Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021
ISO-20000-ITIL-blog

ISO 20000 & ITIL® Blog

Service Management System Review – Does it really matter?

So, you have implemented a Service Management System (SMS) according to ISO/IEC 20000. You wonder – does anyone care? “Anyone” means your superior.

Try, just for few moments, to put yourself in your CIO’s shoes:

  • He convinced the Board of Management that a SMS is needed and got approval for the budget.
  • He is responsible to support business processes with IT services. Certainly, some of them are crucial for the company’s existence.
  • People on that level are extremely focused on efficiency.

You can bet that he is interested in the SMS. One more thing – according to ISO/IEC 20000-1:2011 he is obliged to care – there is a requirement for management review.

Motivation and targets for review

A SMS includes many processes, roles, measurements, reports, plans… etc. On the other side, management review should be concise. The logical question is – how do you merge these two opposing issues?

When you start SMS implementation, one of the first things you do is define the scope of the SMS. The scope depends on the business requirements, which depend on the customer requirements. Your SMS efficiency depends on satisfying customer needs. If you are responsible for the SMS, I am sure that you would be eager to be sure that customer requirements are met. And there you go – the first, but very important motivation for SMS review.

The “story” with customer requirements goes on – they can change. Changing customer requirements, i.e., customer needs, require services to adapt. Change will follow that requirement and top management wants to be sure that this happened.



Let’s focus on internal organization issues that could be addressed by management review:

  • Internal regulation – every settled organization has policies, standards, and objectives to comply with.
  • Reports – we use them, e.g., to be sure that we are on the correct course. That could be measurement reports or audit (both external as well as internal) reports. What’s important is that reports provide hard facts that are excellent starting points to make decisions.
  • Customer feedback – there are many ways that we can get feedback from our customer regarding services that we provide. For example, a customer satisfaction survey is one of them. Analysis of the survey’s results is a very good topic for management review.
  • Changes – once the SMS is established, that doesn’t mean that nothing will be changed. Quite the contrary – I’ve never seen a SMS that doesn’t change. This includes changes of functionality or technological changes. The outcome of changes is also one of the topics that need to be discussed at the management review meeting. The reason is, e.g., analysis of efficiency during change implementation. Or, there could be technological changes that affect our services. The management review meeting is a good place to start an upgrade in technology for existing services (e.g. usage of RF technology instead of barcodes for warehouse inventory).
  • Review – except for the first management review meeting, it’s important that results of previously defined action items or improvement measures are presented or analyzed at the meeting. This will ensure that agreements made at the meeting are taken seriously.

SMS is a live system and offers many topics that could be discussed at a management review meeting. Fulfillment of customer requirements is certainly an unavoidable topic, but how do you pick other topics? It’s hard to say – it depends on the services, organization, management of the SMS… but whatever can add value to effectiveness and improve existing performance is certainly welcome as a topic.

Responsibilities for review

As you can see, there are many elements related to a management review meeting. It’s a good idea to have one (not more than that) responsible person to prepare data, organize the meeting, and follow up on the outcomes. An SMS Manager is the ideal role for that task. He has an overview of the SMS and the services, is involved in measurement, and has an active role in customer or user management (e.g., through the Service Level Management or Business Relationship Management processes).

One requirement of ISO/IEC 20000-1 is that top management performs management review. Who is top management? This is someone who directs and controls the service provider on the highest level (by the way, this definition is taken from ISO 9000). Usually, this is, e.g., the CIO (or Head of IT, IT Director… etc.) or, usually in smaller companies, the CEO.

I already mentioned that the SMS Manager also has an important role in management review. He will cooperate with the Continual Service Improvement (CSI) Manager while preparing data for the meeting.

How about results?

Once one meeting takes place, the results should be documented (one of the requirements of ISO/IEC 20000-1) and followed up. This will provide a tangible track for the next management review meeting, i.e., it will ensure that agreements, action items and improvement measures are taken seriously.

How often do these meetings take place? I would say at least once a year. But, some companies operate in dynamic environments – they should increase the frequency of the meetings.

An efficient SMS and a well-prepared management review meeting can open up new opportunities for the SMS Manager. More funds and additional resources to increase the organization’s capability – what more could he wish for? But, he should also be careful what he wishes for – at the next review meeting there is one more thing to prove as effective.

Download a free sample of the Management Review Minutes template to get better understanding of the report’s content.

Advisera Branimir Valentic
Author
Branimir Valentic
Branimir is an expert in IT service management (consultancy, training and tools), IT governance (training and consulting), project management and consultancy in IT and telecommunication. He holds the following certificates: ITIL Expert, ISO 20000, ISMS Lead Auditor and PRINCE2.