An ISO/IEC 20000 assessment
An ISO/IEC 20000 assessment helps to evaluate and understand the existing ITO’s SMS and provides a measurement baseline of the existing ITO operation as well as determine why the current ITO is not meeting the requirements of ISO/IEC 20000 standards. Because Middle East Financial Institution had already executed four IT service management to different stages of maturity, the first activity that was implemented was to conduct an assessment of the existing processes and all the other sectors as it is required by ISO/IEC 20000. The assessment included thirteen interviews with important process stakeholders in senior management as well as operational staff. This was done to make sure that the existing processes comply with the requirements of ISO/IEC 20000 certification standards. The evidence available for the process operation was also assessed together with the observation of specific process tasks being undertaken.
The findings of the assessment were documented in an assessment report that specified maturity ratings for each of the processes and which acted as the basis for weighing future progress towards attaining ISO/IEC 20000 requirements. When Fox-IT was performing an assessment for Middle East Financial Institution, they engaged different practitioners from different processes to see whether their point of view was different from the one given by the manager. The report with the important findings for all the processes also included comments on the documentary evidence analyzed and expanded recommendations for handling the selected non-conformities identified against the ISO/IEC 20000 standard. The assessment report was also supported by the results from workshops that indicated the certification scoping statement for ISO/IEC 20000. Together with the stakeholder map that highlighted the services being offered, consumers of those services, and the external and internal teams that supported the management and delivery of those services. The role of interim assessment at this step is to effectively evaluate the existing processes and select the ones that are not meeting the requirement of ISO/IEC certification standards and the processes that need improvement. Through the assessment, one gets to know the details required and the plan to use to make sure that the existing processes are improved or replaced with new ones. It helps to measure an institution’s performance and identify any patterns that might be available.
Planning
This step was followed by the Middle East Financial Institution in collaboration with Fox-IT while it comes to ISO/IEC 20000 certification is planning. ISO/IEC 20000 is a global standard that comprises of several requirements that an institution can be formally audited against to indicate that the ITO is professionally implementing its service delivery. ISO/IEC 20000 is specific about the number of processes and an overarching management framework that should be effectively performed. This standard is very specific about what an ITO should do; it explains the number of compulsory requirements that will be assessed and what evidence should be achieved. This, therefore, portrays a clear image that Middle East Financial Institute is operating its service delivery to a specific standard and also helps similar institutions to be compared against each other. Although ISO/IEC 20000 has its own framework known as service management system (SMS) and of the processes have similar alignment similar to those found in ITIL such as problem, management, and capacity management, ISO/IEC 20000 standards, its standards consists of only a few of the compulsory requirements.
Some of the crucial drivers that influenced Middle East Financial Institution to seek ISO/IEC 20000 certification include being one step ahead of its competitors, acting as an added advantage for example if MFI is bidding for the same tender with another service provider that is not certified, Middle East Financial Institute have high chances of winning the contract as compared to the other uncertified institution. The other driver is that in some cases, it is mandatory that companies applying for contracts, especially government contracts, should be certified as part of the service being delivered or contract. Being the first certified institution in a country is also another key driver that led MEFI to apply for ISO/IEC 20000 certification. To obtain the detailed plan, it took 18-months to complete fifteen processes workshops, implementation, process documentation, and enhancement of both new and existing processes. MEFA engaged Fox-IT to drive them towards IT service management efficiency by improving existing and executing new processes as indicated by the requirements of ISO/IEC 20000. They were also to check the readiness of the institution towards certification audit process. Role of interim assessment in this step is to come up with an appropriate plan that will help improve performance of different processes