NBRM's Decisionas for ISO 20000

In the beginning of 2008, the National Bank of Republic of Macedonia (NBRM) brought Decision on the bank's information system security ("Official Gazette of the Republic of Macedonia" No. 31/2008).

In this decision NBRM prescribed the methodology for information security of the banks taking into consideration the processes for managing the security of the information system, business continuity, e-banking security standards etc.

In June 2008 NBRM brought Decision on amending the Decision on the bank's information system security ("Official Gazette of RM" No. 78/08). With this amendment NBRM prescribed that the IT suppliers of the banks (outsourcing companies) must be ISO 20000 IT Service Management certified.

"The outsourcing company* under paragraph 1 of this item shall obligatorily be certified in accordance with the international standard ISO/IEC 20000.
* Outsourcing company shall denote a company, which on the basis of a written agreement, provides services to the bank from the information system area for processing bank and financial activities.“ (based on the decision from 2008)”

In the beginning of 2009 NBRM brought another Decision on amending and consolidating the Decision on the bank's information system security ("Official Gazette of the Republic of Macedonia" No. 31/2009) in which there are clarifications for which IT providers of the banks are included in the category of companies that should be ISO 20000 certified.

„Information system services undertaking of a bank according to this Decision, shall denote:
a) ancillary services undertaking of a bank whose prevailing activity is managing and maintaining a data processing system, and which, on the basis of a written agreement processes and stores bank's data during the conduct of banking and financial activities; and/or
b) outsourcing, which, on the basis of a written agreement processes and stores bank's data during the conduct of banking and financial activities."

These NBRM’s decisions made ISO 20000 very relevant topic in Macedonia, especially among IT companies.

The card processing center CaSys first demonstrated alignment to the NBRM’s requirements or more precisely the requirements of their clients, through successful certification of IT Service Management System based on ISO 20000:2005. With this CaSys became the first company in Macedonia and the region to be ISO 20000 certified. This news was published by Kapital, Makfax etc.

Description of ISO 20000 series of standards

Effective service management delivers high levels of customer service and customer satisfaction. It also recognizes that services and service management are essential to helping organizations generate revenue and be cost-effective. The ISO/IEC 20000 series enables service providers to understand how to enhance the quality of service delivered to their customers, both internal and external.
The ISO/IEC 20000 series applies to both large and small service providers, and the requirements for best practice service management processes are independent of the service provider's organizational form. These service management processes deliver the best possible service to meet a customer's business needs within agreed resource levels, i.e. service that is professional, cost-effective and with risks which are understood and managed.

ISO/IEC 20000-1
ISO/IEC 20000-1 defines the requirements for a service provider to deliver managed services. It promotes the adoption of an integrated process approach to effectively deliver managed services to meet business and customer requirements. For an organization to function effectively it has to identify and manage numerous linked activities. Coordinated integration and implementation of the service management processes provides the ongoing control, greater efficiency and opportunities for continual improvement.
This is the standard against an organization is being certified.

ISO/IEC 20000-2
ISO/IEC 20000-2 represents an industry consensus on guidance to implementers of ISO 20000 – 1 and offers assistance to service providers planning service improvements or to be audited against ISO/IEC 20000-1.
Organizations can’t certify against this standard. This standard helps organization to get certified against ISO 20000 – 1.

ISO/IEC TR 20000-3
ISO/IEC TR 20000-3 provides guidance on scope definition, applicability and demonstration of conformance for service providers aiming to meet the requirements of ISO/IEC 20000-1, or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It can also assist service providers who are considering using ISO/IEC 20000-1 for implementing a service management system (SMS) and who need specific advice on whether ISO/IEC 20000-1 is applicable to their circumstances and how to define the scope of their SMS.
Service providers who wish to implement an SMS based on ISO/IEC 20000-1 are required to define the scope of their SMS. Definition of service management scope, and the agreement of the scope statement, is a complex stage in the service provider's adoption of ISO/IEC 20000. ISO/IEC 20000-3:2009 provides guidance on the applicability of ISO/IEC 20000-1 and scope of the SMS based on practical examples.
ISO/IEC TR 20000-3:2009 supplements the advice in ISO/IEC 20000-2, which provides generic guidelines for implementing an SMS in accordance with ISO/IEC 20000-1.
Organizations can’t certify against this standard. This standard helps organization to get certified against ISO 20000 – 1.

ITSM terminology on Macedonian language

The English terminology which is used in the IT is more and more often adopted in Macedonian language. Best example are the words that we use every day: mouse, explorer, monitor, browser etc. Lately there are some efforts for appropriate translation of IT terminology on Macedonian language and standardization and dissemination of the translation. (mostly through the Macedonian version of the software programs and tools)

I support this initiative, but I must admit that sometimes the translation sounds very funny.

The English terminology that is used in the area of IT Service management is completely not standardized on Macedonian i.e. doesn't exist on Macedonian language.
Whit this post I would like to try to initiate standardizing at least of the basic terms from the ITSM area.



English language ----- Macedonian language

• Incident management ----- Управување со инциденти
  
• Problem management ----- Управување со проблеми
• Configuration management ----- Управување со конфигурациите
  
• Change management ----- Управување со промени
• Release management ----- Управување со верзии
  
• Supplier management ----- Управување со добавувачи
  
• Business relationship management ----- Управување со деловните врски
• Information security management ----- Управување со безбедност на информации
• Capacity management ----- Управување со капацитетите
  
• Budgeting and accounting for IT services - Одредување на цена и трошоци ја ИТ услугите
  
• Service continuity ----- Континуитет на услугата
  
• Availability management - ----- Управување сорасположивоста
• Service level management ----- Управување сонивото на квалитете на услугите
  
• Planning and implementing new or changed services - Планирање и имплементирање на нови или променети услуги
• Service strategy ----- Стратегија за услугите
• Service design ----- Дизај на услугите
• Service transition ----- Транзиција на услугата
• Service operations ------ Оперативна услуга / Користење на услуга / работење на услуга ???
  
• Continual service improvement ----- Континуирано подобрување на услугата
  

More details on this subject on my Macedonian ITSM blog.

ITSM Certifications

There are different types of ITSM certifications:

• certifications for individuals based on ITIL
• certifications for individuals based onISO 20000
• certifications for organizations based on ISO 20000

More details for the ITSM certification and how to obtain them is described in the following presentation.

ITSM Qualification Schemes

View more presentations from Ana Meskovska.

Presentation for ITSM qualification Scheme which I presented on the 6th SEEITA and 5th MASIT Open Days Conference.

3rd itSMF Regional Conference

In the period of 27-28 May 2009 itSMF Macedonia organized the 3rd itSMF Regional Conference.

On the conference there were very rich and interesting presentations, but sadly there was very small attendance.

More detail for this conference you can find on the official itSMF Macedonia website (agenda and presentations), itSMF International (interviews with the participants), as well as in the BUG magazine (news).

Below is my presentation on subject Integration of various standards relevant for ICT (ISO20000, ISO27001, ISO 9001 and ITIL).

Integration of ICT Standards

View more presentations from Ana Meskovska.

Also I enclose the presentation of my colleague Viktorija Donceva, who was talking for the practical experience from implementation of ISO 20000 and her interview for TV.

Experience from Implementation of ISO 20000

View more presentations from Ana Meskovska.