Information Security

IT Service Management

 

The IT service management system in accordance with ISO/IEC 20000-1 standard enables the establishment of appropriate information support and information solution procedures provided by an organization’s internal personnel or external providers. By establishing the IT service management system, the organization gets a complete overview and control over the functioning and provision of IT services and thus also the opportunity to improve all the activities or processes provided by IT support and IT solution providers.

The most important aspect of the IT service management system is to define requirements for the appropriate level of services  the organization expects from IT support and solution providers (SLA – Service Level Agreement or OLA – Operational Level Agreement), appropriate documentation of a service assurance policy, provision of support in accordance with the SLA or OLA requirements, supervision of services, and continuous improvement of the system and measurement of IT services.

The ISO/IEC 20000-1 offers a set of mechanisms which over many years of their application by many organizations worldwide have turned out to be examples of good practice.  It is written in the form of requirements which an organization needs to fulfil if it wants to get a certificate. These requirements are described in six chapters talking about the establishment of the system, introduction of new or changed services and four groups of processes that are intended to ensure compliance of IT services: provision of services, relations with partners, recovery processes, and control processes. These requirements need to be fulfilled in their entirety, without exceptions.

The IT service management system standard is comprehensive. That means that the standard does not address only a certain aspect but the entire flow of IT service provision – from development of new services and control of changes, to supervision of IT service performance, reduction of incidents and control of adequate relations with the applicants of IT services. The IT service management system thus combines technical measures and measures that are purely of organizational nature.

Why acquire a certificate?

Business advantages:

  • contract arrangement on ensuring the level of service (SLA or OLA),
  • improvement of business partnerships (establishment of standardized procedures in IT service provision),
  • investment in correct (acute) areas,
  • competitive advantage in setting up business partnerships,
  • control of the entire IT supply chain.

Certification procedure

The procedure consists of a documentation audit and a certification audit, conducted in two parts. The first part is focused on the establishment and documentation of the IT service management system. The certification audit includes a review of:

  • procedures of IT service provision,
  • operation of supporting procedures,
  • internal audit,
  • management review etc.

The second part of the certification audit focuses on the implementation and effectiveness of the IT service management system, compliance with the ISO 20000-1 standard requirements, legislative requirements and the requirements of interested parties.

After granting the certificate, we conduct annual surveillance audits of individual parts of the system to check whether your organization still meets the prescribed requirements. The certificate is valid for three years.

Services in field of IT service management:

  • audit and certification,
  • pre-audit,
  • assessment of the state,
  • assessment of the state at IT service providers.