ISO/IEC 20000 requirements
Each of the above processes went through implementation where individuals were trained, and the processes were put into practice. This allowed processes to be evaluated and improved further, as it was the requirement before they were officially implemented. This step included the development of documents such as service level agreements, service catalogue, service reporting catalogue, supplier catalogue, and other plans and policies as per ISO/IEC 20000 requirements. The detailed recommendations outlined within the assessment report are utilized in this section to specifically aim at the processes that need enhancement as well as being aware of any other certifications achieved by Middle East Financial Institution.
For existing processes, Fox-IT had an easy time while handling the non-conformities that were identified during the assessment report. The assessment report already had recommendations that were linked to solving the deficiencies. As a result, their job was just to implement actions. New processes in Fox IT’s experience is normally the case that one or more of the required operations does not exist among the customer ITO. As a result, this takes longer to solve as compared to those non-conformities for processes in operation. In each new process, they began by designing and coming to ana agreement on the structure that promotes the requirements of MEFI as well as fulfilling the standard’s requirements. Interim assessment in this step should be used to evaluate the implementation process regularly and ensure that all the new processes are effectively implemented. In case there are any linked toolset requirements need to be defined and implemented while considering how the evidentiary needs of the ISO/IEC 20000 standard need to be fulfilled. The other step is implementing the process. One should come up with the implementation plan to be implemented, and the process should be effectively and carefully evaluated before it is implemented. The implementation strategy can be a phased approach to a big bang approach. Fox-IT normally recommends performing limited piloting before, to make sure that the process is the right one for achieving a specific purpose and make sure that all the other documents for example procedures and work instructions are ready for formal implementation or publication
Section 2
Middle East Financial Institution identified that attaining ISO/IEC 20000 certification would improve and strengthen its position in the Middle East and help to compete globally with other similar international financial institutions. To attain its business objectives, the institution had planned to implement practices and processes that met ISO/IEC 20000 requirements as well as to attain certification. Middle East Financial Institution achieved its ISO/IEC 20000 certification in February 2011, and it was the first institution of its kind to be certified within the Middle East and African region. Through the certification, they were perceived as an institution that is committed to delivering value and competitive services to their clients.
There were several benefits that came with the certification of the institution. Some of the benefits include; implementation of new processes that did not exist there before, such as capacity management and service level management, enhanced interaction with the business such as the introduction of regular meetings to discuss service review, frequent collection of service level requirements, improved reporting strategies and targeted marketing. Another benefit is the development of service level agreements that made sure that both the IT and the business came into an understanding of each other’s delivery capabilities and requirements. Through the certification, all processes were frequently documented, and the details made available to everyone through the utilization of FoxPRISM on the institution’s intranet. Integration and interfaces between all the processes were improved, including those information technologies processes owned by the organization unit. Individuals came to understand their roles and responsibilities more clearly through enhanced process-oriented culture. As compared to a certified institution, the individuals in the Middle East Financial Institution came to understand better the cost of delivering individual information technology services. There were also several crucial performance indicators for every process that helped them to frequently measure, evaluate, and control the processes. The last benefit is the process maturity rating of more than an 18-month period that Middle East Financial Institution could continue reviewing and adding new processes to measure and track improvements.
In terms of the entire business, MEFI wanted to show that it was an integrated financial institution that focused on the development of the various capital market, within its country but with the capacity of competing with other organizations similar to MEFI globally. They managed to show this despite the many organizations entering the financial market both in the Middle East as well as internationally. The institution also had a desire to improve the loyalty of its existing customers in the organization as a service provider as well as to enhance the quality of services being offered to its customers. This could be supported further by offering a sector that enabled product and services diversification and also having the capability of responding rapidly when it comes to business needs. Through getting ISO/IEC 20000, Middle East Financial Institution recognized that enhancing its information technology services will enable them to help the business to achieve its objectives and vision.
The value proposition for a process in ISO/IEC 20000 certification provides Middle East Financial Institution with various categories, which include service portfolio, relationship, and agreement, supply and demand, service design, build, and transition, service assurance, performance evaluation, and improvement. With continual improvements, when a new process is executed or when an existing process is improved, it requires to be monitored and evaluated in case of any further enhancements that may be important. This makes sure that the right important performance indicators and measurement have been created to support these processes. Record keeping of all the improvements is important as it will be used by an auditor to assess and determine whether the ITO is continuously showing efforts to improve the performance and maturity of their service management system. The registered certification body (RCB) looks for more than three months evidence of processes meeting the ISO/IEC 20000 requirements, especially for those processes that have been newly executed.
There are several policies and plans that the standard expects to be in place. Two of the most important documents that are implemented to the general service management system (SMS) include a service management plan and service management policy. The two are important for successful certification; therefore it is recommendable to seek professional advice of a skilled consultancy firm who can use their diverse information, proven template, and experience to help develop the important detailed documentation. To make sure that the plan and policy are effective, the professional input saves the ITO effort and time and lead to speedy delivery timescales.