Radian Compliance Management Services

Q. What is ISO 20000?

A. ISO 20000 is the international standard for IT Service Management.

The standard actually comprises two parts: ISO/IEC 20000-1 and ISO/IEC 20000-2. ISO 20000-1 is the ‘Specification for Service Management’, and it is this which is certifiable against. ISO 20000-2 is the ‘Code of practice for Service Management’, and descibes best practices, and the requirements of Part 1.

It all started with BS15000….

ISO 20000 is in fact based upon an original pair of documents, BS15000-1/2, which were published by BSI in 2002 and 2003 respectively. An earlier version of BS15000-1 was first published in 2000. Even this, however, was not the earliest iteration. As far back as the 1980’s a BSI group called the ‘Service Management Group’ was at work defining ITSM processes.

An example fo this work is provided by the following diagram, which illustrates the state of play in 1998:

The Standard Evolves …

By the time the new release of BS15000 was published in 2002, the framework had been harmonized with other international standards, to embrace the familiar PDCA (Plan-Do-Check-Act). This approach is illustrated below:

The scene was thus set for ISO 20000, which was published at the end of 2005.

As described earlier, ISO 20000 is the international standard for IT Service management.

However, ISO 20000 itself is part of a much bigger picture, in that it aligns with ITIL, the IT Infrasture Library. This relationship is often illustrated via a diagram such as the one below:

 Clearly, however, there is also a relationship with other management protocols and frameworks. This will be explored as additional content is added to our blog.

Implementation of ISO 20000 brings with it many benfits and advantages. These will fo course differ from organization to organization. However, the following list is a pretty good representation of the common results:

1. Alignment of information technology services and business strategy.

2. Creation of a formal framework for current service improvement projects

3. Provides a benchmark type comparison with best practices

4, Creates competitive advantage via the promotion of consistent and cost-effective services.

5. By requiring ownership and responsibility at all levels, it creates a progressive ethos and culture.

6. Supports ‘interchanging’ of service providers and staff by virtue of the creation of inter-enterprize operational processes.

7. Reduction of risk and thus cost in terms of external service receipt

8. Through the creation of a standard consistent approach, aids major organizational changes.

9. Enhanced reputation and perception

10. Fundamental shift to pro-active rather than re-active processes

11. Improved relationship between different departments via better defninition and more clarity in terms of responsibility and goals.

12. Creation of a stable framework for both resource training and service management automation.

Posted in ISO 20000, IT Service Management | No Comments »

Finding Value in Sarbanes-Oxley

BLOGGER: Lora Bentley  E-mail Lora - Lora is an attorney and journalist who covers regulatory and legislative issues for IT Business Edge’s Managing Compliance Standards weekly report.

Not everyone thinks the Sarbanes-Oxley Act of 2002 is the worst thing to happen to corporate America. Just ask the shareholders of New York-based retailer Syms. At the end of 2007, company leaders applied to delist its shares from the New York Stock Exchange. They did so in order to save some $750,000 in costs associated with Securities and Exchange Commission reporting and Sarbanes-Oxley compliance. Well, shareholders didn’t think it was a good thing at all, and they immediately began to protest — vigorously, media reports say. If the company went private, they would no longer have assurance that the company was protecting their interests; nor would they have regular and easy access to financial information from which to make informed decisions about their investments. So, in February, the company caved to the pressure, re-registered with the SEC and listed its shares on the Nasdaq.  READ MORE

Posted in Sarbanes Oxley | No Comments »

Rules and Regulations…The Source

Note: A Special Thank you DRJ’s Editorial Advisory Board for their incredible efforts to identify and compile this information.

If you’re like I am, I have kept my own list of rules and regulations pertaining to Business Continuity for years.  I trade my list with fellow BC professionals for a copy of their prized list.  We trade links for good sites where additional regulations may be found.  This is a somewhat tedious activity, and certainly not a good way to share with the world of BC planning.  Luckily, a fellow member of the DRJ EAB had the idea to start a committee to compile a list of regulations that could be shared through the DRJ to the entire BC world.

We formed a team, shared our lists and on-line resources.  Each team member scoured the internet and their own list of BC contacts to glean additional rules and regulations to include in our data base.  After a few iterations we realized that our list will never truly be complete, and as long as there are lawmakers and bureaucrats, new laws will be added.  We double-checked the list we had compiled, confirmed the links, categorized them as best we could, and we are now ready to release our data base to the BC world.  Knowing full-well that our starting list will grow with your help. 

>>>>>>>> Click Here to Read the Entire Article <<<<<<<<<<<

Posted in Business Continuity Management | No Comments »