, those focusing on gaining a competitive advantage
should not concentrate on the internal IT service provision (Rexhepi, 2016a).
If the company outsources the majority of activities that are used in its delivery of
services, then the ITO should not seek certification. More so, if it only outsources specific
aspects like Service Desk, the ITO can obtain certification although it will be required to
demonstrate management control or incident management. To be certain about the validity of
the scope of certification, the company should seek advice from the experts. Upon
identification of the scope, the firm should obtain formal ratification from the RCB that will
conduct the subsequent audit (Watts, 2017).
5
Certification
Cots, Casadesús & Marimon (2016), state that there are various steps that an IT
Organization has to pass through before the final audit from the Registered Certification
Body (RCB) is performed. These steps are discussed in the subsequent paragraphs.
Planning
When a company decides to obtain ISO/IEC 20000 Certification, it is required to
identify the specific scope of ITO service delivery that will be audited by external auditors.
The scope may be narrow, thus applying to a single service or extensive or assessing many
key services that are given to one customer or multiple customers (Rexhepi, 2016a). The
company is required to create a stakeholder map that lists the number of services being
delivered by the organization. This will help the organization to gain a deeper understanding
of these features. The customer to these services could be internal or external, while the
suppliers could be internal or external; these are involved in supporting and delivering these
services. Based on the reasons for seeking certification, the organization will next determine
the most applicable scope. For instance, those focusing on gaining a competitive advantage
should not concentrate on the internal IT service provision (Rexhepi, 2016a).
If the company outsources the majority of activities that are used in its delivery of
services, then the ITO should not seek certification. More so, if it only outsources specific
aspects like Service Desk, the ITO can obtain certification although it will be required to
demonstrate management control or incident management. To be certain about the validity of
the scope of certification, the company should seek advice from the experts. Upon
identification of the scope, the firm should obtain formal ratification from the RCB that will
conduct the subsequent audit (Watts, 2017).
5
The ISO/IEC 20000 has different parts; however, part 1 was revised last in 2011 and
provides a detailed list of mandatory requirements that should be met by the agreed scope
before certification. The first part has a total of 403 requirements that have been achieved,
and when a single standard is not attained, it is termed as non-conformity. The second part,
which was last revised in 2012, provides supporting guidance to ITO in order to meet the
requirements of part one (Cots et al., 2016). Based on the maturity of the ITO, size of the
scope, and the number of processes required or missing in the current operation as well as
their maturity may cause the first step to last between 12-18 months before taking the final
audit by the RCB. Further, the auditors will demand a well-defined and documented three
months evidence to ascertain that the ITO has been operating as indicated by its policies,
processes, and procedures; their operation should all be in sync (Walker, Coletta, &
Sivaraman, 2014). A self-assessment audit is conducted at this stage by the project manager
and his team. Since the process is low costs, it allows repeated assessments to evaluate the
status of the firm's processes and services.
Assessment
The first assessment that is conducted by the company on the present status of the
ITO's service management system serves as the baseline measurement for evaluating future
progress. It also helps the ITO understands where it is failing to achieve the standards'
requirements or the non-conformities in addition to conformities. The assessment is a gap
analysis and guides the development of an accurate roadmap and project plan. The purpose of
the assessment is to support the organization's essential timeframe for accreditation. The
analysis should realistically list the non-conformities that have been discovered (Walker et
al., 2014). Since in phase one, the scope was identified, the next phase is key stakeholders
identification and invitation to participate. They are the people involved in the day-to-day
process and comprises of process managers, owners, and practitioners.
6
provides a detailed list of mandatory requirements that should be met by the agreed scope
before certification. The first part has a total of 403 requirements that have been achieved,
and when a single standard is not attained, it is termed as non-conformity. The second part,
which was last revised in 2012, provides supporting guidance to ITO in order to meet the
requirements of part one (Cots et al., 2016). Based on the maturity of the ITO, size of the
scope, and the number of processes required or missing in the current operation as well as
their maturity may cause the first step to last between 12-18 months before taking the final
audit by the RCB. Further, the auditors will demand a well-defined and documented three
months evidence to ascertain that the ITO has been operating as indicated by its policies,
processes, and procedures; their operation should all be in sync (Walker, Coletta, &
Sivaraman, 2014). A self-assessment audit is conducted at this stage by the project manager
and his team. Since the process is low costs, it allows repeated assessments to evaluate the
status of the firm's processes and services.
Assessment
The first assessment that is conducted by the company on the present status of the
ITO's service management system serves as the baseline measurement for evaluating future
progress. It also helps the ITO understands where it is failing to achieve the standards'
requirements or the non-conformities in addition to conformities. The assessment is a gap
analysis and guides the development of an accurate roadmap and project plan. The purpose of
the assessment is to support the organization's essential timeframe for accreditation. The
analysis should realistically list the non-conformities that have been discovered (Walker et
al., 2014). Since in phase one, the scope was identified, the next phase is key stakeholders
identification and invitation to participate. They are the people involved in the day-to-day
process and comprises of process managers, owners, and practitioners.
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Organizations vary, and therefore, their activities and processes may differ; however,
assessment can be conducted on activities close to what is required in the certification
requirements. For instance, the lack of formal capacity management can be supplemented
with the evaluation of capacity-related activities. Workshops and interview sessions are held
and cover all the 403 requirements, and where certain activities related to certification are not
present in the ITO, these sessions have to be held and documented. In addition to
observations of processes or review of supporting documentation, these initiatives, serve as
evidence that needed in the justification of requirements for standards (Park & Kim, 2012).
Based on the size of the scope and the participants, the assessment can take five days
or more. Also, the assessment can be done by its internal staff, especially if the ITO enjoys a
certain degree of independence. If the firm lacks an internal audit team, then it can contract
the services of external consultancy. Immediately the assessment is concluded, the ITO a
comprehensive report should be generated to assist in aligning the SMS with the detailed
requirements before certification is reached. The report should contain the management
summary, general scores on conformance and non-conformance, a detailed comparison with
firms, process breakdown that includes the individual status of conformity and non-
conformity, findings and recommendations remediate the non-conformity (Park & Kim,
2012).
After assessment and signing off of the roadmap, a high-level project plan is
developed to provide the actual outlook on the schedule of activities before certification. The
project plan should have a project manager who will execute, track the completion of the
activities, and facilitate relevant inter-dependencies. An internal audit is conducted by the
firm’s internal auditors with a background of ISO/IEC 20000 certification training course to
assess the degree of compliance (Cots et al., 2016).
7
assessment can be conducted on activities close to what is required in the certification
requirements. For instance, the lack of formal capacity management can be supplemented
with the evaluation of capacity-related activities. Workshops and interview sessions are held
and cover all the 403 requirements, and where certain activities related to certification are not
present in the ITO, these sessions have to be held and documented. In addition to
observations of processes or review of supporting documentation, these initiatives, serve as
evidence that needed in the justification of requirements for standards (Park & Kim, 2012).
Based on the size of the scope and the participants, the assessment can take five days
or more. Also, the assessment can be done by its internal staff, especially if the ITO enjoys a
certain degree of independence. If the firm lacks an internal audit team, then it can contract
the services of external consultancy. Immediately the assessment is concluded, the ITO a
comprehensive report should be generated to assist in aligning the SMS with the detailed
requirements before certification is reached. The report should contain the management
summary, general scores on conformance and non-conformance, a detailed comparison with
firms, process breakdown that includes the individual status of conformity and non-
conformity, findings and recommendations remediate the non-conformity (Park & Kim,
2012).
After assessment and signing off of the roadmap, a high-level project plan is
developed to provide the actual outlook on the schedule of activities before certification. The
project plan should have a project manager who will execute, track the completion of the
activities, and facilitate relevant inter-dependencies. An internal audit is conducted by the
firm’s internal auditors with a background of ISO/IEC 20000 certification training course to
assess the degree of compliance (Cots et al., 2016).
7
Implementation
When the project plan is signed-off by relevant stakeholders, then the implementation
process begins. It is the implementation of roadmap and project plan that will assist the ITO
to attain the certification. It involves improving processes and practices that are required by
the standard, thus generating the required evidence, thus succeeding in the final certification
audit and subsequent audits. Owners of these processes are identified to ensure the right
accountability (Cots et al., 2016). A steering group from the key stakeholders is appointed to
monitor the project plan progress and ensure improvements are made promptly. All processes
that are directed towards SMS should be documented while policies and plans documents
should be detailed and lengthy. They include service management plan and the service
management policy. The firm should invite a qualified consultant to conduct a final review
before the RCB do the actual audit. The step will give the ITO a high degree of confidence
prior to the RCB audit, and the output from the pre-audit will guide in resolving any issues of
non-conformity that has arisen before RCB visits. Finally, the RCB audit is performed, and
certification is awarded upon successful output (FOXIT, 2019).
Section 2: Benefits of ISO/IEC 20000 certification to an
organization
Although the process of implementation of ISO/IEC 20000 is a complex task, the
business of the company and the operation of its services are aligned with standards set by the
international certification. According to Cots et al., a company derives numerous benefits in
its pursuit of accreditation. Some of the key benefits are related to processes, services, and the
overall business performance as discussed in the subsequent paragraphs.
Process
During the process of pursuing the international certification, the firm implements
incident management processes, defines respective roles and responsibilities in addition to
monitoring and measurement of all elements. The improved control of IT service delivery
8
When the project plan is signed-off by relevant stakeholders, then the implementation
process begins. It is the implementation of roadmap and project plan that will assist the ITO
to attain the certification. It involves improving processes and practices that are required by
the standard, thus generating the required evidence, thus succeeding in the final certification
audit and subsequent audits. Owners of these processes are identified to ensure the right
accountability (Cots et al., 2016). A steering group from the key stakeholders is appointed to
monitor the project plan progress and ensure improvements are made promptly. All processes
that are directed towards SMS should be documented while policies and plans documents
should be detailed and lengthy. They include service management plan and the service
management policy. The firm should invite a qualified consultant to conduct a final review
before the RCB do the actual audit. The step will give the ITO a high degree of confidence
prior to the RCB audit, and the output from the pre-audit will guide in resolving any issues of
non-conformity that has arisen before RCB visits. Finally, the RCB audit is performed, and
certification is awarded upon successful output (FOXIT, 2019).
Section 2: Benefits of ISO/IEC 20000 certification to an
organization
Although the process of implementation of ISO/IEC 20000 is a complex task, the
business of the company and the operation of its services are aligned with standards set by the
international certification. According to Cots et al., a company derives numerous benefits in
its pursuit of accreditation. Some of the key benefits are related to processes, services, and the
overall business performance as discussed in the subsequent paragraphs.
Process
During the process of pursuing the international certification, the firm implements
incident management processes, defines respective roles and responsibilities in addition to
monitoring and measurement of all elements. The improved control of IT service delivery
8
processes, the establishment, and fulfillment of service level agreement (SLA) targets
improves the efficiency of the service management team and the entire organization thus
making the management, the employees and customers happy and satisfied (Šrubařová,
2012). Certification not only improves processes and procedures, but it also helps the
employees to understand them since they are well established, defined, and documented as
well as their interfaces between them, which are transparent. More so, having processes and
people under control minimizes costs and optimizes revenues. Certification leads to
standardization, consistency of processes and services, increasing uniformity, thus making
the firm more governable, and predictable. It helps them retain knowledge, enhance its ability
to plan and control as well as enable new employees to apply formal framework and
management techniques. Thus assisting the workforce to become aware and develop a quality
standard culture, as well as enhance their motivation. Certification improves the chances and
capacity of the company to recover from catastrophic events, error, or incident as well as
reduction of deviations and errors (Šrubařová, 2012).
Service
Services refer to the means used by an organization to deliver value to its customers
through the provision of desired outcomes and without sustaining certain risks and costs.
Services incorporate elements like processes, people, and technology. High-quality service is
important for the Middle East Financial Institution, and their IT services are not exempted
since customers are agitated by slow performance, downtime, and delayed requests. ISO/IEC
20000 provides standards, functions, and processes that link IT with other organizational
goals. When an organization seeks the certification, it has to evaluate the effectiveness of
their managed services delivery, measure its service levels and their performance. The
requirements are linked to ITIL that directs IT service management (Disterer, 2012).
9
improves the efficiency of the service management team and the entire organization thus
making the management, the employees and customers happy and satisfied (Šrubařová,
2012). Certification not only improves processes and procedures, but it also helps the
employees to understand them since they are well established, defined, and documented as
well as their interfaces between them, which are transparent. More so, having processes and
people under control minimizes costs and optimizes revenues. Certification leads to
standardization, consistency of processes and services, increasing uniformity, thus making
the firm more governable, and predictable. It helps them retain knowledge, enhance its ability
to plan and control as well as enable new employees to apply formal framework and
management techniques. Thus assisting the workforce to become aware and develop a quality
standard culture, as well as enhance their motivation. Certification improves the chances and
capacity of the company to recover from catastrophic events, error, or incident as well as
reduction of deviations and errors (Šrubařová, 2012).
Service
Services refer to the means used by an organization to deliver value to its customers
through the provision of desired outcomes and without sustaining certain risks and costs.
Services incorporate elements like processes, people, and technology. High-quality service is
important for the Middle East Financial Institution, and their IT services are not exempted
since customers are agitated by slow performance, downtime, and delayed requests. ISO/IEC
20000 provides standards, functions, and processes that link IT with other organizational
goals. When an organization seeks the certification, it has to evaluate the effectiveness of
their managed services delivery, measure its service levels and their performance. The
requirements are linked to ITIL that directs IT service management (Disterer, 2012).
9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Organizations that implement the ISO/IEC 20000 benefit from standards because they
assist it improve and implement high quality and reliable services. The outcome of the
transformation in terms of service delivery assist the company to access certain markets like
public-sector organizations that demand compliance with the international certification. It
also assures their clients that their service requirements will be met since attaining
certification requires elevated services. Internally, the firm enforces a culture of continuous
improvement and measurable level of effectiveness in their service management services and
processes through measurement, monitoring, and review (Disterer, 2012).
Certification enhances benchmarking and improvement since the firm is able to
compare its organizational processes, setup, and services with its peers, which have ISO
20000 standards and other standards. The service management system (SMS), as well as the
IT services, are regularly measured, monitored, and reviewed to reinforce their continual
improvement. This is an added advantage to the organization and its management because it
helps them to understand its efficiency and performance as well as improve its capacity to
respond to constant changes in the modern dynamic business environment (Casadesús,
Marimon, & Cots, 2014).
Overall business
The implementation of ISO/IEC 20000 improves the company reputation because of
adopting IT service management from an internationally recognized standard. It gains a
competitive edge since it can now access markets that are dominated by well-organized
competitors. The image and the way the suppliers, customers, and partners perceive the
company improves as well as its credibility because the firm’s processes and internal
organization are aligned to the ISO/IEC 20000. Vertical communication in the firm is greatly
improved because the management is involved from the beginning of the preparation towards
10
assist it improve and implement high quality and reliable services. The outcome of the
transformation in terms of service delivery assist the company to access certain markets like
public-sector organizations that demand compliance with the international certification. It
also assures their clients that their service requirements will be met since attaining
certification requires elevated services. Internally, the firm enforces a culture of continuous
improvement and measurable level of effectiveness in their service management services and
processes through measurement, monitoring, and review (Disterer, 2012).
Certification enhances benchmarking and improvement since the firm is able to
compare its organizational processes, setup, and services with its peers, which have ISO
20000 standards and other standards. The service management system (SMS), as well as the
IT services, are regularly measured, monitored, and reviewed to reinforce their continual
improvement. This is an added advantage to the organization and its management because it
helps them to understand its efficiency and performance as well as improve its capacity to
respond to constant changes in the modern dynamic business environment (Casadesús,
Marimon, & Cots, 2014).
Overall business
The implementation of ISO/IEC 20000 improves the company reputation because of
adopting IT service management from an internationally recognized standard. It gains a
competitive edge since it can now access markets that are dominated by well-organized
competitors. The image and the way the suppliers, customers, and partners perceive the
company improves as well as its credibility because the firm’s processes and internal
organization are aligned to the ISO/IEC 20000. Vertical communication in the firm is greatly
improved because the management is involved from the beginning of the preparation towards
10
certification to the end and feedback that is received during the reviews supports strategic and
better quality tactical decisions (Casadesús et al., 2014).
When a firm implements the ISO standards, it creates a clear evaluation criterion such as
incident management process and change management. The certification takes care of
compliance since legal and regulatory requirements are factored in the ISO/IEC 20000
standards. The companies that adopt the certification at an early stage or the early adopters
are able to enjoy differential advantages since they have accreditation that few competitors
have. They are also perceived as highly innovative organizations since ISO 20000 is seen as
the seal of commitment to quality (Casadesús et al., 2014).
Conclusion
ISO/IEC 20000 is a global standard that focuses on IT Service management and provides
a list of requirements known as the services management system (SMS) that have to be
implemented by firms seeking certification. The firm seeking certification has to undergo
through three key processes, namely planning, assessment, and implementation. Planning
consists of an evaluation of the firm's services and stakeholders as well as the creation of the
scope. Assessment or gap analysis refers to the evaluation of the ITO's status of service
management system in order to obtain the baseline data that will be referred to during the
subsequent audits. The process takes five days or more. The process generates roadmap and
project plan that is implemented in the third phase. At the end of the process, internal auditors
are invited to review the transformation and identify the issues related to non-conformity. It is
followed with RCB audit that evaluates whether the firm has aligned itself with the 403
requirements set by the international standards.
Therefore, the firm undergoes four different audits before accreditation, namely self-
assessment by the project manager, the first audit by its internal auditors, a second audit by
external auditors, and the final audit by the RCBs. To avoid conflict of interest, the RCB
11
better quality tactical decisions (Casadesús et al., 2014).
When a firm implements the ISO standards, it creates a clear evaluation criterion such as
incident management process and change management. The certification takes care of
compliance since legal and regulatory requirements are factored in the ISO/IEC 20000
standards. The companies that adopt the certification at an early stage or the early adopters
are able to enjoy differential advantages since they have accreditation that few competitors
have. They are also perceived as highly innovative organizations since ISO 20000 is seen as
the seal of commitment to quality (Casadesús et al., 2014).
Conclusion
ISO/IEC 20000 is a global standard that focuses on IT Service management and provides
a list of requirements known as the services management system (SMS) that have to be
implemented by firms seeking certification. The firm seeking certification has to undergo
through three key processes, namely planning, assessment, and implementation. Planning
consists of an evaluation of the firm's services and stakeholders as well as the creation of the
scope. Assessment or gap analysis refers to the evaluation of the ITO's status of service
management system in order to obtain the baseline data that will be referred to during the
subsequent audits. The process takes five days or more. The process generates roadmap and
project plan that is implemented in the third phase. At the end of the process, internal auditors
are invited to review the transformation and identify the issues related to non-conformity. It is
followed with RCB audit that evaluates whether the firm has aligned itself with the 403
requirements set by the international standards.
Therefore, the firm undergoes four different audits before accreditation, namely self-
assessment by the project manager, the first audit by its internal auditors, a second audit by
external auditors, and the final audit by the RCBs. To avoid conflict of interest, the RCB
11
conducting the audit cannot be a firm providing SMS consultancy services; it has to be an
independent firm. In the case of non-conformity, the request is declined until the
requirements are fully implemented or awarded the certification. The main reason why a firm
may fail to be certified include missing the two components of evidence, that is, documents
and records. The documents contain procedure documents, process documents, contracts,
plans service level agreements, and policy statements. On the other hand, the record contains
documents indicating the results achieved, evidence of activities that were conducted and not
evidence of intentions. They include all audit reports, individual training records, log files,
invoices, incident reports, meeting minutes, and request for change and action item lists,
among others. The standard last for three years after which the company is required to
undergo a reassessment audit which upon completion it is awarded an additional three years.
ISO/IEC 20000 implementation has many advantages related to operation and
business ends. It creates excellence in the delivery of services, which translates to business
excellence that means satisfied customers, improved market share, and increased revenue.
Certification does not only affect customers due to improved efficiency and responsiveness in
the delivery of IT services; it also affects the company's workforce. Employees are happy
working in a favourable environment that is highly organized and monitored in addition to
being able to see their inputs and outputs. There is no duplication of activities and suppliers
are under control, thus creating greater stability in the IT service management teams in
addition to cost optimization.
12
independent firm. In the case of non-conformity, the request is declined until the
requirements are fully implemented or awarded the certification. The main reason why a firm
may fail to be certified include missing the two components of evidence, that is, documents
and records. The documents contain procedure documents, process documents, contracts,
plans service level agreements, and policy statements. On the other hand, the record contains
documents indicating the results achieved, evidence of activities that were conducted and not
evidence of intentions. They include all audit reports, individual training records, log files,
invoices, incident reports, meeting minutes, and request for change and action item lists,
among others. The standard last for three years after which the company is required to
undergo a reassessment audit which upon completion it is awarded an additional three years.
ISO/IEC 20000 implementation has many advantages related to operation and
business ends. It creates excellence in the delivery of services, which translates to business
excellence that means satisfied customers, improved market share, and increased revenue.
Certification does not only affect customers due to improved efficiency and responsiveness in
the delivery of IT services; it also affects the company's workforce. Employees are happy
working in a favourable environment that is highly organized and monitored in addition to
being able to see their inputs and outputs. There is no duplication of activities and suppliers
are under control, thus creating greater stability in the IT service management teams in
addition to cost optimization.
12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
References
Cardoso, A., Moreira, F., & Escudero, D. F. (2018). Information Technology Infrastructure
Library and the Migration to Cloud Computing. Univers. Access Inf. Soc., 17(3), 503–515.
https://doi.org/10.1007/s10209-017-0559-3
Casadesús, M., Marimon, F., & Cots, S. (2014). Benefits of implementing Service
management Standard ISO 20000. Proceedings of the 1st International Conference on
Quality Engineering and Management. Retrieved from
https://www.academia.edu/8434556/Benefits_of_implementing_Service_management_Stand
ard_ISO_20000
Cots, S., Casadesús, M., & Marimon, F. (2016). Benefits of ISO 20000 IT Service
Management Certification. Inf. Syst. E-Bus. Manag., 14(1), 1–18.
https://doi.org/10.1007/s10257-014-0271-2
Disterer, G. (2012). Why firms seek ISO 20000 Certification - a study of ISO 20000 adoption.
13. https://doi.org/10.1007/s178397-014-038-282
Eikebrokk, T. R., & Iden, J. (2017). Strategising IT service management through ITIL
implementation: model and empirical test. Total Quality Management & Business Excellence,
28(3–4), 238–265. https://doi.org/10.1080/14783363.2015.1075872
Esteves, R., & Alves, P. (2013). Implementation of an Information Technology Infrastructure
Library Process – the Resistance to Change. Procedia Technology, 9, 505–510.
https://doi.org/10.1016/j.protcy.2013.12.056
FOX-IT. (2019). Successful ISO/IEC 20000 Certification for Leading Middle East Financial
Institution. Case study: Middle East Financial Institution.
https://foxit.com/wp-content/uploads/Case-Study-Middle-East-Financial-Institution-and-
ISO20000.pdf
Greiner, L., & White, S. (2019, January 18). What is ITIL? Your guide to the IT
Infrastructure Library. Retrieved May 15, 2019, from CIO website:
https://www.cio.com/article/2439501/infrastructure-it-infrastructure-library-itil-definition-
and-solutions.html
Iden, J., & Eikebrokk, T. R. (2014a). Exploring the Relationship between Information
Technology Infrastructure Library and Process Management: Theory Development and
Empirical Testing. Knowledge and Process Management, 21(4), 292–306.
https://doi.org/10.1002/kpm.1437
Iden, J., & Eikebrokk, T. R. (2014b). Using the ITIL Process Reference Model for Realizing
IT Governance: An Empirical Investigation. Information Systems Management, 31(1), 37–58.
https://doi.org/10.1080/10580530.2014.854089
13
Cardoso, A., Moreira, F., & Escudero, D. F. (2018). Information Technology Infrastructure
Library and the Migration to Cloud Computing. Univers. Access Inf. Soc., 17(3), 503–515.
https://doi.org/10.1007/s10209-017-0559-3
Casadesús, M., Marimon, F., & Cots, S. (2014). Benefits of implementing Service
management Standard ISO 20000. Proceedings of the 1st International Conference on
Quality Engineering and Management. Retrieved from
https://www.academia.edu/8434556/Benefits_of_implementing_Service_management_Stand
ard_ISO_20000
Cots, S., Casadesús, M., & Marimon, F. (2016). Benefits of ISO 20000 IT Service
Management Certification. Inf. Syst. E-Bus. Manag., 14(1), 1–18.
https://doi.org/10.1007/s10257-014-0271-2
Disterer, G. (2012). Why firms seek ISO 20000 Certification - a study of ISO 20000 adoption.
13. https://doi.org/10.1007/s178397-014-038-282
Eikebrokk, T. R., & Iden, J. (2017). Strategising IT service management through ITIL
implementation: model and empirical test. Total Quality Management & Business Excellence,
28(3–4), 238–265. https://doi.org/10.1080/14783363.2015.1075872
Esteves, R., & Alves, P. (2013). Implementation of an Information Technology Infrastructure
Library Process – the Resistance to Change. Procedia Technology, 9, 505–510.
https://doi.org/10.1016/j.protcy.2013.12.056
FOX-IT. (2019). Successful ISO/IEC 20000 Certification for Leading Middle East Financial
Institution. Case study: Middle East Financial Institution.
https://foxit.com/wp-content/uploads/Case-Study-Middle-East-Financial-Institution-and-
ISO20000.pdf
Greiner, L., & White, S. (2019, January 18). What is ITIL? Your guide to the IT
Infrastructure Library. Retrieved May 15, 2019, from CIO website:
https://www.cio.com/article/2439501/infrastructure-it-infrastructure-library-itil-definition-
and-solutions.html
Iden, J., & Eikebrokk, T. R. (2014a). Exploring the Relationship between Information
Technology Infrastructure Library and Process Management: Theory Development and
Empirical Testing. Knowledge and Process Management, 21(4), 292–306.
https://doi.org/10.1002/kpm.1437
Iden, J., & Eikebrokk, T. R. (2014b). Using the ITIL Process Reference Model for Realizing
IT Governance: An Empirical Investigation. Information Systems Management, 31(1), 37–58.
https://doi.org/10.1080/10580530.2014.854089
13
Müller, S. D., & Lichtenberg, C. G. de. (2018). The culture of ITIL: Values and
implementation challenges. Information Systems Management, 35(1), 49–61.
https://doi.org/10.1080/10580530.2017.1416946
Park, J.-H., & Kim, H. (2012). Building up an IT Service Management System through the
ISO 20000 Certification. International Journal of Knowledge Content Development &
Technology, 2(2), 31–45. https://doi.org/10.5865/IJKCT.2012.2.2.031
Rexhepi, E. (2016a, June 16). Adapting ITIL and Implementing ISO/IEC 20000 for a
Successful Organization/Business. Retrieved May 15, 2019, from
https://pecb.com/article/adapting-itil-and-implementing-isoiec-20000-for-a-successful-
organizationbusiness
Rexhepi, E. (2016b, October 27). Why ISO/IEC 20000 is a must for your business? Retrieved
May 15, 2019, from https://pecb.com/article/why-isoiec-20000-is-a-must-for-your-business
Šrubařová, R. (2012). Quality in Service Management System According to ISO 20000.
Research Papers Faculty of Materials Science and Technology Slovak University of
Technology, 20(Special-Number), 126–130. https://doi.org/10.2478/v10186-012-0021-6
Walker, A., Coletta, A., & Sivaraman, R. (2014). An evaluation of the process capability
implications of the requirements of ISO/IEC 20000-1. Journal of Software: Evolution and
Process, 26(12), 1316–1326. https://doi.org/10.1002/smr.1654
Watts, S. (2017, December 27). ISO 20000 vs ITIL: What’s the Difference and How Are
They Related? – BMC Blogs. Retrieved May 15, 2019, from
https://www.bmc.com/blogs/iso-20000-vs-itil-whats-the-difference-and-how-are-they-
related/
14
implementation challenges. Information Systems Management, 35(1), 49–61.
https://doi.org/10.1080/10580530.2017.1416946
Park, J.-H., & Kim, H. (2012). Building up an IT Service Management System through the
ISO 20000 Certification. International Journal of Knowledge Content Development &
Technology, 2(2), 31–45. https://doi.org/10.5865/IJKCT.2012.2.2.031
Rexhepi, E. (2016a, June 16). Adapting ITIL and Implementing ISO/IEC 20000 for a
Successful Organization/Business. Retrieved May 15, 2019, from
https://pecb.com/article/adapting-itil-and-implementing-isoiec-20000-for-a-successful-
organizationbusiness
Rexhepi, E. (2016b, October 27). Why ISO/IEC 20000 is a must for your business? Retrieved
May 15, 2019, from https://pecb.com/article/why-isoiec-20000-is-a-must-for-your-business
Šrubařová, R. (2012). Quality in Service Management System According to ISO 20000.
Research Papers Faculty of Materials Science and Technology Slovak University of
Technology, 20(Special-Number), 126–130. https://doi.org/10.2478/v10186-012-0021-6
Walker, A., Coletta, A., & Sivaraman, R. (2014). An evaluation of the process capability
implications of the requirements of ISO/IEC 20000-1. Journal of Software: Evolution and
Process, 26(12), 1316–1326. https://doi.org/10.1002/smr.1654
Watts, S. (2017, December 27). ISO 20000 vs ITIL: What’s the Difference and How Are
They Related? – BMC Blogs. Retrieved May 15, 2019, from
https://www.bmc.com/blogs/iso-20000-vs-itil-whats-the-difference-and-how-are-they-
related/
14
Appendix 1: Essay
The concept of service value system (SVS) in ITIL4
Service Value System (SVS) is a key component of the ITIL v4 that facilitates co-
creation of value. SVS indicates how various operations and components of a business work
together to create value in an organization. The system possesses interfaces with other
businesses to create an ecosystem that is capable of creating value for such an organization,
its customers, and stakeholders. The Service Value System (SVS) has a central element,
service value chain which serves as an operating model. The model describes the main
operations and activities needed in an organization to respond to the changing value demands.
It also facilitates value realization by creating and managing products and services. The
service value chain is a flexible component of the SVS and ensures continuous service
improvement. The service value chain is comprised of six key activities such as engage,
obtain/build, plan, design & transition, deliver & support, and improve. These six activities of
the service value chain can be put together in various ways. So, the service value chain
enables the business to define various variants of value streams like service lifecycle from the
previous version. The service value chain activities transform inputs into outputs whereby the
inputs are demand from factors outside the value chain or other activities’ outputs. These
activities interconnect with each other ensuring every single activity receives and provides a
trigger for further action.
My experience of using the ITSM knowledge repository to learn about ITIL4
I accessed the ITSM knowledge repository to study about the ITIL v4. I understood
that ITIL v4 is a reference framework for certification, training on IT service management.
The model provides essential tools utilized by Information Technology Service Management
practitioners for many years. The ITIL v4 is the latest version containing the new practices
15
The concept of service value system (SVS) in ITIL4
Service Value System (SVS) is a key component of the ITIL v4 that facilitates co-
creation of value. SVS indicates how various operations and components of a business work
together to create value in an organization. The system possesses interfaces with other
businesses to create an ecosystem that is capable of creating value for such an organization,
its customers, and stakeholders. The Service Value System (SVS) has a central element,
service value chain which serves as an operating model. The model describes the main
operations and activities needed in an organization to respond to the changing value demands.
It also facilitates value realization by creating and managing products and services. The
service value chain is a flexible component of the SVS and ensures continuous service
improvement. The service value chain is comprised of six key activities such as engage,
obtain/build, plan, design & transition, deliver & support, and improve. These six activities of
the service value chain can be put together in various ways. So, the service value chain
enables the business to define various variants of value streams like service lifecycle from the
previous version. The service value chain activities transform inputs into outputs whereby the
inputs are demand from factors outside the value chain or other activities’ outputs. These
activities interconnect with each other ensuring every single activity receives and provides a
trigger for further action.
My experience of using the ITSM knowledge repository to learn about ITIL4
I accessed the ITSM knowledge repository to study about the ITIL v4. I understood
that ITIL v4 is a reference framework for certification, training on IT service management.
The model provides essential tools utilized by Information Technology Service Management
practitioners for many years. The ITIL v4 is the latest version containing the new practices
15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
and concepts in terms of digital transformation, value streams, customer experience, and
incorporation of new working ways such as DevOps, Agile, and Lean. I learned that the new
version of the ITIL does not incorporate life cycle stages such as operation, transition, and
strategy in ITIL v3. The model introduces an SVS (Service Value System) that contains
practices and activities. An SVS describes activities and other components of the business
working together to create value. The interfaces of the SVS interconnects with other
organizations’ interfaces to form an ecosystem to facilitate value stakeholders and customers.
I learned that the SVS has six value chain activities such as improve, plan, design &
transition, engage, deliver & support, and obtain/build. I was able to understand the main
elements of the ITIL that create value from stakeholders. These elements include
Governance, guiding principles, management practices, service value chain, and continual
improvement. I also learned the various concept and terminology changes between the ITIL
v3 and ITIL4. The knowledge repository also provided me with a new understanding
regarding the ITIL4 context diagram. The opportunity for improvement for the repository is a
detailed discussion of the key elements of the ITIL4. These concepts need to be discussed in
depth to provide the learner with more knowledge regarding the ITIL4.
16
incorporation of new working ways such as DevOps, Agile, and Lean. I learned that the new
version of the ITIL does not incorporate life cycle stages such as operation, transition, and
strategy in ITIL v3. The model introduces an SVS (Service Value System) that contains
practices and activities. An SVS describes activities and other components of the business
working together to create value. The interfaces of the SVS interconnects with other
organizations’ interfaces to form an ecosystem to facilitate value stakeholders and customers.
I learned that the SVS has six value chain activities such as improve, plan, design &
transition, engage, deliver & support, and obtain/build. I was able to understand the main
elements of the ITIL that create value from stakeholders. These elements include
Governance, guiding principles, management practices, service value chain, and continual
improvement. I also learned the various concept and terminology changes between the ITIL
v3 and ITIL4. The knowledge repository also provided me with a new understanding
regarding the ITIL4 context diagram. The opportunity for improvement for the repository is a
detailed discussion of the key elements of the ITIL4. These concepts need to be discussed in
depth to provide the learner with more knowledge regarding the ITIL4.
16
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.