ISO 20000 is the first international standard for IT service management. Management of IT services with integrated management processes to effectively deliver services to customers. ISO 20000: 1-2005 is based on the ITIL (Information Technology Infrastructure Library) framework. ISO 20000 Certification provides the organization with appropriate controls and processes to deliver cost-effective, high-quality IT services.
ISO / IEC 20000, often referred to simply as ISO20000, is the international standard for IT service management that allows IT organizations (whether internal, external or external) to confirm that their IT service management procedures are in line with the company’s requirements and with international best practices.
Many processes, tasks, and activities represent your ISO 20000-based Service Management System (SMS). If not properly documented, you may sooner or later experience confusion. Let’s see how you can avoid such a situation. As with other standards, ISO 20000 has direct requirements for SMS roles and their responsibilities:
Management and Management Representatives – As with other management systems, the standard defines direct requirements for management roles. In addition, another representative of management is required in ISO 20000. In addition, the management must name this person, who is also responsible for naming process managers (with their responsibilities) for all SMS processes.
Roles and Responsibilities – This means that you need to define how roles, powers, and responsibilities are implemented. According to ISO 20000, you must implement all processes and define the roles that belong to these processes. One approach would be to define processes, to describe activities for specific processes and roles that belong to them. This, of course, will go hand in hand with their responsibilities and powers.
Assign roles to the scope of the process – When configuring the SMS, the standard has direct requirements to enforce defined roles and their responsibilities for all the processes you implement. As you can see, the standard ensures that the definition and assignment of roles does not remain unlimited. Take this opportunity to use SMS and your organization.
How to do that?
There is no general answer to this question because every organization is different. What is perfect for one company may not be acceptable to another company. So, if “copy/paste” does not work, how do you go about defining the roles and their responsibilities for SMS?
From experience, you should consider the following when building your ITSM organization based on ISO 20000 :
Know your organization – what services you support, what people you have, what skills/experience they have, and how their skills best meet your needs.
Avoid conflicts of interest – Avoid situations in which the same person opens and authorizes a change, or even approves the implementation and completion.
Combine multiple roles in one person – this is essential for small organizations. This is not unusual, but be careful because some roles in one person are well combined while others may be counterproductive (the article on which ITIL roles can be combined in one person) will give you more details)
Sponsorship – The IT manager (or the senior management representative) must have a parent sponsor. The same applies to different roles in SMS services. There are many situations where a sponsor needs to be behind their own employees to achieve service level goals, customer satisfaction, and IT efficiency.
Now you know who will do what, but the question is, “How do we document that? See the ITIL / ISO 20000 RACI Matrix – Clarify Responsibilities to learn more about the RACI Matrix. This could be the right approach for very small organizations. However, when we talk about small to medium-sized organizations, and especially large organizations, such an approach will probably not be enough. If you really insist, it becomes too complex for practical use.
Because the standard requires all processes to be documented, this is an excellent opportunity to include role descriptions, including responsibilities and appropriate authority. In describing the process, you describe the activities that are part of the process. When describing these activities, you must include those responsible for particular activities. After describing the activities of the process, you can list all the relevant roles for this process and define their responsibilities. This will completely define your process, all in one place.
Let it work for you
When conducting consultancy projects, I noticed big differences between the beginning and the end of the project. Initially, some roles in an SMS were not defined (or at least not clearly defined). This affects other processes such as the activities of others’ roles. After we “cleaned up” the situation by defining and documenting the processes and their responsibilities, the daily work began to move in the right direction.
The right direction means that the IT services provided under the Service Level Agreement will result in a satisfied customer. After my client understood this, the definition and documentation of roles and responsibilities were no longer perceived as a bureaucratic task. On the contrary, they were now considered profit-maker.