At BSI, we have the experience, the experts and the support services to help make sure you get the most from ISO/IEC This guide shows you how. PDF | This paper is the first exploratory and quantitative study on a global scale ISO/IEC TR Exemplar implementation plan for. PDF | On Sep 6, , Santi Cots and others published Exploring the Service ISO/IEC Exemplar implementation plan for ISO/IEC
|Language:||English, Spanish, German|
|Genre:||Business & Career|
|ePub File Size:||22.37 MB|
|PDF File Size:||11.16 MB|
|Distribution:||Free* [*Regsitration Required]|
ISO/IEC TR (E). PDF disclaimer. This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this. ISO/IEC TR is an exemplar implementation plan providing guidance on how to implement a service management system (SMS) to fulfil the. ISO/IEC. TR. Second edition. Reference number. ISO/IEC TR (E). This is a preview - click here to buy the full publication.
Implementing ISO with a consultant vs. Making it widely applicable. Marimon, F. Proceedings of the 17th …. Diagram that shows the ISO implementation process, from the initiation of the project all the way to the certification.
It is for this reason that standardization is implemented in many areas, among which it is logi- cal to find that of management, giving rise to what is known as Management Standards MS. On an international scale, the main standardization body is the International Organization for Standardization, known by its initials ISO.
Founded in , it currently has a portfolio of over 19, standards, and comprises countries ISO, This does not, however, prevent these standards from being known, and referred to in publications, simply as ISO standards, as used in the present article.
Irrespective of their aims, management standards promoted by ISO share many common char- acteristics, whether in their form or in the principles that inspire them.
Auditability, therefore, gives these stan- dards a value in itself, since it allows organizations to verify the implementation and use of MS.
Those compa- nies specialized in auditing and certification are, therefore, generally predisposed to guarantee and demonstrate the quality and rigour of said certifications. Certified companies are normally disposed to, and interested in, making it known that they have been certified.
Of the many standards that exist in the management field, only a few define an MS. By way of example, and in order to present a general view, Table 1 shows some of these and includes the year they were last revised. With 1,, certificates issued world- wide in ISO, , it is the oldest and most widely-diffused standard and that which has been analyzed most in publications.
It is also important to mention its influence in the de- velopment of ISO Its relevance to this study derives from the fact that it has also been widely written about, and that the current number of certifications stands at , Many of the studies analyzed that do not limit themselves to ISO are based on ISO , whether dealing with the comparison between, or integrated use of, both standards.
Noteworthy in the specific IT field is the existence and diffusion of ISO , with a global total of 17, certificates in As in the case of ISO , it is a standard management system originally developed for the IT field Gillies, , but it can also be used in wider fields, even though it is not oriented towards services, but rather towards information security.
Having considered the three standards relevant to the purposes of this study, it should also be remembered that, when dealing with ISO - the most widely-recognised certification scheme and the only one of worldwide reach and recognition — it is the standard that was, in its day, promoted by itSMF IT Service Management Forum , and has been managed by APMG the official accrediting agency of the Office of Government Commerce, a branch of the UK government since the start of This complicates knowledge of its true degree of imple- mentation, even though it does have a great impact, as proved by the number of official personal certifications.
According to the official level scheme also run by the accrediting agency APMG, the number of ITIL-certified professionals in the world currently stands at over 1,, at foundations level and over 16, at expert level Tucker, Its widespread diffusion, great impact and greater age mean that it has been the subject of numerous studies Cater-Steel, , ; McNaughton et al.
Version 2 of ITIL was then in force. It is gener- ally accepted that, when creating the standard, the authors, some of whom were the same, were inspired by the knowledge collected, and model proposed, by ITIL. The two are so close in nature that some authors refer to one or the other indistinctively.
In any case, since ITIL was later heavily revised and its books restructured and rewritten, with version 3 published in and revised in , the ITIL model has evolved. This has led to a substantial increase in the number of processes, and it has been restructured around the concept of the service life-cycle. It is the only part with enforceable requirements for certification, the remainder being complementary advice or recommendations.
References to part 1 are often confused, or used indistinctively, with the standard as a whole. The prologue briefly describes who the standardizing organ- isms are and how they are organized; it also highlights the new additions and changes in this second version. The central subject of the introduction is a reminder that the aim of a management system is to define the design, transition, provision and improvement of services that comply with the requirements and provide value, whether to clients or to the service provider itself.
As with the other ISO standardized management systems, this standard is characterized by the definition of a set of processes that are specifically oriented towards the compliance of the spe- cific standard - in this case service management -, some general requirements and a system of continuous improvement based on the Plan-Do-Check-Act, or Deming, cycle Deming, The first section of the standard defines its scope; that is, who should use the standard and for what.
It is relevant here to note that, from this section on, the current version has omit- ted the specific references to IT contained in the previous version. An example of this is its application to Higher Education services Lezcano et al.
The third section, regarding terms and definitions, has lengthened considerably with respect to the previous version. It is of great importance given that it helps clarify how some terms should be interpreted within the context of the standard.
While the terminology used generally coin- cides with ITIL concepts, there may be slight nuances in the definitions, although probably of little relevance. The service-management system SMS is defined in points 4 to 9, being those that contain requirements in accordance with the structure shown in Figure 1. These are not sole require- ments, so listing them is not simple.
Many have a number of implications that should also be interpreted depending on the characteristics of the organization implementing the standard or other variables. The first, de- scribed in point 4, defines the service management system SMS including: The intermediate level, defined in point 5, describes requirements regarding the design, transi- tion to start operations and retirement of services, whether new or modified, for their correct integration into the management system SMS.
These two levels create the framework within which processes are integrated, as showed by Figure 1. ISO processes Thus, on a third level, points 6 to 9 define the group of 13 processes that together structure the activity necessary for service management, as shown in Figure 2.
Although the standard is structured by sections for each of these processes, it does not require the implemented system to use precisely these 13 processes there may be more, fewer or different ones , the system only requires implementation of those processes necessary for all requirements included in the model to be covered. The processes of the model are, then, gathered into four groups: The aim of provision processes is to guarantee that services are delivered in accordance with previously agreed levels of service, with the costs defined and with the due characteristics of continuity, availability, capacity and safety.
To achieve this, the corresponding processes are defined: Service level management 6. Other parties are considered to be clients, users and other interested parties in the services and suppliers, giving rise to a need to define the processes of: Business relationship management 7. Resolution processes are divided into Incident and service request management 8. The first focuses on prioritizing, and attending to, users who have dif- ficulties with the services or those who have to channel their requests, as well as incidents that can affect the delivered service.
Problem management is dedicated to investigation and a defini- tive resolution where possible of the root causes that can or do give rise to incidents. Finally, control processes are designed to keep both infrastructure and services in order. A Con- figuration management process 9. A Change management process 9. Fi- nally, the Release and deployment management process 9.
Aims and methodology The main aim of the present study is to determine the current impact of ISO , and forecast its impact over coming years. It should be pointed out that only one previous study has been found on ISO Disterer, , of a much narrower scope and using methodology paral- lel to that of previous studies.
Although with a very preliminary focus, said study shows the interest ISO may generate in the near future. Based on the registrations of certifications issued by APMG, it carries out a basic analysis of geographical distribution by continent. Its main contribution is the study of incentives and benefits provided by ISO , based on a survey of companies registered in German-speaking countries Germany, Austria, Switzerland and Liechtenstein. Once it has achieved its established aim, this article will provide answers to two relevant ques- tions.
Firstly, whether ISO diffusion follows similar patterns to those of the other MS; in other words, the degree to which the diffusion of said standards depends on their area of imple- mentation. And secondly, our analysis will allow us to put the standard in context, serving as a useful indicator of implementation trends for other IT standards or frameworks, the uncertified nature of which make a quantitative analysis of their implementation and use problematic.
That said, some quantitative studies have also been detected; these generally use number of certifications for a specific MS, and focus on the study of their historical diffusion or geographical distribution, and even on the correlation between the num- ber of certificates and other indicators.
Knowledge of the geographical distribution of certifications and their evolution over time is vital to the present study with regards to the diffusion analysis. It is therefore possible to carry out an initial comparative geographical study using the ISO Intensity Indicator suggested in Marimon et al.
Regarding the study of diffusion over time, we propose the use of the logistic equation to model the worldwide evolution of ISO certifications, as posited Franceschini et al. According to this model, the number of certifications existing at any given moment can be obtained by applying the logistic function defined by the following formula: In this expression, N is the number of certificates at a given moment time function. No is the initial value for the number of certifications.
K is the expected maximum, or certification satu- ration point and ro the curve gradient. It is thus possible to interpolate historical certification data, fitting a logistic curve and projecting the number of future certifications. This permits the calculation of the expected value of N for any given time, whether past or future. This methodology has been widely used and contrasted in diffusion analysis carried out for other management standards, such as the case of ISO in Marimon et al.
There are therefore studies that vouch for the reliability of this method of forecasting the future evolu- tion of a management system standard. For example, Marimon et al in Marimon et al. Following a description of the data gathering process, the following Results section is therefore divided into two large blocks. The first is dedicated to analyzing the international impact of ISO , taking into account its geographical and time distribution, while also analyzing said im- pact with respect to other standards of reference.
The second block focuses on a projection of certifications based on the logistic curve, and also compares them with those of other standards. Results Data collection All of the quantitative worldwide studies on other ISO standards reviewed are based on data obtained from certificates issued, which ISO collects from the different certification bodies and publishes annually in the ISO Survey of certificactions .
Said survey unfortunately contains no data for ISO , which prevents using the same source as that used in the referenced studies. This was done in October , December and May During this period, the records were extracted and some identified inconsistencies reported to APMG, which led to some records being corrected.
Thus, although at the time of writing this article records are no longer published for certifications prior to , the records we have collected and analyzed started in , the year after the first appearance of the stan- dard.
From the set of records obtained, a total of were considered valid for certifications issued up until December Later records were discarded as there is no fixed deadline for pub- lishing certificates and empirically it was noted that many take several months to be reflected.
Therefore, the time period elapsed between those certifications that are considered for the study 31 December and the last capture May allows us to assume that we had included all certifications published for The following information is available for each record: As the certification scheme awards certificates with a validity of three years, it is possible to know which certificates are valid at any time.
One limitation, though probably with little impact on this study, is the fact that it is impossible to detect which certifications have not remained valid over the 3 years due to their not meeting one or both of the two follow-up audits required by the certification scheme. Figure 2 shows the time distribution of the records obtained cumulatively over time and also records for current certifications.
For the discrete analysis, to be conducted subsequently, a sample is obtained of the number of records with fewer than 3 years antiquity at the end of each year, shown by means of a point on the graph.
Figure 3: Moreover, it should also be considered that not all organizations that use MS are certified, or are obliged to be; this is a limitation of all studies of this type for any MS. And finally, while it may be con- sidered a limitation to only use data from one management company of a certification scheme, even if it is the most recognized and has the largest number of certifications, it is also true that we believe we are working with the most consistent accessible data possible.
International impact of ISO In order to obtain an initial overview of the impact of ISO around the world, the first analysis we undertook was of its current geographical distribution and evolution. To this end, the certificates to be analyzed were classified by geographical area or continent, defined as ar- eas, using the same criterion used by ISO in its surveys . The same criterion is later used in determining countries.
Table 4 and Table 5 show the certificates issued at the end of each year and those currently valid by area. All data are from the year onwards, when implementation of this standard began.
We are therefore now in a phase of slow global growth, but with a clear geographical redistribution. On a greater level of detail than areas, a disaggregated analysis was performed by country. With this analysis it is hoped that differences or speci- ficities of each national market come to the surface, behavior that possibly might be parallel to that of other standards in the same country. Thus, Table 6 shows the top 15 countries in ISO certifications, including the number of current certificates and their share of the world total.
The number of certificates is also shown for ISO From the list of leading countries for ISO , Japan stands out as the undisputed leader due to absolute number of certifications, almost doubling China in second place. This Asian leadership is confirmed by the presence of four other Asian countries South Korea, India, Taiwan and Hong Kong for a total of six of the top ten. In fact, what is impor- tant is to observe how all countries situated in first place coincide at the top of other standards, indicating that countries with a widespread diffusion of general management standards such as ISO and ISO are also leaders in the more specific field, specifically technology management, the scope of ISO and ISO To this we should also add that thos countries only appearing in the ISO list are coun- tries of a smaller size but with high technological development in services.
Specifically, Taipei, Hong Kong and Switzerland. Moreover, it is worth noting the leading countries for the other standards which do not appear as leaders in the case of ISO This may cause some one-off distortions for a particular country, but they should not be generalized. This first exploratory analysis certainly indicates some trends, which might clearly be erroneous if the size of the different countries is not taken into account.
In order to improve the analysis, and as detailed in the methodology section, certification intensity is used.
This is calculated by means of number of certificates and GDP and population size as indicators of country size. Data from the International Monetary Found were used for this country. Thus, Table 7 shows the GDP of the leading 15 countries in terms of ISO certifications, together with the absolute number of certifica- tions in these countries for the other three MSS considered to be most relevant.
ISO certification intensities are included for these standards. For example, the Czech Republic is the country with the highest intensity in three of the four standards, whereas the United States has three of the lowest four. This parallelism is seen even more clearly if we look at only the two standards relating to technology: To this end, it is sufficient to observe the behavior of countries like Taipei, Japan and the UK.
In short, this highlights the huge impact countries can have in the diffusion of these standards when it comes to implementing laws and promotional activity.
Together with this we must also bear in mind the ease with which all actors firms, consultants, certification agencies, In order to analyze this aspect, namely, the parallelism detected between implementations of the different standards, the above data were correlated, obtaining the results shown in Table 8. This confirms the previous results, by identifying first a clear correlation between the countries with the most ISO and ISO certifications, but also a clear relationship in certification intensity for both standards.
However, what is most novel is finding that there is a clear correlation between the countries with most ISO and most ISO certifications, also confirming the first findings. This should be interpreted as the coun- tries with the highest GDP being less intensive in terms of certification.
Said finding coincides with the initial perception of the great impact these regulations have in small-sized countries with great technological potential. Correlation is significant at the 0.
In this respect, and as mentioned above, several previous studies  support the use of the logistic curve to model the behavior in time of the number of certifications for a particular standard. Therefore, we performed a non-linear regression to forecast the future status of ISO certifications, allowing us to determine the value of the dependent variables and obtain the equation of the logistic curve that best fits existing data.
The same exercise was conducted previously for the other refer- ence standards using ISO data, with the results provided in Table 9. Thus, we see that the behavior of both standards is perfectly modelable following the pattern of the logistic curve, confirming the predictions made by pre- vious studies while generating new forecasts for the coming years. Specifically, the saturation level is situated at around 1,, ISO certifications in , and , ISO in Table 10 shows the characteristics of the generated model, and Figures 3 and 4 the fore- cast evolution over time.
These Figures show the points representing certifications for each year and the logistic curve with the parameters obtained in the regression. If in the exploratory analysis some similarities already detected in terms of countrywide impact, we suppose that there might also be parallels in their future evolution. Thus, for the case of ISO we observe that, with data available for the years , the model fits to a near- perfect logistic curve, as shown by the R squared of 0.
It is also observed that the saturation level for the last point is very high, this being the value of for certifications valid for , very close to the value at which certifications should be saturated, which according to the model is in According to these estimates, then, the latest data would indicate that ISO certification is at While the intended users of ISO are service providers, it can also be useful for those advising service providers on how to implement an SMS.
IEC Format: PDF Availability: No longer available. Description ISO provides thorough guidance on how to plan, implement and improve a service management system SMS to fulfil the requirements of ISO , using a generic three-phased approach to implementation as an example. Further information on ISO For an essential overview of the Standard, see: An introduction to the global standard for service management.
For a step-by-step guide for ISO implementation and certification, see: Customer Reviews 0.