Requirements for improvement
There are many specific requirements for improvement in ISO/IEC 20000-1. The service management system (SMS) when fully implemented will ensure that there is continual improvement. It is easy to point to clause 4.5.5, Maintain and improve the SMS (Act), which contains the main requirements for improvements. But where do these improvements come from?
Sources of improvements
The most obvious source of improvements is audits – either internal or external audits. But there are also many other sources:
– management reviews (see clause 22.214.171.124) which review the improvements requested and also can generate further improvements. The management review is not likely to review all improvements but is most useful for those which require top management backing, approval and resources.
– monitoring and measuring performance for all service management activities. For example, in clause 6.1 service level management, results of the performance against service targets ae reviewed to identify any opportunities for improvement. There are similar requirements where improvements can be identified in many other clauses:
- 6 information security after security audits and after security incidents
- 1 business relationship management as a result of customer satisfaction surveys
- 2 supplier management after reviews of supplier performance
- 1 incident and service request management after reviews of major incidents
- 2 change management after the review of trends of requests for change
- 3 release and deployment management after the review of the success or failure of releases.
– where action is required to be planned. For example, in clause 6.3, after a service continuity test or the continuity plan has been invoked, there is a review. The wording does not mention improvements but instead states that where deficiencies are found, the service provider shall take necessary actions. There are many places where actions are required and these actions can often result on the identification of improvements.
– many improvements can be come from less formal sources – from team meetings or from individuals working on an area who can see how it can be improved.
It is important that there is a process for capturing all of the improvements from all sources.
Policy for continual improvement
There are many types of improvements. Some come in the form of nonconformities which must be corrected (as in clause 126.96.36.199). Many are in the form of optional improvements or suggestions.
These need consistent evaluation criteria and a procedure for how to evaluate if they should be approved and for management of those that are approved. This is laid out in clause 4.5.5. There is a requirement for a policy on continual improvement which must include the evaluation criteria. Examples of these criteria are risk, cost, business benefit, customer benefit, feasibility, legislation, productivity or quality. It is likely that several criteria will be used to make a decision about improvements. Some will be rejected because they are not technically feasible or the cost outweighs the benefits. Some will be put on hold because they are good ideas which are not appropriate at this time. Many will be approved.
Management of improvements
Nonconformities must be corrected and reviewed to look at underlying causes and to take corrective or preventive action to prevent recurrence.
Once an improvement is approved, it needs to be managed and implemented. Some improvements will need to be treated as changes – see the change management policy for which changes must go through the change management process. Other improvements might be outside of the change policy and dealt with by a team or process owner.
Improvements need to have a target which can be measured after implementation. This ensures that the improvement has truly made a difference. It is not always possible to measure the difference made the day it is implemented – it may takes days, weeks or months to see the benefits.
Reports must be produced about the improvements made. It is all too easy in service management to report on things that have gone wrong – incidents. This reporting will show how pro-active service management is bringing benefits to the customers and service provider.
ISO20000-1 has improvement built into the whole service management system. Indeed, if you have implemented an SMS, you will be guaranteed to get continual improvement.
Lynda Cooper, an independent consultant and trainer, is one of the first people in the world to hold the ITIL Master qualification. Lynda chairs the BSI committee for IT service management (ITSM). Lynda sits on various ISO/IEC committees representing the UK and is the project editor for ISO/IEC 20000-1 and ISO/IEC 90006.
Contact Lynda Cooper via: email@example.com
ISO/IEC 20000 certification with an APMG accredited trainer
Looking to get certified in ISO 20000? Find one of our quality approved training providers near you.