The CEO’s innocent announcement froze all in the room. "We need ISO 20000 certification!... we must demonstrate to our customer that we bring value to their business.”

Wait. Did we hear value and certification in the same breath? How were we going to achieve that? Our last experience had been a nightmare - and the previous certification had just brought additional administrative work, but nothing in return.

Does this scenario sound familiar? We have encountered it several times over the last few years. However, it is possible to bring value to your organization while working towards a certification. The key to this apparent paradox is to work towards improving the processes instead of going through the certification checklist.

The ISO/IEC 20000 standard series enables service providers to “understand how to enhance the quality of service delivered to their customers, both internal and external”. This is achieved by having processes and a management system conform to the requirements defined in the first part of the standard. In fact ISO/IEC 20000 is made up of several documents (see Figure 1).  

 
Figure 1: The ISO/IEC 20000 Series

Most companies concentrate on the mandatory requirements in order to get certification. And that’s where the nightmare begins. There are 375 requirements to implement a Service Management System! Even if these requirements are ITIL® aligned (Best Practices books published by the British OGC), it is easy to understand why this can be of concern if the objective is to comply with all requirements, in order to get certification.

The big issue is: where should we start? How do we set priorities?

Traditionally for certification, a first internal audit will be performed to get a snapshot of the actual situation, and identify nonconformities to the requirements. These audits (also called “conformity assessments”) have two major challenges:

1. audit focus on individual requirements - technical, administrative, organizational or managerial.
2. report focus on nonconformities to be tackled to get compliant.

Analyzing this situation with stakeholders can be a funny experience (try it!). It highlights the cultural divide between top management and operational staff. The former mostly wants to be compliant (to the standard) and to work on individual requirements towards such compliance. The latter mostly wants more constructive feedback, and a positive approach to support their efforts in improving their daily contribution to the processes.

PROCESS ASSESSMENT & IMPROVEMENT

One of the case studies detailed in the book “ITSM Process Assessment Supporting ITIL®” (Van Haren Publishing, 2009) reports how, at Fujitsu Services Oy, it was decided in 2005 to gradually replace traditional internal audits of key processes with ISO/IEC 15504 process maturity assessments. It prioritizes the work to be done and makes sure you spend your energy in a way that will really help your business, not just cosmetic work to make you look better.

ISO/IEC 15504 provides a framework for the assessment of processes. Process assessment inspects the processes used by an organization to establish whether they are effective in achieving their goals, with results shown as process profiles (see Figure 2).

Figure 2: Process Profile

The results of an assessment may be used either to drive process improvement activities or to determine process capability by analyzing the results in the context of the organization's business needs, and by identifying strengths, weaknesses and risks inherent to the processes.
This way of working is fundamentally different from traditional conformity assessment as what is looked upon are the processes, not the requirements of the standard. The processes are examined to understand to what extent they achieve their goals. The underlying activities performed are just considered as indicators of process performance (even if some of these activities are targeted by requirements).  

The major benefit of process assessment is that it focuses on the ability to perform the process (business first!). Then if and only if the operational activities are achieved, we will work on the achievement of capability and maturity characteristics of the processes (process management, establishment, predictability, and optimization, as depicted in Figure 3).  This way we are able to bring maximum value to the business by identifying weaknesses, but also strengths enabling quick wins at lower cost. Another benefit of this approach is that while working on the improvement of the process performance (to achieve its goal) we bring a positive message to the staff when asking them “What are the problems you are facing? How do you think we could improve things?” instead of focusing on the search for deficiencies.
 

Figure 3: The Capability Scale

CRP Henri Tudor, one of the largest public research centers in Europe, has created a methodology (Figure 4), compliant with ISO/IEC 15504 to perform process assessment in IT Service Management. The Tudor ITSM Process Assessment (TIPA ) was tested and implemented in several enterprises. At Fujitsu Services, it served to improve services while preparing for ISO/IEC 20000 certification - the first such certification in Finland. Fujitsu Services Oy conducted a pretty neat study looking at the correlation of capability level achieved and the work done on process improvement vs. customer satisfaction. Not surprisingly there was a strong correlation especially highlighted on a couple of years where they did not spend too much time and money working on process improvement – it didn’t take long before it had a negative impact on customer satisfaction. This also illustrates, like most people realize when talking about ISO 9001, that certification is a nice plus but does not guarantee a solid improvement in processes, especially if the firm only does the minimum to meet the certification requirements.

Dimension Data (worldwide) is another company that is using TIPA for pure improvement purposes in its global support centers around the world, including Australia. Performing a TIPA assessment in four of their five global service centers gave them a tool to identify the best practices in different parts of the world and standardize the level of service, while improving their ITSM.
 

Figure 4: The TIPA framework

OPPORTUNITY

Though certification is often presented as a major motivation for companies to improve their processes, there are many cases where efforts are made only to comply with the requirements in the short term, neglecting side effects on the underlying processes. A certification might help you to get the budget to get an improvement project going, but if you only concentrate on the requirements, you might well end up with a nice certificate but little long-term improvements. However, there is always some place for improvement, be it in efficiency, effectiveness or customer satisfaction. So if your goal is to improve your overall ITSM, reduce your costs, reduce downtime, reduce incidents, or improve satisfaction, then working to improve your process is the way to go, and the very first step is performing an assessment of your processes. This assessment will help you in your improvement projects to plan the project and define the goals you want to achieve in relation to your business. It will also give you a tool to check where you are in your project and if you can achieve your goals.

This contradiction can be balanced thanks to the use of process assessment to assess and support the improvement of processes. TIPA® and the upcoming ISO/IEC 15504-8 standard are major contributors to this revolution.

If you want to know more about these two cases, about TIPA methodology and how a process assessment can help you to improve your ITSM, refer to the book “ITSM Process assessment Supporting ITIL” (Van Haren Publishing, 2009).