How to manage service management records according to ISO 20000

Have you ever been in a situation when you had to make a decision, but you had almost no information? Sooner or later, each one of us gets into such a situation in our lifetime. You trust your feelings, and … whatever will be, will be.

Decisions on managing an IT Service Management System (SMS) shouldn’t be made like that. When you make a decision – it needs to be based on facts. This is where we get to records. Records are your facts in the scope of the SMS, and are usually your sound basis to make decisions and conclusions. Let’s see some more facts about the records.

Records – What are they?

The ISO 20000 standard defines a record as: “a document stating results achieved or providing evidence of activities performed.” This means that records are produced when something is done, and they show the result of particular activities. Some records are produced automatically (e.g., some measurements that are made regularly or log files on particular components) and some are made manually (e.g., an internal audit report).

ISO 20000 consists of many different processes, which each consist of various activities. Those activities generate records. The point is that ISO 20000 requires, for SMS management, many records to be generated in various forms on the basis of certain activities. Here are a few examples of records that are generated in the scope of the SMS:

Some records are explicitly required by the standard, while there are others that are not mandatory, but are useful to manage the SMS. Additionally, if you use a tool to manage your SMS, then you will store most of the records inside the tool. Otherwise, you can use a spreadsheet or paper form.

The usage

If someone (maybe even your management) asks you: “Why do we need records, at all?” – what would be your answer? Well, the simple answer is: “Because the standard requires us to record lots of information.” Yes, this is a simple, but (I would say) bureaucratic explanation. You know very well that investing effort (yes, recording information requires effort to be invested) just because it is written somewhere that you need to do it, is something no one will appreciate. Is there another side?

Luckily – yes. Records are actually your “tool” to know where you are and what you need to do. Let me explain this. You have signed a Service Level Agreement with your customer. And, you agreed that you will provide a service with 99.99% availability. Otherwise, the customer can charge you with penalties. At the end of the month you need to evaluate achievements related to that service (and the respective SLA) to check whether you fulfilled your contractual obligations. Availability or capacity measurements, incident management reports, etc. are records you need to evaluate your achievements. If you don’t have them, well – it will be impossible to prove you did everything correctly.

And, finally – the certification audit. Besides the fact that you must have all records that the standard requires, records are your proof to the certification auditor that the required activities have been performed. To be able to use the records, you need to take care of:

  • Storage – you need to know where a particular record is stored and how to get it once you need it.
  • Change – meaning, who is allowed to change the record, and when?
  • Access, retrieval, use – this is access management, meaning who has the right to read / write / change the record.

The benefits

To explain the benefits, let’s turn things upside-down. Imagine that you don’t record anything. Besides the fact that you can’t pass the certification audit, you won’t know what’s going on (in the scope of your SMS). Are you delivering services as required? Are there any incidents or service requests? If yes, are they resolved? What is your financial situation? Can you afford to hire a new employee?

These were just examples. The point is that, without records, you don’t know what is good and what needs improvement. Once your achievements start to reflect on customer services, particularly in a negative way – the era of problems begins. And, I’m sure, no one likes that.

Take the maximum

Let’s resume the facts. The standard requires your organization to use and provide records. Processes generate records as a result of related activities. And, last but not least, the tools and equipment you use in daily operations generate a lot of records.

So, since records exist – use them to the maximum. Configure systems / tools you use, customize templates, and create reports that provide structured, consistent, and useful information. In such a way, records will work for you (and not vice versa) – for your own benefit, your organization’s, and your customer’s.

Read the white paper  Checklist of Mandatory Documentation Required by ISO/IEC 20000-1:2011 to find out what the mandatory records are for your ISO 20000 implementation.

Advisera Branimir Valentic
Branimir Valentic
Branimir is an expert in IT service management (consultancy, training and tools), IT governance (training and consulting), project management and consultancy in IT and telecommunication. He holds the following certificates: ITIL Expert, ISO 20000, ISMS Lead Auditor and PRINCE2.