Basket £ 0.00 (0 items)
You are here: HomeArticle › Results of NCC Members Question: Creating a service management plan for ISO20000

Results of NCC Members Question: Creating a service management plan for ISO20000

Results of NCC Member's Question: Issued 28 August 2012

NCC Members can ask relevant questions of the wider NCC membership, moderated by NCC. We collate the responses, where appropriate anonymise them, then publish the results on the website for the benefit of the wider Membership. Can you help with this question from a learning and skills agency?

"Below is an extract from the ISO20000 standard which outlines what should be in the plan, but it is not what we tend to think of as a plan. Can anyone share details of how they approached the SMS plan within the ISO20000 framework, or better still can you share the actual plan that you produced?

4.5.2 Plan the SMS (Plan)

The service provider shall create, implement and maintain a service management plan. Planning shall take into consideration the service management policy, service requirements and requirements in this part of ISO/IEC 20000. The service management plan shall contain or include a reference to at least the following:

a) Service management objectives that are to be achieved by the service provider;
b) Service requirements;
c) Known limitations which can impact the SMS;
d) Policies, standards, statutory and regulatory requirements and contractual obligations;
e) Framework of authorities, responsibilities and process roles;
f) Authorities and responsibilities for plans, service management processes and services;
g) Human, technical, information and financial resources necessary to achieve the service management objectives;
h) Approach to be taken for working with other parties involved in the design and transition of new or changed services process;
i) Approach to be taken for the interfaces between service management processes and their integration with the other components of the SMS;
j) Approach to be taken for the management of risks and the criteria for accepting risks;
k) Technology used to support the SMS;
l) How the effectiveness of the SMS and the services will be measured, audited, reported and improved.

Plans created for specific processes shall be aligned with the service management plan. The service management plan and plans created for specific processes shall be reviewed at planned intervals and, if applicable, updated."

Number of responses: 1

Please note that these are responses from NCC Member organisations. NCC is not responsible for views expressed and does not recommend any particular supplier. NCC can provide respondent contact details should you wish to discuss further.


From a public body:

The difficulty here is that there is quite a lot of common ground between the service management system and the service management plan; although the standard does helpfully provide qualification by saying that some points may only need to be referenced. The challenge, therefore, is to decide what belongs where and to try not to duplicate information in both documents. 

In general terms, one would ideally like the management system to describe what you want to do and for the plan to describe how you are going to do it; the former being longer term and at a higher strategic level than the plan. 

The main components of our service management system are:

  • The requirement for ICT services.
  • The approach to the delivery of ICT services.
  • Management structure and responsibilities.
  • Plans, policies and processes.
  • Communication and business relationship.

Our plan, by contrast, centres on the more immediate service management objectives and short-term activities which are set each year. We do, however, try to mention each ISO20000 requirement in the plan but refer to the management system if the information is already described there. The important headings of our plan are: 

  • Service management aim.
  • Service management objectives.
  • Service management processes (responsibilities).
  • Interfaces.
  • Identifying and managing risks.
  • Constraints (limitations).
  • Monitoring, reporting, auditing and improving the quality of service.
  • Authorisation and communication of the plan.

For what it is worth, here is our take on each ISO20000 requirement of the plan:

a) Service management objectives that are to be achieved by the service provider.

The most important part of the plan is to define the service management objectives or ‘what we are going to do’. Everything else is essentially about ‘why’, ‘when’, ‘who’ and ‘how’. 

b) Service requirements. 

Our service requirements are described elsewhere but our objectives should be short-term finite tasks that are set up to deliver ‘services’ or meet ‘service requirements' better, faster, safer, etc. So this is about demonstrating what service requirement each objective helps to meet or ‘why we are doing it’. 

c) Known limitations which can impact the SMS. 

Common limitations will revolve around time, money, geography and resources, such as staff and the state of the existing infrastructure. I think we should only list these in the service management plan where they are significant on a broad scale and not to the extent that one might do so in a more detailed project plan. 

d) Policies, standards, statutory and regulatory requirements and contractual obligations. 

These are obviously important but we mention these generally within our service management system and cover them in more detail within the individual processes. We don’t repeat them in the plan. 

f) Authorities and responsibilities for plans, service management processes and services. 

Yes – this is important. We assign responsibility and accountability for each objective as well as our policies and processes. We believe this is vital to their successful implementation. 

g) Human, technical, information and financial resources necessary to achieve the service management objectives.

The degree to which we define the resources necessary to achieve an objective is related to the size of the task, ranging from nothing for those ‘just do it’ tasks, to quite a lot of detail for major projects that require this information for the business case and to produce a detailed project plan. In either case, though, we do not include this within the service management plan as we feel it is too low a level of detail. 

h) Approach to be taken for working with other parties involved in the design and transition of new or changed services process. 

This is covered in our plan at a fairly high level but specific detail will sit within individual project documentation. 

i) Approach to be taken for the interfaces between service management processes and their integration with the other components of the SMS. 

This is covered within our plan but, again, at a high level. The detail is within each of our individual process documents. 

j) Approach to be taken for the management of risks and the criteria for accepting risks. 

Funnily enough, we describe this in our management system and our plan. Arguably, it should really just be in one place and I think that should be the management system. Formal projects will have their own risk log and risk treatment plan. 

k) Technology used to support the SMS. 

Well, it beats me why this is here! Our only reliance on technology to support our SMS and plan is to store and access a few Word documents! At a process level the story is very different, though, especially for areas like incident management, configuration management, change management, service continuity, etc.

l) How the effectiveness of the SMS and the services will be measured, audited, reported and improved.

We cover this in both the plan and the management system. 

I think at the end of the day it doesn’t matter too much where the requirements of the standard are described, so long as there is some logic to it and it works well for your organisation. Indeed, we come across this situation when dealing with any of the service management processes. They are not discrete activities. They rely on the other processes to work properly. So we need to take care when putting things into boxes and focus on delivering ICT services effectively and efficiently instead. This is what really matters at the end of the day.

Members Questions

 

Contact

For more information about The National Computing Centre and our services, please contact us at the details below:

Email: info@ncc.co.uk
Telephone: +44 (0)870 908 8767
Fax: +44 (0)870 134 0931

Click here for more contact information


TwitterFollow us on Twitter
Linked InJoin our LinkedIn Group
FBLike us on Facebook

 

Management Guidelines

NCC Guidelines Vol 5 No 1

more in Management Guidelines

 

Professional Development

Cloud Computing

more in Professional Development

 

Analyst Digest

September 2016 Bulletin published

more in Analyst Digest