I wrote an introduction to Enterprise Service Management (ESM) in my previous article. Now, I want to look at how the new ISO/IEC 20000-1:2018 standard (hereafter: ISO 20000) for service management can contribute to ESM.
As I wrote in my previous article, ESM aims to elevate service management, which traditionally used to be confined to IT, to the level of the enterprise (or service provider) as a whole. This means that common service management concepts can be applied to the enterprise as a whole and to individual (non-IT) departments, including, for example, Facilities, HR, Sales, etc. This is necessary, because the enterprise as a whole is responsible for delivering services, not just an IT department, so everyone in the organization should contribute to the success of the services.
ISO 20000 defines “requirements for an organisation to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in [the standard] include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value.” So you can see that there is no specific focus on IT in the organisation: the requirements are aimed at the organization as a whole, because the organisation as a whole should collaborate to provide services to the customers. The SMS can therefore encompass the whole enterprise, if desired.
When we look at the requirements of ISO 20000 in more detail, we see that many of them are generic requirements that are about the organization, such as determining the context of the organisation, requirements for the involvement of leadership, communication, risk management, performance evaluation and continual improvement. Other requirements are more specific about service management and the services. It is in the latter that you may interpret some of the requirements as being to do with IT only, but this is a matter of interpretation. Let’s look at a few examples.
- Asset Management and Configuration Management. Assets are defined as items that have value for the organization. So these can be anything physical or non-physical related to the services, ranging from people via documentation and information to actual IT equipment. The only thing ISO 20000 asks you is to make sure these assets are managed – they have value to you, so obviously you want to make sure to keep track of them. Configuration Management is concerned with configuration items (CIs), which are items that need to be controlled to deliver the services. Assets may be CIs, but not all assets will be CIs, nor will all CIs be assets. For financial services, a general ledger can be a CI; for transport services a truck can be CI. Extending the view to the enterprise, your company’s accounting system can be a CI, as well as the building you work in. Configuration Management is about recording the CIs you have and some basic information about them, such as a type, the relationship with other CIs and it status. This can again apply to all items you decide are CIs and that are relevant for providing services.
- Change Management and Release and Deployment Management. The focus of Change Management in ISO 20000 is anything your Change Management Policy determines. Change Management therefore not only needs to apply to technical changes, but can also apply to changes in documentation, organisational changes or changes to the company’s strategy. All requirements for Change Management are focused on making sure the customers and services they use are not negatively impacted by changes you perform. This can be at all sorts of levels, not only IT. A change to your accounting system may well affect the services in the way you invoice your customers. This change may therefore have to go through Change Management. The aim is to coordinate and control the implementation of changes that are related to the services or the service management system. Release and Deployment Management is really the more detailed sister of Change Management, focusing on the controlled implementation of changes into the live service environment, what ever that environment may be. Here again, there is no focus on IT, it may as well be an environment where transport services are delivered and teh change is a change of pick-up schedules.
- Incident Management, Service Request Management and Problem Management. These three processes are often associated with service desks and technical configuration items that break down. However, incidents (and their associated problems) can happen anywhere in the organisation and have an impact on the delivery of services. If the building you work from has a power outage, your customers will notice quite quickly. Some of the activities may have a more indirect impact on your customers (e.g. when you have only your HR department in that building), but will in the long term affect your employees, who in turn are much more directly facing the customer. Service requests may end up anywhere in the organisation as well, depending on their nature – these can be billing inquiries, address changes or actual technical requests, such as an access request.
- Demand Management and Capacity Management. Demand and Capacity are obviously closely related. ISO 20000 is quite explicit that capacity is about “human, technical, information and financial resources.” It is therefore easy to extend both Demand Management and Capacity Management to the whole enterprise and keep track of what you need to deliver services at various levels.
- Service Availability Management and Service Continuity Management. These two processes often seem to be the most technical ones, but remember that Service Continuity Management is simply a subset of Business Continuity Management (see ISO 22301 for more details). Business Continuity Management should ensure that your business/enterprise can continue functioning, including providing services, in case of a disruptive event. ISO 20000’s requirements for availability and continuity can therefore easily be extended to the enterprise as a whole.
We can conclude that the requirements of ISO 20000 can support Enterprise Service Management by extending them to the enterprise as a whole. If you consider the enterprise to be involved in providing services to your customers end-to-end, then the scope of the SMS would include all departments. Nothing in ISO 20000 is focus on IT only, so you can use the standard to support ESM with no changes.
About the Author
Dolf van der Haven is author of various books on Service Management, the most recent of which is A Guide to ISO/IEC 20000-1:2018 Service Management.