Management of IT Environment (3)
Riadenie IT prostredia
Standardization in terms of IT
service management
Karol Furdík
Department of Cybernetics and AI, FEI TU Košice
Management of IT Environment (3)
LS 2012/2013
Lecture content
Definitions of basic terms
normalization, norm and standard
task, properties and characteristics of a technical norm
types of standards, factors and stages of standardisation, norm life-cycle
Standardization organisations
Legislative framework of norms
Standardization in IT servis management
standards for quality management
standards for modeling and management of business processes
standards for IT services and management
standards for IT security management
standards for related technologies
Management of IT Environment (3)
LS 2012/2013
Standardization - definitions
1. Standardization – creation and application of norms, standards,
recommendations and rules in certain field of study
- in our case implementation and application of IT/ICT in organisation
2. Standardization - definition of framework, which ensures
compliance of minimal level of quality, technological or management
processes, system management, interface provision, etc.
Objective of implementation of standards created by the precess of
increase the competitiveness of organisation, where the norms are
guaranteeing the prescribed quality of output products/services
streamlining and optimalisation of decision and management processes
increase of prestige and credit of the organisation opposing the competition,
which does not have the standard implemented
Management of IT Environment (3)
LS 2012/2013
Prerequisites for standard implemnentation
Standard should be progrssive, and according to the newest
knlovledge and trends – impotrant mostly in the field of IT
result – standardization is an iterative process, in which the standards
undergo several stages from the proposal through implementation up to
the termination of the standard
However, the standard should be sufficiently stable, accepted by a
wide range of proffessionals and with proved aplication in real life
Standard has to be sufficiently clear, understandable, explicit and
therefore it should include implementation guides, application examples
and it is also appropriate to include a recommended certification
Management of IT Environment (3)
LS 2012/2013
Norm and standard
Norm – Established binding rule, custom etc., resp. set of such rules. E.g. moral,
social, legal, governmental (technical) norm
 Technical norm – prescribed technical solution of a product, equipment,
technology etc.
Standard - common (good) quality level, stable, normal rate, basic level of
 Technical standard - common, pattern, governing the production so that a
certain type products of according type,quality, composition or size were
made; (in some countries) label of technical standard
Norm is a more „strict“ term, containing a binding feature.
Standard has in slovak environment a more general, loose meaning; standard
does not have to be binding / obligatory to apply (Remark: in the past STN were
obligatory, nowadays they are not)
In English the term standard is used, so the terms norm and standard may be
regarded as synonyms.
Management of IT Environment (3)
LS 2012/2013
Standard -definition, purpose, characteristics
Def. according to ISO: standard is a documment, based on an agreement
and approved by a respected organisation, that provides common and
repeatable set of rules, guides, restrictions or charatcetistics for
processes and their outcomes such that in a given context an optimal
level of arrangement is achieved.
Purpose of (technical) standards is to provide a precise specification in the
given field of industry, sales or services which serves as a reference
framework for application in production or business.
Standard should be:
Result of broad consensus among experts -> eligibility for practise
Verifies and stable
Progressive to correspond with the latest knowledge and trends
Predictive, forward-looking
Management of IT Environment (3)
LS 2012/2013
Properties of technical standard (1)
Represents a certain level of know-how and technology, that should be as
progressive as possible, but already prooved in practise.
Therefore a presense of wide consortium of industry representatives and experts is
necessary in the process of standard creation.
Result of cooperation, so it reflects the combined results of all associated patries
and is confirmed by an agreement of the consotrium.
should represent all relevant interests of: manufacturers, users, laboratories,
government, consumers etc.
Never a compromise nor neutral. In contrary, standard expresses a strict and exact
specification of a certain approach or process (production, technological,
managerial, etc.).
Management of IT Environment (3)
LS 2012/2013
Properties of technical standard (2)
Consistent and coherent. Is created by technical committees that are coordinated
by specialized patries which ensure that the obstacles and differences between
different areas and business activities are overcome.
Reference document used specifically in relation to public contracts between
business or industrial partners, in international trade contracts or for creation of
business agreements.
Used by industrialists as a non-negotiationable reference, which simplifies and
unites business relationship between economic partners.
Although a standard is not necessarily legally binding it is a generally accepted
document that may be used in court litigations.
Standards are widely available, they can be studied or traded with no restrictions.
However, thay cannot be published or coppied.
Management of IT Environment (3)
LS 2012/2013
Types of standards (1)
According to content:
Basic standards - terminology, metrology, conventions, symbols etc. Wide
range, general provisions for one particular area.
Test methods and analysis standards – measurements of certain properties.
Product and service standards- parameters of a certain type of product (product
standards) or of a certain service.
describe the lowest acceptable levels of parameters a product or service has to
achieve (e.g. health protection, security, docummentation, ...)
Organizational standards – description of company function and relationships,
modeling of activities inside the company (e.g. quality management, value
analysis, logistics, project and system management, production organization
Management of IT Environment (3)
LS 2012/2013
Types od standards (2)
According to geographical scope:
National (in Slovakia - STN, ANSI – USA, DIN – Germany, BS – Great Britain,
Ö NORM – Austria, NF - France, JISC – Japan)
Regional (e.g. European – EN, ETS )
International (e.g. ISO, IEC, IEEE, W3C and other)
Technical harmonisation principle - at European level there are defined as
common technical specifications so-called harmonized standards (created by
European standardization organizations).
National standardization organizations take over these harmonized standards
as their own using qualified translation of the original European standard and
harmonize all other standards with respect to the European one.
In Slovakia it is done according to zákon č. 264/1999 Z. z., resulting in
harmonized slovak technical norms.
Management of IT Environment (3)
LS 2012/2013
Designation form of STN standards
sign STN and a 6-digit number:
STN XX XX XX – original national standard, two digits represent class, group
and order in the catalog (cca 40% of the total number of STN standards).
STN EN XXXXX resp. STN ISO/IEC XXXXX – took over European or
international standard, 5-digit number reflects the number of the initial European
or international standard (cca 60% of standards)
After the marking of took over standards there is a index sign that represents
national STN standard under which the standard issued, for example:
 STN ISO/IEC 20000-1 (36 9788) – after inclusion into STN this standard has
been given class 36: Electrical Engineering, Information technologies, group 97,
serial number 88.
Management of IT Environment (3)
LS 2012/2013
Standardization and creation of standards
Standardization (resp. normalization):
 targeted activity that creates and puts standards (norms) into practise
 aims to achieve an optimum degree of order in a particular area with respect to
the actual state of knowledge, to address known problems and expected future
Activities associated with stanardization:
 drafting of the standard
 official issue of the standard
 implementation
Contribution of technical standardization:
 improve the suitability of products, processes and services for their intended
use avoiding obstacles and ensure technical cooperation.
Management of IT Environment (3)
LS 2012/2013
Standardization factors
Production justifying factor. Standard allows to achieve desired technical
parameters, satisfy the customer, confirm the production method, affect the
productivity growth, and provide a defined level of quality and safety.
Transaction clarification factor. Existence of reference documents, standards
and regulations enables you to better evaluate the offer and to reduce
uncertainty in trade relations.
Inovation and further development factor. Participation in standardization allows
you to anticipate future development and continually upgrade your product or
service -> gaining advantage through knowledge transfer.
New technology transfer factor. Normalization facilitates and accelerates the
transfer of technology on various importand areas (new materials, information
systems, biotechnologies, ITSM etc.)
Factor influencing strategic decisions. Participation in standardization makes a
significant need to implement new solutions, what maked the company more
competitive. This highlights the need to actively participate in standardization
and not just to take it as inevitable evil.
Management of IT Environment (3)
LS 2012/2013
Standardization stages (1)
1. First draft of the standard. From idea to working draft.
 Identification of the market need for new standard.
 Define requirements (commetioan, user, functional and technical) that represent
the needs of the market and serve as a basis for standard development.
 First working draft (draft specification) of the standard which is a consensual
result from all of the interested parties.
2. Development and official release. From design to final formulation.
 Process of approving the proposal in a broader consortium of experts, usually
coordinated by a relevant standardization organization.
 Assess the wider impact of standards on the area and beyond, as well as on the
structure of already existing standards. Potential conflicts are addressed cy
recasting the draft and its reassessment.
 Official release of the standard and its inclusion into the existing catalog of
Management of IT Environment (3)
LS 2012/2013
Standardization stages (2)
3. Implementation. From formulation of the standard to implementation
 Specification of testing and certification, which is usually published as an
amendment to the standard.
May also contain more or less detailed guides for implementation including example
of reference implementation.
These amendments ensure interoperability ie. the consistency between different
Process of continous and periodic assesment of compliance with the standard,
regular assessment of standard application, particulary with regard to changing
needs and marked requiremens.
This process may result into proposals to update or amend the standard (or a
proposal to repeal the standard for not being up to date).
Management of IT Environment (3)
LS 2012/2013
Standard life-cycle
Management of IT Environment (3)
LS 2012/2013
Standardization organizations
Organizations dealing with standardization, management of
standardization activities and standard publication.
 Categorization based on teritorial scope:
Coordination of work is ensured by common structures and
cooperation agreements.
In Slovakia: SÚTN, Slovenský ústav technickej normalizácie,
State subsidized organization; founder: ÚNMS SR
Represents SR in international organizations
Creation, approval and publication of STN, harmonization with European
Management of IT Environment (3)
LS 2012/2013
International standardization (1)
ISO, International Organization for Standardization,
 World federation of national standardization org (163 members)
Role – support the development of standardization and related activities on a
global scale to facilitate international exchange of good and services and to achieve
alliance in intelectual, scientific, techncal and economic area.
ISO activity is focused on all standardizaton areas
The area of electrical engineering, electronics and IT is addressed in close
collaboration with IEC.
IEC, International Electro technical Commission,
 Prepares and pubishes international standards for all electrical,
electronic and related technologies.
 In the field of IT, based on an agreement with ISO, a joint committee ISO/IEC
JTC1 has been established, in which the IEC participates on developement of
the ISO/IEC 20000 standard.
Management of IT Environment (3)
LS 2012/2013
International standardization (2)
ITU, International Telecommunication Union,
 Specialized United Nations agency for telecommunication and
IEEE, Institute for Electrical and Electronics Engineers,
 International non-profit proffesional organization seeking to
improve technology related to electrical engineering
W3C, World Wide Web Consortium,
 International association of stakeholder organizations and
individuals which has been developing standards for web
Management of IT Environment (3)
LS 2012/2013
Regional standardization in Europe
CEN, European Committee for Standardization,
 The most important standardization body in Europe
 Job description – creation and management of European EN
standards in all areas where standardization is applied except the areas of
electrical engineering (CENELEC) and telecommunications (ETSI).
CENELEC, European Committee for Electrotechnical Standardization,
 Non-profit organization, main European standardization organization for the
area of electrical engineering
ETSI, European Telecommunications Standards Institute,
 Non-profit organization that creates European ETS standards for the area of
Management of IT Environment (3)
LS 2012/2013
National standardization
ANSI, American National Standards Institute,
 manages about 20% of commissions sub-committees and
workgroups of ISO and IEC
 e.g. ANSI code tables (ASA X3.4-1963 – adopted as ISO 8859),
standardization of C programing language (ANSI X3.159-1989), ANSI initiative
to publish ISO standard using on-line library, etc.
BSI, British Standards Institution,
 BSI standards known as BS (British Standard)
 E.g. ISO/IEC 20000 (formerly BS 15000), group of standards for system
management quality ISO 9000 (formerly BS 5750), information security
management standard ISO/IEC 27001 (formerly BS 7799), etc.
Management of IT Environment (3)
LS 2012/2013
Standardization legislation
General principle – in principle, standards are not binding / obligatory
and compliance is voluntary.
This does not mean that there are no rules and you can use them as you want
Legislative framework provides:
 definition of the standard and its types
 basic principles of creation and compliance
 determining the rights, duties and responsibilities of subjects creating and
applying standards
 Broader aspects of the framework:
 legal specification of authorship
 Definition of conformity assessment and certification.
Management of IT Environment (3)
LS 2012/2013
Standard legislation in SR
Zákon č. 264/1999 Z. z. o technických požiadavkách na výrobky a o
posudzovaní zhody (as amended)
 method for provision of technical requirements for products that could
endanger health, safety or property of people or the invironment
 rights and obligations of SÚTN
 procedures for assessing conformity of products with technical standards
 rights and obligations of subjects related to the conformity assessment
 rights and obligations, resulting from the standards, of businesses that
produce, import products on the market
 scope of state administration in the field of technical ztandardization and
conformity assessment
 supervision of compliance with the law including penalties
 relation between Slovak and other standards, harmonization and standard
Management of IT Environment (3)
LS 2012/2013
Authorization, conformity assessment, certification
Definitions under the law No. 264/1999 Z. z.:
Authorization (§ 11) assignment of the operator or other legal entity to implement
conformity assessment. The mandate is issued by department. Holder of the
authorization (ie. „authorized person“) may be in accordance to the scope of
the authorization content authorized to provide certification, conformity
assessment, inspection and product testing.
Conformity assessment(§ 12) investigating whether the real properties of the
product match the technical requirements. If OK the manufacturer/importer is
issued with a declaration of conformity (§13), that is necessary for the product
to be placed on thenational market.
Certification (§ 14) activity of authorized person, issuing the certificate proving
that the properties of the product and/or activities related to its production are
in accordance with the technical requirements.
Management of IT Environment (3)
LS 2012/2013
Standardization of IT environment/services
IT environment – infrastructure, that includes IT/ICT in given organization to
achieve specific business objectives (income, long-term development,etc.).
Objectives of the organization are defined at the level of corporate strategy,
namely its focus on medium and long term horizon. Strategy defines:
 what is the main objective of the business
 which activities does the business deal with
 how is the organization managed
 What are the goals in the area of marketing, sales, production, etc.
Corporate strategy is then specified in detail and realized using appropriate
business processes – sequences of actions, activities and tasks necessary
for creation of a particular product or service for the customer.
Particular form of business processes is given by the aquired business strategy
while the criteria of quality and adequacy is the level of compliance with the
stategic goals of the organization.
Management of IT Environment (3)
LS 2012/2013
Progressive IT service management
For meaningful and effective functioning of business processes, we use IT
services which run on a particular IT/ICT infrastructure.
Role of IT service management – is to align individual components of the
infrastructure to support the business processes of the company in the most
appropriate, efficient and optimal way.
Management of IT Environment (3)
LS 2012/2013
Development of standards for ITSM
Management of IT Environment (3)
LS 2012/2013
Classification of IT management standards
ITIL framework – the basis, from which the most importand standard is
ISO/IEC 20000
Standards related to IT management (as a whole):
quality management standards (ISO 9000)
business process management and modeling standards
IT service management standards
including ISO/IEC 20000
information security management standards
standards for some technologies suitable for designing and operation
of IT service systems
Management of IT Environment (3)
LS 2012/2013
Quality management standards
ISO 9000 standards, defining so-called Quality management system
ISO 9000
Specifies duty to describe, document,
manage and continuously improve all
existing processes, prescribes the form
of documentation and management
Defines how to design ITSM in a way that
will lead to cost-effective provision of IT
services, also introduces a continuous
cycle of effectivity and efficiency
Has a broader scope and covers all
business processes in general.
Covers only those ITSM processes that
are a part of business activities.
A general standard that does not specifiy
what specific processes schould be
Exactly defines which of the processes
should be developed and implemented.
Other standards regarding QMS e.g.:
 STN ISO 10006:2003. Quality management systems. Instructions for quality
management in projects.
 STN EN ISO 14001:2004. Environmental management systems.
Requirements and usage guides.
 ISO 26000:2010. Social responsibilty of companies
Management of IT Environment (3)
LS 2012/2013
Business process management standards
Business process management:
 optimalisation of business processes
 setting the activities on the mose appropriate level of quality, effectivity in terms
of time, resources and cost
 Possible automation of BP, adequate level of human interaction
BPM standards:
Object Management Group,
BPMN (BP Modelling Notation),
BPDM (BP Definition Metamodel),
UML (Unified Modeling Language),
Organization WfMC (Workflow Management Coalition),
defines format for storing and exchanging process representations.
BPAF (BP Analytics Format,, XML scheme for assessment and evaluation of process efficiency.
Management of IT Environment (3)
LS 2012/2013
ISO 20000 standard for ITSM (1)
ISO/IEC 20000 - parts:
1. Introduction: defines the purpose, scope and application of the
2. Terms and definitions: defines the basic terminology.
3. Management system requirements: defines the responsibilities od
senior management in the area of service quality management,
documentation requirements , responsibilitiy assignment and required
training of presonnel.
4. Planing and implementation: defines the system, of continous
improvement using PDCA.
5. New services and changes: defines requirements for planning and
assessment of cost, impacts and risks of changes.
Management of IT Environment (3)
LS 2012/2013
ISO 20000 standard for ITSM (2)
ISO/IEC 20000 - parts:
6. Service delivery process: definition of tactical service planing
processes (service level management, reporting, continuity
management, financial resources managemetn, information security
7. Relation processes: defines processes for managing relationships
with customer, suppliers and third parties.
8. Recovery processes: defines operational service management
processes (incidents and problem management).
9. Control process: defines processes of information support, security
checks and changes(configuration and change management).
10. Deployment process: defines the requirements of process that
physically makes, implements and deploys changes (issues
Management of IT Environment (3)
LS 2012/2013
ISO 20000 - ITIL – In-house processes
Management of IT Environment (3)
LS 2012/2013
Structure of ISO/IEC 20000 standard
ISO/IEC 20000-1:2005. Part 1: Specification. Defines basic requirements for
ITSM within the organisation and server as a reference framework for
certification od IT service providers.
ISO/IEC 20000-2:2005. Part 2: Code of practice (user manual). Serves as a
supporting guide for ITSM implementation.
ISO/IEC TR 20000-3:2009. Part 3: Guidance for the scoping and applicability of
ISO/IEC 20000-1. Defines the scale and applicability ofITSM within an
ISO/IEC TR 20000-4:2010. Part 4: Process reference model. Defines the logical
representation os abstract processes of ITSM and its parts including the goals
and requires outputs.
ISO/IEC TR 20000-5:2010. Part 5: Exemplar implementation plan for ISO/IEC
20000-1. Practical example of ITSM implementation.
Management of IT Environment (3)
LS 2012/2013
Structure of STN ISO/IEC 20000 standard
ISO/IEC 20000 standard has been translated into slovak in august 2008
and included into STN system, where it consists of these rules:
STN ISO/IEC 20000-1:2005. Information technologies. Service
management. Part 1: Specification.
STN ISO/IEC 20000-2:2005. Information technologies. Service
management. Part 2: Pactise recommendations.
Management of IT Environment (3)
LS 2012/2013
Other ITSM standards
ISO/IEC 38500 (, standard for IT Governance. Standard
covers a higher level of ITSM including the management of company
processes and strategic goals of a company. Is comes from Austarlian
stadard AS 8015:2005 and is based on COBIT of version 4.1
ISO/IEC 15504, also known as SPICE (Software Process Improvement and
Capability dEtermination). Standard defines a reference model pro
organisational processes, creation, delivery, support and maintanacne in area
of precess types and their performance.
ISO/IEC 15288 describes life-cycle processes of artifical human constucted
systems. These processes are defined in four categories: technical, project,
contract and supplementary organisation processes.
Management of IT Environment (3)
LS 2012/2013
Security standards for IT systems
Information security managemet system (ISMS) is defined by ISO/IEC 27000
( and consists of these documents:
 ISO/IEC 27000:2009. Definition of terms.
 ISO/IEC 27001:2005. Requirements. Main standard for ISMS based on
British standard BS 7799-2. Represents a complex ISMS through
implementation, maintanance, and improving within an organisation.
 ISO/IEC 27002:2005. Code of practice. Set of guidelines for ISMS.
 ISO/IEC 27003:2010. Implementation guide for ISMS.
 ISO/IEC 27004:2009. Measurement. Implementation and maintanace guide
for standardised markers and efficiency measurements.
 ISO/IEC 27005:2008. Information security risk management.
Recommendations and techniques for security risk management analysis.
 ISO/IEC 27006:2007. Requirements and guides for ISMS cefrification.
 ISO/IEC 27011:2008. ISMS for telecommunication.
 ISO 27799:2008. ISMS for healthcare facilities.
Management of IT Environment (3)
LS 2012/2013
Some technology standards for IT systems
ISO/IEC 29361-29363:2008. Web Services Interoperability. These standards
define profiles of web services – communication via SOAP, WSDL parametres
description, linking of parameters SOAP binding, etc.
W3C specifiactions:
 SOAP (Simple Object Access Protocol, W3C
Recommendation: SOAP Version 1.2
 WSDL (Web Services Description Language,
W3C Recommendation: Web Services Description Language Version 2.0
 SAWSDL ( W3C Recommendation: Semantic
Annotations for WSDL and XML Schema
OASIS consortiom specifications:
 SOA ( OASIS standard: Reference
Model for Service Oriented Architecture 1.0,
Management of IT Environment (3)
LS 2012/2013
Certification of compliance with ITSM norms
Certification and conformity assessment is usually carried out by various
government and private companies ( not directly by the standardisation
organisations!), which are qualified and authorised for this kinds of activities
(authorised presonel).
Framework rules are restricted by law – in Slovakia zákon č. 264/1999 Z. z. o
technických požiadavkách na výrobky a o posudzovaní zhody.
Standardisation framework for conformity assesment and certification is
specified in ISO /IEC 17000:2004, as well as STN ISO /IEC 17000.
Accreditation in Slovakia is issued by Slovak national accreditation
service (SNAS,
For certifiacation in the field of quality management and IT service management
in our country consult the following certification authorities:
 Bureau Veritas,
 TÜV NORD Slovakia,
Management of IT Environment (3)
LS 2012/2013
Certification process for ISO/IEC 20000
Conclusion: Standard (like ISO/IEC 20000 or any other) is not the goal, but path.
Therefore it is not right to be guided solely by our effort to increase our prestige
by getting a certificate, but try to achieve the best results possible through
understanding the companies processes and customer needs.
Management of IT Environment (3)
LS 2012/2013
For more info:
– ITIL / ITSM: or
Management of IT Environment (3)
LS 2012/2013

No Slide Title