ArticlePDF Available

Building up an IT Service Management System through the ISO 20000 Certification

Authors:
Jung-Hoon Park
Jung-Hoon Park
Jung-Hoon Park
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Hwan-Min Kim
Hwan-Min Kim
Hwan-Min Kim
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

This study prepared a foundation to provide high-quality services in a stable and effective way to meet the customer expectations, by building up and establishing an ISO 20000 certified IT service management system and protecting the information assets from various threats through effective system operation that meets the requirements of international standards, in order to ensure the reliability and stability of NDSL public services provided by KISTI Information Service Center and to enhance the customer satisfaction.
No caption available
… 
Figures - available via license: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Content may be subject to copyright.
Available via license: CC BY-NC-ND 4.0
Content may be subject to copyright.
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
31
Building up an IT Service Management System
through the ISO 20000 Certification
Jung-Hoon Park*, Hwan-Min Kim***
ARTICLE INFO ABSTRACT
Article history:
Received 15 July 2012
Revised 7 October 2012
Accepted 8 November 2012
This study prepared a foundation to provide high-quality services in
a stable and effective way to meet the customer expectations, by
b
uilding
up and establishing an ISO 20000 certified IT service management
system and protecting the information assets from various threats through
effective system operation that meets the requirements of international
standards, in order to ensure the reliability and stability of NDSL public
services provided by KISTI Information Service Center and to enhance
the customer satisfaction.
Keywords:
ISO 20000, NDSL,
IT Service Management System,
Application of ISO 20000,
e-journal Management System,
KISTI Information Center
1. Introduction
1.1. Need for Study
According to the International Organization for Standardization (ISO), small and large organizations
in more than 159 countries have been certified by ISO 9000 International Quality Management
System, which implies that quality management has become an essential element for enterprises
to produce high-quality products and to meet customer's needs.
In other words, an effective quality management system can play an important role in providing
an environment where a company's products or services meet the customer's needs any time and
thus enhancing the company's competitiveness.
For KISTI Information Service Center (National Discovery for Science Leaders, hereinafter to
be referred to as “NDSL”), where information and information distribution are products, it is time
to adopt a process-based system operation so that the quality of information it provides can meet
* Senior Researcher, Department of Overseas Information, KISTI, Korea (jhpark@kisti.re.kr)
** Senior Researcher, Department of Overseas Information, KISTI, Korea (mrkim@kisti.re.kr) (Corresponding
Author)
International Journal of Knowledge Content Development & Technology, 2(2): 31-44, 2012.
[http://dx.doi.org/10.5865/IJKCT.2012.2.2.031]
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
32
the customer's need.
KISTI obtained the ISO 9001:2000 quality management system certification in November 2003
and the IT-based quality management system certification in 2003, in order to enhance the international
competitiveness in the field of science and technology information distribution and service, and
to lead the national knowledge information infrastructure (Kim et al., 2005).
Now, we are planning to build up a service management system through ISO 20000 certification
in order to ensure reliability and stability of NDSL remote station services provided by the Information
Service Center and to improve the customer satisfaction.
The Information Service Center has a service policy to provide high-quality services which meet
customer expectations in a stable and effective manner, by building up and effectively operating
a management system in compliance with the ISO 20000 requirements and protecting the information
assets from various threats.
For this, we have promoted to plan, implement, examine and continuously improve a management
system to ensure compliance with the interested parties’ requirements and regulations, establishment
and management of objectives, effective resource operation, management review and seamless commu-
nication, and have decided upon the following implementation guidelines: First, raise the international
status of NDSL services by maximizing the availability and continuity of the services and providing
the best-quality services. Second, conduct all works in such a way that prevent non-compliance
from arising andensure problems are taken care of in a timely manner. Third, protect the information
assets from threats. Fourth, foster workforce through education and training and ensure the service
provider to make every effort to improve the service quality. Last, but not least, ensure that each
and every member of the staff of the Information Service Center understands, practices, keeps,
and improves these objectives.
1.2. Basic Policy of the Study
The KISTI Information Center has established a basic policy for annual service activities, in
order to promote continuous quality improvement for the information system service by preparing
and implementing the service management policies for the NDSL service including its vision and
goals. The policy serves as the basis of NDSL service operation and management activities and aims
at maintaining the consistency of works through training of related personnel and reaching the
consensus among them (Kim & Shin, 2006).
The basic policy covers establishing the service policies including vision, goals and performance
indicators, organization and division of duties, workforce planning, planning of education and training
based on the eligibility criteria for each area of work, establishing the work procedure and processes
for each team, establishing the document classification system and standard documents, ongoing service
management, and establishing the improvement process (Hwang, 2011).
The policy applies to all activities related to providing major NDSL services (www.ndsl.kr) such
as planning, operating, inspecting and improving the management system for NSDL services. NDSL
services include the following:
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
33
First, “NDSL Paper” is the nation’s largest paper search service by which users can search for
any articles in journals and proceedings published by science and technology societies and associations
at home and abroad.
Second, “NDSL Patent” is a service that allows users to search exhaustive patent information
including more than three million Korean patents announced since 1948 and those produced by the
United States, Japan, and Europe Patent Offices and have been made public or registered since 1976.
Users can use Korean patent, US patent, European patent, and WIPO patent in one-stop from search
to obtaining the original text.
Third, “NDSL Report” provides national R & D reports, various policy reports, and analysis
reports. It is an integrated service that collects and associates various reports produced by universities,
research institutes, and enterprises, in one-stop, even including electronic text (full-text) in cases
of the latest reports.
Fourth, “NDSL Trend Analysis” provides information about the latest trends in the field of science
and technology as well as science and technology policies of major countries and the differentiated
trend information from the perspective of the leaders of those fields.
Fifth, “NDSL Standard” allows users to conduct integrated searches for the standards of Korea
Industrial Standard (KS), International Organization for Standardization (ISO), and International
Electrotechnical Commission (IEC). It is provided in cooperation with the Korean Agency for
Technology and Standards (KATS) Standards Information Center.
Sixth, “Digital Korean Human Body Information” provides researchers at home and abroad with
data about Korean body images, models, and skeleton properties, so that it can be utilized as basic
data for various digital human modeling and simulation research being developed for the dynamic
analysis of biomedical engineering, rehabilitation engineering, sports, and industry stabilization.
2. Basic Concepts of ISO and ISO 20000
2.1. Basic Concept of ISO
ISO stands for the International Organization for Standardization, which forms fora consisting
of experts from various countries to establish and revise international standards required for industries.
Types of widely accepted ISO standards are as follows:
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
34
Type Standards
ISO 9001 Certification of the quality management system for efficient business management
ISO 9001 & ISO 14001 Certification of the quality & environment integration system
ISO 10002 Certification for customer satisfaction to realize potential customer satisfaction
ISO 13485 Certification for the field of medical equipment
ISO 14001 Certification of the environment management system
ISO/TS 16949 Certification of the standard quality management system for improving the quality
of automobile supply network
ISO 17799 Certification of the information security management system
ISO/IEC 20000 Certification of the international standard certification standards for IT Service
Management (ITSM)
ISO 22000 Certification of the international standard certification standards for IT Service
Management (ITSM)
(* Integrated certification for ISO9001 + ISO14001 + HACCP)
ISO 26000 Certification of the international standards for social responsibility activities
ISO/IEC 27001 Certification for overall management configuration system for Information Security
Management System (ISMS) and information security
ISO 29001 Certification of the quality management system standard regulations for petroleum
gas supply networks
ISO 29990 Basic requirements for the learning service providers of non-formal education and
training
2.2. Basic Concept of ISO 20000
ISO 20000 international standard, of which certification the Information Service Center has obtained
at this time, is a model of the international standards for IT services. It is an efficient solution
for IT service organizations/companies to get certification from an international certification organ-
ization through verification of conformity to ITSM.
ISO 20000 is a revision of BS 15000 Certification of British Standard Institution (BSI), which
had been utilized as a practical international standard certification specification for the ITSM (Disterer,
2009).
The reason for obtaining ISO 20000 certification is because information technology (IT) is an
essential element for today's business operation but problems due to IT services, which do not meet
the customers' or the organization's needs internally or when they are outsourced, are increasing. By
obtaining the certification for this standard, an organization can objectively prove to its customers
that it conforms to the best business practices.
ISO 20000 has been introduced to major IT-related fields such as business process outsourcing,
communication, financing, and public services, and have produced positive effects. It has established
the standards and minimum requirements for verification of ITSM implementation through detailed
guidelines for ITSM. Furthermore, it provides substantial regulations and practices for service manage-
ment through best practices of service management processes within the scope of the detailed guidelines.
Internally, ISO certification has the following expected effects. First of all, it ensures customer
satisfaction and trust for the effectiveness, service quality, and information security of NDSL IT
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
35
service processes. It provides a service environment in which national research and development
information can be easily accessed through the ITSM system, and also provides an effective maintenance
and management system for information systems. By ensuring compliance with the guidelines and
procedures for the ITSM system and thus ensuring the consistency of works and removing excesses
and wastes in advance, the process improves the quality of services. The efforts to enhance the quality
of IT services will result in cost-effective IT investments and help customers accomplish their business
goals faster. As the number of organizations, which require the reduced service cost, customers'
requests for decision-making, and ISO 20000 certification as terms of the contract, is increasing, the
external service providers can secure new customers by using this certification as a means of differ-
entiation from competitors and maintain and secure the efficiency of the ITSM processes through
regular certification audits. Also, the ISO 20000 has the effect of cost-saving by visibly presenting
the result of continuous efforts for improving the quality and level of IT services.
Externally, ISO 20000 certification signifies that a company’s ITSM has been recognized by
an internationally accredited certification organization. Thus, it can enhance the company's status
to the outside. ISO 20000 can help the government agencies improve the quality of their services
for the public, enhance customer satisfaction, and ensure the reliability of IT services. It enables
IT service providers to respond to the business-centered services more effectively than to technol-
ogy-centered services. Overall, ISO 20000 completely agrees with the IT Infrastructure Library
(ITIL) that presents the best formal business processing for ITSM processes.
3. Application of ISO 2000 for Building up NDSL Service Management System
3.1. Basic Direction
NDSL is a service that secures the service management system standard for a series of processes
to collect, process and service the national science and technology information in the business environ-
ment and provides for the reliability of the system. It aims at increasing the stability and efficiency
of NDSL service operation by building up a system that reflects the ISO 20000 requirements and
complying with business procedures and guidelines, and improving customer satisfaction through
continuous management of service level. It intends to be acknowledged for its suitability for IT
services by getting the certification from an internationally accredited organization, and to continuously
maintain and improve its effectiveness and efficiency of system operation through regular follow-up
evaluations.
3.1.1. Scope and Major Content
This process of obtaining certification requires the following actions: analyze the current status
and cases of NDSL service management system based on SOP, establish plans to apply the analysis
results, establish an improved NDSL service management system based on ISO 20000, establish
ISO 20000/9001/10002 application strategies and implementation plans, and distribute roles for settling
down ISO 20000-based NDSL service management system among organizations.
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
36
Furthermore, other important steps in this process include: conduct education and training for
NDSL service operating personnel, including the overview of IT service management, ISO 20000
framework, understanding of the requirements of the ISO 20000 standard, the internal auditor training,
and the maintenance of ISO 9001/ISO 10002 certification, build up ISO 20000 processes (support
and core processes) by establishing and operating an ISO management system for NDSL services,
upgrade ISO 10002 operating system, and monitor, verify, internally audit, and take corrective actions
for the management system.
3.1.2. Procedure and Method of ISO20000 Certification
First, consult regarding the ISO 20000 standards and certification information, to establish and
implement a system that meets the requirements of the standard.
Second, apply for certification. Though varying between certification agencies, the documents
required for application generally include an application form, questionnaire, and contract. As there
are certain requirements to be met for applying for certification, an application may be rejected
if the requirements were not met.
Third, a preliminary screening is performed before regular review for the following purposes:
to understand the company's operation and the subject or service to be reviewed, and to shorten
the screening period accordingly and substantiate of the screening program, to check the applicant's
preparation and to save the applicant's cost and efforts and the reviewer’s time by rejecting inadequate
applications, and to provide the reviewed with opportunities to correctly understand and practice
the standards. The preliminary examination focuses on verifying whether the quality system is sub-
stantially operating.
Fourth, the documentary review plays an important part in the quality system certification system,
unlike in the general product certification system. As the concept of system certification system
scheme is for a company to prove through third parties whether it documents and maintains all
aspects of its products and/or services and complies with its quality standards, a service manual
that describes all aspects of the system can be considered similar to a constitution of a country.
In addition, at the time of quality manual review, related procedures or guidelines may be requested
in order to avoid unnecessary delay in the screening that may occur if a reviewer does not understand
the system properly.
Fifth, on-site examination is scheduled between the applicant and the certification authority when
it is verified that the applicant’s quality system conforms to the requirements of the international
standard (ISO 20000) quality system.
Sixth, the certificate is issued when no nonconformity is found in all the reviews and examinations
or when all the detected nonconformities are resolved. The certification expires usually in three
years, after which it can be renewed through recertification examination or through follow-up examina-
tion without recertification examination.
Seventh, the follow-up examination is conducted to make sure that the system is still effective
and continually improved.
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
37
3.2. Current Status of NDSL Service Management System
The NDSL services cover academic papers, patents, reports, trends, standards and factual information.
The conceptual diagram and process map for the service is shown below.
<NDSL Service Process Ma
p
>
3.3. Requirements for ISO 20000 Service Management System
ISO 20000 provides a framework for managing five major processes of IT services to meet the
international standard, including but not limited to establishing a policy for NDSL service management,
planning (Plan), executing (Do), checking (Check) and taking actions (Action) for the service manage-
ment system, and managing new and changed services, in order to ensure customer trust in the
IT services and promote continuous quality improvement.
Accordingly, it is necessary to develop service policies to establish the objectives (performance
indicators), organize and divide duties, establish the eligibility of personnel for each field of work,
establish an education and training system, define the work procedure, establish IT service processes,
establish a document classification system and standard documents, ensure ongoing service manage-
ment, and establish an improvement process.
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
38
3.4. Application of ISO 20000 to Build NDSL Service Management System
The policy to ensure NDSL service management in compliance with ISO 20000 international
standards shall be established and applied, to build up an IT service operation and management
system of the international standard.
For this, the following management responsibilities and roles shall be allocated:
First, the Center Director, as Chief Executive Officer responsible for executing the service operation,
shall have the overall responsibility and authority for the services provided and the service management
system. He or she shall be responsible for developing the capabilities for providing and managing
NDSL services and for ensuring those services to be executed and improved. He or she shall also
be responsible for approving preparation and revision of service management policies and manuals,
approving service management plans, electing service managers, supporting the business to achieve
service goals and ongoing improvement of services, and supervising the management review (one
a year or more).
Second, IT Service Manager (Management Representative), appointed by the Center Director,
shall have the responsibility and authority to ensure the suitability and effectiveness of the service
management system so that all the activities related to provision and management of IT services
can be executed in compliance with the requirements of the ISO 20000, the customer's needs and
the related regulatory requirements. With regards to provision and management of the services,
he or she shall also be responsible for executing the following duties: supervising preparation and
revision of standard processes for service management, issuing and managing service management
documents, establishing and executing service management plans, organizing a service management
team and appointing the person in charge, coordinating service management processes, supplying
and providing the required resources, identifying and managing potential risks, conducting education
and training for service management and change management, developing and managing service
improvement plans, preparing and executing internal audit plans, and preparing for management
review and reporting its result to the Director of the Information Service Center.
Third, each department head/team leader shall be responsible for preparing and maintaining the
service management plans for services the department/team provides, and has the responsibility
and authority to divide duties to members of the department/team according to this Manual and
the standard process and to perform education/training for them to conduct their duties. He or
she shall also be responsible for executing the service management plans for the services, managing
the personnel and resources in charge of the corresponding services, and coordinating the corresponding
service management processes.
Fourth, the processor owner has the responsibility and authority to monitor and improve the
status of implementation of the corresponding process, to manage the corresponding process documents
and records, to conduct education and training for the corresponding process, to respond to the results
of auditing the corresponding process, and to measure and report the performance of the corresponding
process.
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
39
3.4.1. NDSL Information Asset Risk Assessment Process
This process defines the risk assessment conducted for the purpose of ensuring the availability
and continuity of the information system by assessing the risk of services through the information
system or its assets, and accordingly establishing and applying proper risk mitigation measures
for the corresponding risk.
Major process steps include identifying the information assets, evaluating their value, assessing
their risks, and the follow-up management. The identification activity is to identify the information
assets related to NDSL services. The evaluation activity is to identify the importance and characteristics
of the information assets, and evaluate their value based on their confidentiality, integrity and
availability. Next, the risk assessment activity is to understand the risk, which has a potential and
major impact on the asset, and to analyze its likelihood and its impact on the information asset.
Lastly, the follow-up management is to decide DOA based on the evaluation result and take proper
improvement measures for DOA items.
3.4.2. NDSL Service Level and Report Management Process
This process aims at defining services to be provided, determining the target level for the defined
services, managing the services to achieve the target level, and maintaining and improving the
quality of IT services at the determined or higher level.
Major process steps: First, prepare SLAs through service catalog preparation, management object
selection, understanding the current capability level and defining the service level, and to consult
with the client about them. Second, monitor and report the service level. This activity is to monitor
the services based on the determined SLAs, to collect reliable data, prepare the monthly service
level report, to conduct the service review meeting based on the prepared SLA report to evaluate
the service level, and collect the customer’s opinions about the service. Last, improve the services.
This step is intended to identify matters that may adversely affect service quality, to take measures
to improve those matters, and to reflect the SLASs redefined through this activity in the service
level management after consultation with the client.
3.4.3. NDSL Availability Management Process
This process is to understand a proper level of availability of NDSL services and to continuously
monitor their availability to ensure the availability target agreed with the client. It also includes
proper improvement activities, to achieve the agreed availability target.
Major process steps: Availability planning sets the target value for service availability to maximize
the availability of IT services and meet the business needs, and to establish the management plan.
Next, availability data monitoring and report checks whether the established availability level is
met, to conduct the maintenance activities predefined according to the availability management
plan, and to report the results. Lastly, availability improvement implements the availability improvement
plans established at the time of setting the target for improving the system and service availability,
and to implement the improvement plans if, as a result of regular analysis, it deems necessary
to improve the availability. If there is no need for availability improvement, regular analysis shall
be conducted based on the collected information.
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
40
3.4.4. NDSL Business Continuity Management Process
This SOP aims at prompt recovery and improvement to achieve the continuity target defined
for the level of NDSL services. When a disaster happens, the level of service continuity agreed
with the client shall be guaranteed through prompt response and recovery activities. Also, even
when normal access is blocked, the service continuity plan, the emergency contact network, and
the configuration management database shall be available.
Major process steps: Planning establishes improvement plans by carrying out performance tests
for the service continuity and analyzing and reviewing the matters found necessary to be improved
as a result of the test. Performance testing carries out tests according to the performance test plan,
analyzes the results, prepares the report, and establishes improvement plans based on the analysis
results. Lastly, emergency recovery recovers the system and services according to the service recovery
procedure using backup files, and resumes normal services.
3.4.5. NDSL IT Financial Management Process
This process aims at managing the budget and accounting activities for IT services provided
by the Information Service Center. The IT financial management refers to the budget and accounting
activities required for providing IT services. Namely, it is the budgeting and accounting for all elements
of the IT services such as IT assets, shared resources, overhead, services provided by the outside
suppliers, workforce, insurance, and licenses.
Major process steps: Budgeting establishes a plan for the expenses required for providing IT
services and seeks its approval. Budget execution and accounting monitors the difference between
the budget and the actual expenses spent for the business, and identifies the cause of any difference.
3.4.6. NDSL Capacity Management Process
This process is to ensure that the business requirements for the current and future capacity and
performance will be cost-effectively provided, by predicting future business requirements and con-
tinuously monitoring and improving the system resources. It includes monitoring the performance
and capacity of IT services and of IT elements that support those services, understanding the current
demand for the IT resources, and predicting future needs. It also includes managing the demand
for resources and establishing the capacity management plan to estimate required IT resources,
in relation with other service management processes.
Major process steps: Capacity planning ensures that the current and future business requirements
for IT services are properly reviewed and the capacity sufficient for supporting those services are
planned and implemented in a timely manner. Monitoring and analysis monitors the management
items defined to meet the target service rate, derives matters to be improved through the capacity
trend analysis and regular analysis of accumulated data, and estimates the capacity of new services
by reviewing and modeling new technology application plans for the new services. Lastly, the
improvement task establishes the required capacity improvement plan, and reviews the progress
and result of the plan.
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
41
3.4.7. NDSL Information Security Management Process
This process is to provide stable information system services by protecting tangible and intangible
assets such as hardware, software, operation personnel, management system, and management policies.
It includes establishing the standardized policy and procedures for the information system security,
blocking unauthorized access to the communication network to ensure data security, and controlling
the access to the facilities and unauthorized access by trespassers.
Major process steps: Establishing the information security policy defines the objects of information
security for the related IT services and technology infrastructure, assesses the potential risks, and
documents the information security policies/guidelines to comply with the customer security policy
and guidelines. Operation of the information security education defines the objects of security education,
the education plan, and main contents of the security education, and the security accident investigation
and countermeasures inspect and audit the information security and define countermeasures against
the security violation. Lastly, the follow-up management step establishes plans to improve the problems
identified during the information security operation and defines the actions to be taken to implement
the plans.
3.4.8. NDSL Customer Relationship Management Process
This process aims at improving the reliability of the Information Service Center by promptly
and accurately resolving customer complaints about NDSL, and reducing and preventing future
complaints from arising by improving the quality of administrative services.
Major process steps: Voice of Customer (VOC) reception and identification process describes
how to receive, process and identify the customer complaints. VOC handling describes the procedure
for investigating causes of the complaints, reviewing the complaints and establishing countermeasures
against the complaints. VOC follow-up management is to manage the records about VOC handling
and to analyze VOCs regularly. Lastly, customer satisfaction monitoring checks the validity of the
corrective measures taken and conducts post-management.
3.4.9. NDSL Supplier Management Process
This process is to ensure the NDSL information system operates efficiently, by maintaining a
seamless relationship with suppliers who supply and maintain all hardware, packages, and development
software required for providing NDSL services. This process requires the service provider and the
suppliers to understand their own responsibilities and duties, the service provider to manage the suppliers
so as to ensure stable provision of high-quality services, and the service providers to be committed
to their responsibilities to the service provider.
Major process steps: Defining the requirements defines the product requirements for IT infrastructure,
taking into consideration the market trend, customer demands, SLAs and availability requirements,
and selects suitable products. Supplier selection reviews the criteria for selecting the suppliers based
on the defined requirements, evaluates/selects the suppliers, and enters into contracts with them
through internal approval. Delivery and operation support the delivery/installation after the adaptation
test is completed according to the contracts, and monitor whether the contract terms including product
performance and maintenance are fulfilled. Lastly, follow-up management ensures that the service
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
42
provider shall carry out the operation management after the contract period ends and have the
suppliers promptly correct the errors arising during the operation management.
3.4.10. NDSL Incident Management Process
This process is to minimize the impact of various incidents arising from NDSL services, by
effectively handling them, systematically managing the results, and therefore recovering normal
service functions as soon as possible. In this process, the priority of an incident to be handled
is determined based on the level of its impact on the services, with the focus on prompt service
recovery rather than on identification of the causes. The faults for which causes remain unidentified
shall be transferred to the fault management process, and all incidents shall be recorded in compliance
with this process.
Major process steps: Reception and recording register all incidents reported to the service desk
by phone or e-mail, including those detected through the operator's inspection and monitoring activities.
Classification and initial support classify the received incidents based on the defined criteria, and
carry out initial actions after comparing them with the records about the previous incident handling
and the known errors. Investigation and diagnosis investigate the incident to ensure prompt service
recovery and suggest a fundamental or a tentative solution. Resolution and recovery resolve the
incident according to the derived solution, and restore service to normal conditions. Lastly, closing
and follow-up management close the incident, notify the customer of the resolution, and confirm
with the customer that normal service has been restored.
3.4.11. NDSL Fault Management Process
This process is to suggest solutions to the faults for which causes have not been identified,
among those arising during the service operation, and to provide the procedure required for fault
analysis and prevention. It shall be managed separately from the incident management process.
All identified faults should be recorded, and potential faults should be reduced through prevention
activities. The fault management process shall also include known-error management and management
of the suggested solutions.
Major process steps: Reception and registration receive the request for handling a fault as the
fault is identified, register it to the fault DB, determine its priority, and assign a person in charge.
Cause analysis analyzes the fundamental cause of the fault and derives a solution. Lastly, the sharing
and closing step registers the derived solution to the DB and shares it.
3.4.12. NDSL Configuration Management Process
This process aims at managing and controlling each component of the NDSL system to ensure
effective and efficient NDSL services. It involves checking, recording, and reporting all components
within the scope of configuration management, to ensure efficient management of the components
and provision of accurate information about them.
Major process steps: Establishing the configuration management plan defines and plans the goal,
objectives, scope, policies, procedures, and technical situations for configuration management.
Configuration control ensures that only the approved and identifiable components are managed through
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
43
the configuration control and reflected in the configuration management database. In this controlled
environment, no components without an official document like approved change request can be
added, modified, replaced, or removed. Lastly, configuration audit and improvement checks whether
each component is actually present in the system, and continuously reviews and audits whether
it is correctly recorded in the configuration management database.
3.4.13. NDSL Change Management Process
This process is to continuously improve the information system operation by efficiently and promptly
handling all changes according to the standardized methods and procedures and thus minimizing
the impacts of the changes on the service quality. It includes clearly defining and documenting
the changes of services and infrastructure, recording and classifying all change requests, evaluating
risks, impacts and business benefits, reviewing actions taken to make changes happen and those
taken after the changes are implemented, and utilizing the review results as the basis of release
scheduling.
Major process steps: Change request reception receives change requests after clarifying the details
of the change requests. Change review and classification classifies the types of the change requests
and reviews their content. Performing the change notifies the related personnel/organization of the
change plan and performs the change. Follow-up management checks the validity of corrective
actions taken and performs the post-management.
3.4.14. NDSL Release Management Process
This process is to protect the IT operation environment and the IT services by releasing and
verifying the hardware and the related software required for completing the changes to IT environment,
under the release manager's control. It involves identifying the roles and responsibilities of the
release manager and the person in charge of each step, defining the release policy, installing the
hardware/software according to the release type, and devising recovery plans and test methods.
Major process steps: Release planning defines the objects to be released, establishes release plans,
and requests for the release. Releasing reviews and approves the release plan, and performs the
change. Release verification prepares the checklist for verifying the release and verifies the validity
of the change/release. Lastly, follow-up management checks the validity of the corrective actions
taken and performs the post-management.
4. Conclusion and Suggestions
In order for KISTI National Discovery for Science Leaders (NDSL), whose products are information
and information distribution, to provide the quality information required by the customer, a proc-
ess-based system management is a must. ISO 20000 international standard, of which certification
has been obtained by the KISTI Information Service Center, is a model of international standards
for IT services, and all organizations/companies carrying out IT services need to be certified by
this international standard through verification of their compliance with the IT Service Management
J. H. Park & H. M. Kim
International Journal of Knowledge Content Development & Technology Vol.2, No.2, 31-44 (December, 2012)
44
(ITSM) system.
This standard has been introduced to major IT-related fields including but not limited to business
process outsourcing, communication, finance, and the public sector, to produce positive effects,
and it is required in order to ensure customer satisfaction and reliability on the effectiveness of
NDSL IT services, the quality of service, and information security.
Efforts to enhance the quality of IT services result in increasing the cost-effectiveness of the
investments in IT services, hastening the achievement of the customer’s business goals, and thus
resulting in service costs and reflecting the customer's requirements for decision-making.
Basic policy for the ISO 20000 application to NDSL is to secure the service management system
standard for a series of processes for collecting, processing and servicing national science and technology
information in the business environment, and to ensure the reliability of the NDSL services.
It covers understanding the current status of the NDSL service management system, establishing
plans to apply the system, conducting training and education for the operation and service personnel,
and establishing and operating the service ISO management system. It also includes establishing
the NDSL service management guidelines and the IT service operation and management system
in compliance with ISO 20000 international standard.
In the future, continuous efforts are required to enhance the status of NDSL as an IT service
provider to the outside world, through a well-established IT service management system certified
by an internationally accredited agency. For this, it is necessary to promote planning, implementing,
inspecting, and continuously improving the management system to ensure compliance with the inter-
ested parties' requirements and the regulations, systematic planning, effective resource operations,
management review, and seamless communication. Furthermore, the IT service providers should
make efforts to respond more effectively to business-oriented services than to the technology-oriented
services.
References
Ahn, I. J. (2011). Contents development of library signage manual in Korea. International Journal
of Knowledge Content Development & Technology, 1(2), 15-27.
Hwang, K. (2011). NDSL ISO 20000 Certification and ISO 10002 Post Management Consulting.
Seoul: Goodus.
Kim, S. K., & Shin, S. H. (2006). An Example of ISO 9001 Quality Management System based
on BPM. The Korea Contents Association Journal, 6(4), 38-45.
Kim, S. K., Shin, S. H., Lee, Y. S., & Chung, T. Y. (2005). A Study on establishing a ISO 9001:2000
Quality Management System using information technology. The Korea Society for Quality
Management Journal, 33(2), 13-26.
Pengembangan framework pembelajaran kolaboratif untuk institusi pemerintah menggunakan ADDIE dan ISO 20000
Article
Full-text available
  • Jul 2021
Revolusi Industri 4.0 dan kondisi pandemi Covid-19 mendorong pemerintah untuk segera melakukan penyesuaian pada budaya kerja. Salah satu budaya kerja yang perlu disesuaikan adalah sistem pembelajaran untuk para Aparatur Sipil Negara (ASN). Sistem pembelajaran konvensional perlu disesuaikan menjadi pembelajaran jarak jauh dengan pemanfaatan internet. Pengembangan sistem pembelajaran membutuhkan panduan agar sistem yang dibangun sesuai dengan target peserta didik, yaitu ASN. Diharapkan, sistem pembelajaran dapat membangun budaya kerja sama serta dikelola dengan standar manajemen layanan TI untuk menjamin keberlangsungan sistem tersebut. Penelitian ini bertujuan untuk mengembangkan sebuah framework pembelajaran untuk institusi pemerintah. Framework dikembangkan dengan menggunakan metode Design Science Research Methodology. Penelitian ini berhasil menunjukkan bahwa sebuah Framework pembelajaran dapat dikembangkan dengan menggabung beberapa konsep seperti: multimedia, pembelajaran kolaboratif dengan independen konten, andragogi, dan ADDIE Model sebagai kerangka utama pembelajaran yang selanjutnya dipetakan ke dalam sebuah standar dalam manajemen layanan TI yaitu ISO 20000. Development of collaborative learning frameworks for government institutions using ADDIE and ISO 20000 Abstract 4.0 Industrial Revolution and conditions of Covid-19 pandemic pushed the government to adjust their work culture immediately. One work culture that needs to be adjusted is the learning system for Civil Servants. The conventional learning system needs to be adapted into distance learning using the internet. The development of a learning system requires guidance so that the system is built according to the learners. Hopefully, the learning system can build a culture of cooperation and adopt IT service management standards to ensure the system's sustainability. This study aims to develop a learning framework for government institutions. The framework was developed using Design Science Research Methodology. This study has successfully shown that a learning framework can be developed by combining several concepts such as multimedia, collaborative learning with independent content, andragogy, and the ADDIE Model as the main learning framework, which is then mapped into ISO 20000 as a standard in IT service management.
View
ANALISIS TATA KELOLA KAPASITAS LAYANAN TEKNOLOGI INFORMASI PERUSAHAAN ASURANSI SOSIAL MENGGUNAKAN STANDAR ISO 20000:1-2018
Article
  • Dec 2019
Social insurance company has mission to protect all people, avoid the risk of social life, so social insurance company must provide public services that are easy to use. To provide fast, accurate, and information, ensuring the reliability of information technology service capacity governance is very important. Social insurance company needs period of preparation for development towards vision (Good Governance, Risk Management, and Compliance) in service excellence, taking into account the governance of information technology service capacity which is important factor for Social Insurance Company. ISO is a standard-setting body that provides world-class specifications for variety of things, from products, services and systems, to ensure quality, safety and efficiency. Therefore, this paper provides an overview the implementation of ISO 20000-1: 2018 standards for Information Technology Services Capacity Management with standardization clauses for social insurance company and review information technology service capacity governance standards as considerations and proposals to Social Insurance Company
View
Contents Development of Library Signage Manual in Korea
Article
Full-text available
  • Nov 2011
There is an increase in the need of an unified manual for library signage system, due to recent increase in library construction or remodeling. This paper, therefore, can be a basic research to develop library signage system manual. Based on an anual released from KLA and the sum of opinions of expert groups, this research proposes a concrete list of contents for library signage system manual as follows. First, there is a need of theoretical basis of library signage system. Second, for the actual practices of signage system, planning, check list, and standard terms shall be necessary.
View
A study on establishing a ISO 9001:2000 Quality Management System using information technology
Article
  • Jan 2005
Most organizations adopt a process-based approach to manage their operations and now business process management(BPM) is a well-established concept. Because ISO 9001:2000 has been influenced by BPR and it also emphasizes process based, BPM can get together with ISO 9001:2000. Korea Institute of Science and Technology Information has taken ISO 9001:2000 certificate in November 11, 2003 and now implements quality management systems based on BPMS. We call it KQMS(KISTI Quality Management System). KQMS based on BPMS is a new example in field of ISO quality management and is expected to support process management well.
View
ISO/IEC 20000 Certification and Implementation Guide - Standard Introduction, Tips for Successful ISO/IEC 20000 Certification, FAQs, Mapping Responsibilities, Terms, Definitions and ISO 20000 Acronyms
Book
  • Jan 2008
The Art of Service has collected the experiences of organizations, quality managers and auditors who have actually worked with the present version of the ISO 20000 standard. This hard-won experience is presented here in this leading guide to understanding and satisfying the requirements of ISO/IEC 20000, and to applying the principles that underpin this internationally recognized family of standards for managing and communicating quality of IT Service Management Processes. The best-selling ISO/IEC 20000 quality management handbook from one of the worlds leading experts on the ISO 20000 family of standards. Fully updated with the latest experiences of successfully working with the standard from industry and the service sector, plus quality auditors. Analyses each section, clause and requirement in detail, with practical implementation guidance. Whether establishing an ISO/IEC 20000 quality management system for the first time, or upgrading an existing system, this handbook is ideal for student s, practitioners, managers, instructors and auditors. It is supported by a wide range of solutions, FAQs, tips for implementers, and a glossary of terms that will be invaluable in any sector, industry, business or organization.
View
View
Service impact analysis using business continuity planning processes
Article
  • Jan 2009
Purpose This paper aims at improving the service‐oriented IT management by adopting relevant business continuity planning processes for service impact analysis in handling resource event. The paper also proposes a framework for implementation. Design/methodology/approach A framework was developed from the study of literatures in IT service management and business continuity management. It was implemented to a real IT operations environment to evaluate its effects and benefits. Findings Many organisations in the IT service industry drive the service‐oriented IT management rapidly in the region. For fault management and service continuity management, one relies heavily on the experience of experts in handling the event for realising the relationships between service and resource. Knowledge retention and information base for service management are the new challenges in the area of service management. Research limitations/implications Further optimisation and ongoing maintenance works are required to refine the correlation processes. Practical implications The framework was implemented using existing IT service management portal and network system monitoring tools with minimal modification effort. Originality/value This paper highlighted the value of adopting business continuity planning processes in service management. It also presented a way to implement a service management information base in practice.
View
Zertifizierung der IT nach ISO 20000
Article
  • Dec 2009
Seit Ende des Jahres 2005 existiert für das IT-Service-Management (ITSM) die internationale Norm ISO 20000 als Standard für die Leistungserbringung von IT-Dienstleistungen. Mittlerweile steigt die Anzahl der Anbieter von IT-Dienstleistungen, die sich einem Zertifizierungsverfahren nach ISO 20000 unterziehen, um damit einen Nachweis ihrer Konformität mit dem Standard zu erhalten und diesen gegenüber den Kunden als Qualitätszertifikat zu führen. Ursache dafür ist die steigende Bedeutung des Einsatzes von Informationstechnik (IT) zur Unterstützung der Geschäftsprozesse und der Geschäftsabwicklung vieler Unternehmen. Dabei nehmen IT-Abteilungen der Unternehmen nicht mehr per se eine Monopolstellung für die Leistungserbringung von IT-Dienstleistungen ein, sondern die Beziehungen zwischen Fachabteilungen und IT-Abteilungen werden als Kunden-/Lieferantenbeziehungen angesehen, die (auch) Markt- und Wettbewerbsmechanismen unterliegen. Somit müssen IT-Abteilungen zunehmend als IT-Anbieter kosten- und leistungsorientiert agieren. Für das IT-Service-Management, d. h. für die Planung, Steuerung und Kontrolle der Leistungserbringung von IT-Dienstleistungen, wird daher unter dem Schlagwort der „Industrialisierung der IT“ [...]angestrebt, wesentliche Prinzipien und Methoden der industriellen Fertigung umzusetzen.
View
Managed IT services: The role of IT standards
Article
  • Oct 2008
  • Inform Manag Comput Secur
Purpose The purpose of this paper is to explore the practical issues regarding standards and the management of IT services delivered by external or outsourced service providers called managed service providers (MSPs). Design/methodology/approach Extensive review of published materials from academic and industry sources is carried out to discuss the managed services practice as well as IT standards applicable for managed services. Findings Implementation of international IT standards such as the ITIL framework for IT service management benefits both internal IT organizations and MSPs. Availability of a common standard for managing IT services makes the transition of IT service management from the client organization to an MSP or from an MSP to another MSP less painful and helps to reduce or eliminate service disruptions. Practical implications The ultimate objective of this paper is to offer MSPs as well as internal IT organizations a comprehensive discussion on the IT standards that are applicable for managed IT services. Originality/value It is believed that this paper will help both MSPs as well as the internal IT organizations to understand the importance of having a common standard for managing IT services.
View
NDSL ISO 20000 Certification and ISO 10002 Post Management Consulting
  • Jan 2011
  • K Hwang
Hwang, K. (2011). NDSL ISO 20000 Certification and ISO 10002 Post Management Consulting. Seoul: Goodus.
An Example of ISO 9001 Quality Management System based on BPM
  • Jan 2006
  • 38-45
  • S K Kim
  • S H Shin
Kim, S. K., & Shin, S. H. (2006). An Example of ISO 9001 Quality Management System based on BPM. The Korea Contents Association Journal, 6(4), 38-45.
The common level of ISO/IEC 15504 and ISO/IEC
  • T Lee