Different from ITIL, which only has individual certification series, ISO 20000 is the overall certification of the organization, which requires a comprehensive system that meets the standards, which also means that the preparation for certification will be complicated and detailed. As the saying goes, "everything is difficult at the beginning", at the beginning of certification, we must fully realize that good and sufficient preparation is the cornerstone of passing such an international standard certification. In fact, for most organizations, there is usually not much experience related to certification, so it is quite beneficial for the whole certification practice to lay a solid foundation in the certification preparation stage.
This book will introduce the preparation stage of certification from four aspects: the formulation of certification scheme, investigation and interview, the selection of consulting and auditing institutions and the internal process of institutions. In fact, although these four parts are essential for most organizations to pass IT certification, due to the different organizational structure and management foundation of each organization, the specific work to be completed in the early stage will be different, and the process of passing certification will be different. Therefore, organizations should carry out certification practice according to local conditions.
Develop a certification plan
The first step in the certification preparation stage is to complete the preparation of the certification feasibility plan. If the certification activity is understood as a project, then the preparation of the certification scheme is to investigate, analyze and compare the main contents, objectives and corresponding supporting conditions of the project (such as management foundation, management requirements, project scale, resource input, etc.). ), and predict the economic and social benefits that certification may bring, so as to form suggestions on whether the project is worth implementing and how to implement it, and provide an important basis for organizing top managers to make project decisions. In this sense, the formulation of certification scheme is also the most important work in the certification preparation stage.
1. Feasibility analysis
Feasibility analysis can usually include investment necessity, organizational feasibility, technical feasibility, financial feasibility, economic feasibility, social feasibility, risk factors and countermeasures. Because of the great differences in various projects due to industry characteristics, ISO 20000 certification usually needs to be considered and analyzed from two aspects: management basis and benefit.
The first is the basic analysis of management. It is necessary to comprehensively evaluate the management foundation of the organization itself, including the foundation of ITIL system implementation, the current organizational structure and the risks of the current management system in the certification process.
The construction of IT service management system is firstly a management problem, and secondly a technical problem. Both successful and failed experiences show that, first of all, we should solve the problems of management system and mechanism, establish the concept of taking customers as the center, cultivate service consciousness and quality consciousness, and establish an internal feasible and scientific service model; Secondly, the management process will be solidified and optimized by software tools, and the management efficiency will be assisted and improved by automation tools to realize the effective combination of technology and management. Therefore, in the feasibility analysis of certification, we should pay more attention to management feasibility, followed by technical feasibility.
For those organizations that have successfully implemented ITIL management methods, a more standardized and mature IT service quality management system is needed to ensure that the management meets international standards.
The second is benefit analysis. We can measure the benefits of certification projects from the perspective of resource allocation, and evaluate the benefits of certification projects in achieving organizational development goals, effectively allocating IT resources, improving operating environment, improving process efficiency, reducing staff workload, and enhancing profitability.
Although different organizations may get different benefits, ISO 20000 may bring the following benefits to organizations:
-There are more management methods in the provision of IT services, which can be continuously improved;
-Improve service delivery capacity and provide stable, high-quality, low-cost and reliable services for key business services;
-Universal service expression to promote dialogue between different organizations;
—Provide a platform for management and communication for the internal operation of the organization;
—adopt best practices to improve the internal service level of the organization and continuously maintain the service level;
—Reduce the time cost of service delivery;
—methods for effective management of suppliers;
-Improve the utilization rate of personnel, improve incentives and reduce brain drain;
—Valuable management data and better decision support;
……
2. Certification implementation plan
Certification implementation plan is one of the core parts of certification plan. When it comes to planning, it is usually understood as steps, tasks, people, cycles, milestones and so on. , edited and formulated by professional tools such as MS Project and Excel. The commonly used preparation methods of the project plan can basically cover the main contents of the certification plan, but we must pay attention to the differences between the certification implementation plan and the general work plan in several details:
1) As mentioned earlier in this book, the certification process is mainly divided into the preliminary preparation stage, gap analysis stage, process establishment, improvement and trial operation stage, certification and audit stage, etc. The allocation of time and personnel in each stage depends on the maturity of the organization itself, and the allocation of resources in several stages can be adjusted appropriately. If the foundation of IT service management is good, the time of preliminary preparation and process establishment can be greatly reduced.
2) Always bear in mind that all processes must meet the requirements of ISO 20000 before they can be certified, so resources should be properly directed to the management process with weak foundation and a certain distance from the standard requirements, and the process establishment and improvement stage should be started as soon as possible.
3) The certification plan needs to include audit institutions. As the whole audit process will include several batches, there will be time for further improvement between each batch, and each audit needs to be reserved in advance, so it is suggested to reserve some time for the audit institution in the whole implementation plan.
Figure 4- 1 is an example of an authentication scheme for readers' reference. In fact, the form of the plan is not important, but it is important to pay attention to the work of formulating the certification plan.
3. Resources and costs
Resources and costs are also one of the contents that need to be understood during the preparation of the certification scheme. Like the implementation plan, the amount of resources invested mainly depends on the maturity of the organization itself. The more mature organizations need to spend less resources on the construction and improvement of IT service management system.
Human resources: usually including the organization's own human resources, third-party consulting institutions, certification and audit institutions, etc. Among them, the organization's human input in training all employees is usually easily overlooked. This is very important in the process system trial operation and certification audit stage.
Tool resources: At present, any organization's IT service management system is related to tool software, and this dependence is gradually rising. When an organization implements ISO 20000 certification, it may need to adjust its existing tool platform or buy some new products.
In terms of cost, the certification implementation project usually includes the following five parts:
1) Certification consulting service fee (consulting partner, optional)
2) Certification service fee (audit institution)
3) Training expenses (optional)
4) Certification-related reference materials and publicity expenses (optional)
5) Cost of tools and software (optional)
The specific cost varies according to the size of the organization. For institutions wishing to pass this certification, it should be confirmed in the project plan whether the certification service fee includes the review, re-evaluation and certificate management fee for the next year.
In addition to the above management basic analysis, benefit analysis, certification implementation plan, resources and expenses. The certification feasibility plan can also include ISO 20000 certification introduction, risk factors and countermeasures, and organizations can enrich the content of the plan according to their own conditions.
preliminary survey
Another important work in the certification preparation stage is research. For the whole organization, in-depth research is helpful to sort out the current situation of IT service management in the organization, and at the same time, it plays a positive role in improving the certification awareness of all employees and enhancing the attention of members in the organization to certification. To some extent, the work in this stage overlaps with the gap analysis in the next stage and can be carried out at the same time. The difference is that the investigation before the official start of certification has undertaken some functions of feasibility study, and at the same time, it mainly focuses on understanding and sorting out the current situation, without too much comparison with the provisions of ISO 20000 standard, while the gap analysis is mainly based on ISO 20000 standard, using professional analysis methods and tools to compare and analyze, find out the gap between the current situation of the organization and the provisions of ISO 20000 standard, and then formulate improvement topics.
The following briefly introduces several research methods commonly used in the certification preparation stage.
1. Questionnaire survey
Questionnaire survey is one of the most commonly used methods, and its advantage is that the respondents can prepare and collect materials and sort out relevant information in a targeted manner, and at the same time, they have plenty of preparation time. On the basis of the questionnaire, you can arrange face-to-face interviews to understand the important parts of the questionnaire.
The questionnaire survey can be designed according to the characteristics of ISO 20000, which mainly includes two parts, namely management system and 13 management process. The research scope of management system includes certification objectives, organizational structure, employee job description, personnel knowledge structure, document system, training system, internal audit and improvement plan. The research object of management system is the top managers of the organization. They are usually the total quality managers of ISO 20000 system, or quality managers, who are responsible for the management of the whole system. There are many contents of management process, including definition, input, output, files, tools and the relationship between processes. The research object of management process is the management and technical personnel who are currently responsible for related processes or work in the organization, usually including process managers, process coordinators and process executors in ISO 20000 system.
2. Overview of personnel responsibilities
In addition to the management system and process, the division of responsibilities within the organization is also an important content that needs to be sorted out and mastered during the inspection process. It is suggested to adopt the list of personnel roles and responsibilities (role &; Responsibility matrix), by establishing the corresponding matrix of personnel and work content, summarize and sort out the division of responsibilities of all personnel in the organization.