Get 4 FREE months of Conformio to implement ISO 27001

Main obstacles during ISO 20000 implementation and how to overcome them

There is no doubt – it’s a wonderful feeling once you get the OK for the implementation of a project you consider important. A lot of enthusiasm, energy and motivated people. Planning is, usually, the easier part. But, once you get the “green light” for the implementation, well, then your headaches start. It’s the same with ISO 20000. If you have experience in IT Service Management (ITSM), reading the clauses of the standard seems understandable. And then you need to convert them in real life. That’s when the difficulties begin.

What are they?

It’s well known that fighting the issues that arise during any project implementation is a daily job throughout the project. It’s the same with ISO 20000 implementation. I have seen many issues companies are facing while implementing the standard. So, here is an excerpt of the main obstacles people implementing ISO 20000 are facing:


  • Motivation, or “It’s just another ISO standard.” – It’s about acceptance of the implemented standard. That depends a lot on the organization’s approach towards ISO (or any other) standard in place. If it’s only about having a paper certificate – that’s all the organization gets back. A lot of effort for the implementation, hassle to keep it up to date, and almost nothing in return. Very soon people will realize that, and no one will bother with the standard’s requirements – because, “it’s there just pro-forma, anyway.” Therefore, when the SMS is not actively used, there is no real benefit in daily operations. And, I agree – who would need that?
  • No management support – you can have an IT service management (ITSM) team willing to implement ISO 20000, but it’s your top management who needs to support the implementation and maintenance. What would you need from them? Financing, sponsorship in your business environment, and active participation once the SMS is implemented. And their support is needed as long as the SMS exists. Therefore, it’s essential to include them as early as possible and create positive relationships right from the beginning.
  • Funding – did you ensure enough funding for the implementation project? What did you include in the budget? The point is that you need to ensure that enough funds are available if you want to finish the implementation. So, what do you need to include? People costs include the sum of all hours your people will spend on the implementation. Maybe you will need some external workforce or knowledge you don’t have. Maybe documentation (so you don’t have to start from scratch) or a tool. By the way, a good tool is always a great help for an ISO 20000 implementation. It will decrease the number of documents you need to fulfill the standard’s requirements and increase the efficiency of the SMS (e.g., information will be recorded only in one place – your asset data, which will be stored in a Configuration Management Database (CMDB), are used by several processes like Incident Management, Problem Management, and Change Management).
  • Knowledge – ISO 20000-1 (requirements for the SMS) has 256 “shalls,” meaning – requirements that you need to fulfill. Are you sure you have sufficient knowledge for all of them? Namely, if you direct the project in the wrong direction, and keep going for some time – once you realize what you did wrong it could be dangerous, because it could significantly delay the implementation or even cancel it. Implementation projects that take too long are usually never finished.
  • Who is doing what? – Clarify existing and start delegating (future) responsibilities early. In that way you will collect all relevant information in a timely manner, and your people who will hold responsibilities once the SMS is implemented will have enough knowledge in the scope of their responsibilities. And, educate those responsible people. It will pay you back later.

What to do?

It’s hard to give a one-size-fits-all answer. Every organization is different and has its own approach. ISO 20000 can be implemented in all kinds of IT organizations, meaning that it leaves enough space for adaptation. But, on the other side, it will certainly require changes in the way IT organizations work. Additionally to the ideas presented above, here are a few tips that can help you:

  • Avoid bureaucracy and make it practical – don’t implement the SMS just to get the certificate. OK, maybe you need it for some reason, but once you have it – make it as useful as possible. To achieve that, avoid too much bureaucracy and make it pragmatic. Find out how to apply ISO 20000 requirements in your organization in a way that activities are managed, roles and responsibilities are clear, and records you collect are used and provide valuable information. That means to manage IT service creation and delivery. For example, once you implement Change Management, make it your standard for change implementation; i.e., do not allow any changes that are not planned, approved, scheduled, and implemented in a controlled environment (knowing who, what, when, how… etc.). In such way you will increase the number of successful changes, make users and customers happy, and gain respect from your management.
  • Educate – everyone involved in IT service delivery and your SMS should know exactly what to do. A good idea is that people involved in the SMS gave general knowledge of ISO 20000 and deeper knowledge of their tasks, roles, and responsibilities in the scope of the SMS.

Once you have managed and implemented a usable SMS, as well as people who are knowledgeable about IT service delivery and their roles, management support will be the logical consequence. Once you get management support – funding will be no serious issue.

Organize as a project

Project Management can be seen as inflexible or bureaucratic. But, it gives you an opportunity to control people, activities, and costs. And this is exactly what you need during the SMS setup (read the article ITIL and ISO 20000 – What does Project Management have to do with it? to learn more). Namely, many elements of the IT service delivery will be set during the SMS implementation (e.g., Incident Management, Change Management, measurements, improvement methodology… etc.), so the better you prepare your starting position, the easier it will be once the SMS is operational. And that’s a chance that should not be missed.

Use this free  ISO 20000 Gap Analysis Tool to check your compliance with ISO 20000.

Advisera Branimir Valentic
Author
Branimir Valentic
Branimir is an expert in IT service management (consultancy, training and tools), IT governance (training and consulting), project management and consultancy in IT and telecommunication. He holds the following certificates: ITIL Expert, ISO 20000, ISMS Lead Auditor and PRINCE2.