| Author | Post |
|---|
Daniela
Approved Member
| Joined: | Mon Jun 29th, 2009 |
| Location: | Skopje, Macedonia |
| Posts: | 4 |
| itSMF Chapter: | Macedonia |
| Status: |
Offline
|
|
Posted: Thu Mar 3rd, 2011 07:28 |
|
Hi,
I need an answer for the following hypothetical situation. A company is offering IT service to external customers (outside of the company) but the company is not responsible for taking care of the service infrastructure. That is done by other company. The first company acts just like first level of support regarding the service delivery.
Can this company be ISO 20000 certified?
Tnx.
|
Robert Falkowitz
Registered GP21
| Joined: | Sat Nov 24th, 2007 |
| Location: | Switzerland |
| Posts: | 245 |
| itSMF Chapter: | |
| Status: |
Offline
|
|
Posted: Thu Mar 3rd, 2011 07:40 |
|
Daniela,
The situation you describe exists, to a greater or lesser degree, for every IT service provider. We need to be able to certify a service provider that does not do 100% of everything that can be done in IT to provide services.
So the answer should be yes. It is important, however, to describe the scope of the activity being certified.
You also need to be clear about which certification scheme is to be applied? Is it the itSMF UK scheme, a Macedonian scheme or yet another scheme?
-Robert
|
chrnis
Registered GP2
| Joined: | Tue Dec 11th, 2007 |
| Location: | Copenhagen, Denmark |
| Posts: | 34 |
| itSMF Chapter: | Denmark |
| Status: |
Offline
|
|
Posted: Thu Mar 3rd, 2011 07:43 |
|
Hi Daniela,
if the company has a full service management system with all the processes and practices described in ISO/IEC 20000-1, it can be certified.
The important point here is to get the scoping statement right. Advise can be found in ISO/IEC20000-3.
Best regards,
Christian
|
chrnis
Registered GP2
| Joined: | Tue Dec 11th, 2007 |
| Location: | Copenhagen, Denmark |
| Posts: | 34 |
| itSMF Chapter: | Denmark |
| Status: |
Offline
|
|
Posted: Thu Mar 3rd, 2011 07:45 |
|
Sorry,
I didn't see, that Robert had already answered. But I am happy to see, that we are constistent in our answers 
|
Daniela
Approved Member
| Joined: | Mon Jun 29th, 2009 |
| Location: | Skopje, Macedonia |
| Posts: | 4 |
| itSMF Chapter: | Macedonia |
| Status: |
Offline
|
|
Posted: Thu Mar 3rd, 2011 07:59 |
|
Hi Robert, Christian,
Thank you for your answer.
My problem is exactly that. How can this company show evidence for all processes and practices?
How can this company guaranty availability of the service when is not responsible for ex. server uptime maintenance, system offering the service, internet connection etc.?
Is it the case that the company can guaranty only the availability of the first level support?!
It is a bit confusing for me even though I have read the ISO/IEC20000-3.
|
Robert Falkowitz
Registered GP21
| Joined: | Sat Nov 24th, 2007 |
| Location: | Switzerland |
| Posts: | 245 |
| itSMF Chapter: | |
| Status: |
Offline
|
|
Posted: Thu Mar 3rd, 2011 09:09 |
|
Daniela,
Almost all service providers today outsource their wide area network infrastructure and its management - one of the most basic components enabling the provision of IT services. So how is it that they can operate according to ISO 20K, given that so important a function is not being managed by them?
I think the answer is that they manage it via the supplier and the service level management processes (amongst others).
If I understand correctly, the (hypothetical) company is selling a service to customers, but the computers, networks and applications used to deliver that service are all being managed by a third party. The hypothetical company is still accountable to its customers for the service, not matter how it has chosen to source any of the components of delivering that service.
Let's take some concrete examples. A configuration management process would probably not keep under control the infrastructure in such a company (except for the parts that are directly used for the support function). What would a change management process do? It would not control, for example, the changes to the servers. But it would control the changes to the underpinning contracts with the company that is responsible for managing those servers. And so on.
The point is that the hypothetical company is still accountable for making sure that all the bits and pieces used to deliver services fit together and are being managed by someone, even if it doesn't do the management itself. If an ISO 20K auditor comes along and asks to see how the server infrastructure is managed, the answer will be that there is no server infrastructure in house, but you can produce the underpinning contracts, the minutes of the periodic meetings with the suppliers, the records of complaints and how the suppliers have resolved them, etc. If, on the other hand, the company produces a credit card receipt for payment to a service in the cloud, where there is no documented strategy, no service level requirements, no evaluations of the potential suppliers and no one responsible for managing the chosen supplier, the auditor is likely to deny certification.
I hope this clarifies the situation.
-Robert
|
Daniela
Approved Member
| Joined: | Mon Jun 29th, 2009 |
| Location: | Skopje, Macedonia |
| Posts: | 4 |
| itSMF Chapter: | Macedonia |
| Status: |
Offline
|
|
Posted: Thu Mar 3rd, 2011 09:20 |
|
Yes, it is clear now.
Thank you a lot. Your advice was very usefull for me.
By the way I still rememer your training in Macedonia I really hope we will have a chance to talk again.
|
Current time is 07:31 | |
|