Starting any project can't go without many questions asked. ISO 20000 is not an exception. One of the mandatory questions, and among the first ones to ask, is – “How much does it cost?” Management is the first one who would like to know the answer, so you have to be ready and have an explanation.
And, let's make one thing clear. Implementing ISO 20000 involves so many different, company-specific parameters that it's not possible to come out with the exact amount needed for the implementation. I will help you, in this article, to do your own estimation of possible costs by explaining which elements you need to include in your calculation. In that way you can minimize surprises on the implementation project (unexpected costs, in this case).
What does the cost depend on?
It's not the same if you have small (e.g., 10-20 people) or large (e.g., 50, 100 or more employees) IT organization. Smaller organizations have simpler structures, less complexity in daily process activities, and are easier to manage. Large organizations are the opposite. Complex organizations and extensive processes and their activities mean – more costs. This is one of the parameters that dictate costs of the implementation.
Having other management system in place, like ISO 9001 or ISO 27001, will speed up the implementation and make it less expensive. Namely, ISO 20000 has some requirements (in the phase of establishing the Service Management System, i.e., SMS) that are common to the other management systems. Here I mean documentation requirements, management responsibility, training and awareness … etc. If you have processes implemented following the ITIL recommendations – good for you. It helps a lot.
Of course, your (and your co-workers') know-how is also one of the crucial elements when calculating the costs. Less know-how means the need for education and someone to help you. All that costs money.
What types of costs exist?
IT organizations, technology, and services are increasing in complexity. With ISO 20000 you try to get all three parameters under control. It doesn't sound like an easy job, does it? And it's not. But, aside from the complexity, costs are your biggest “enemy” for the implementation. Let's see where the costs are “hiding,” i.e., what will require your organization to invest money. Here are the biggest and most common sources of costs:
- Training & Awareness – The person responsible for the implementation and (sometime, later on) management of the SMS needs to know the theory in order to understand the “why” and “how” of the implementation and management of the SMS, so you have to train him. Besides that person, it's advisable to train the staff involved in the SMS. In such way you will have the whole team “speaking the same language.” Awareness is a permanent activity and can include additional materials (e.g., brochures, posters, manuals … etc.), trainings, meetings … etc., which is one more source of costs.
- Own staff – Your people will have to spend a certain amount of time during the implementation of the SMS. And, from my experience, that amount of time can be extensive. Their time costs money, as well.
- Standard purchase – Maybe it's not comparable with previously mentioned costs, but you will need to purchase the standard and, maybe, some other documentation. Include those costs right at the beginning of the calculation. It will save you time later on, when you're asked: “Why do you need to spend more money?”
- Tool – It's not a mandatory requirement to have an IT Service Management (ITSM) tool, but it's a huge help. An ITSM tool will save you from the creation (and usage) of large amounts of documents, decrease errors (e.g., having the same information in multiple documents is the most probable source of error), and increase efficiency (e.g., imagine having 20-30 incidents each day and handling them by using a spreadsheet or some simple form of a database).
- Consultant – A SMS is complex, and you can decide to get some help outside the organization, so you hire a consultant to help you implement the SMS (entirely or some specific part, or do the internal audit), or you hire a trainer to train you and your co-workers on this topic. There are the costs you need to calculate.
- Certification – Well, once you are done, the most important moment comes. Certification costs money. So, you have to be careful when engaging a certification body because they are (usually) costly.
What can you do to decrease your costs?
As much as I have experienced so far, organizations already have some of the processes (required by the ISO 20000 standard) in place. Maybe they are not encompassing all that standard requires, or maybe they are spread across several departments (and non-transparent) – but they are there. That means that you don't have to start from scratch. A certain amount of time and managerial effort can be saved (meaning less money spent). To find out where you are, conduct a GAP analysis between the standard's requirements and your processes in place.
I already mentioned that gaining know-how will cost you money. But, particularly in a larger organization, I'm pretty sure that you already have a lot of knowledge, so you don't have to invest. Again, look around and create savings by using what you already have, i.e., know.
Once you start the project, it's important to keep all activities managed (and under control). For example, chaotic situations need (quite often) for activities to be repeated several times until you finish them, some of them are even multiplied (done in parallel, by different people), external parties that are not under control create extra costs … etc. These are all examples of how a managed implementation project can save funds.
Although implementation of ISO 20000 looks like “pure cost,” you see that there are possibilities to decrease the costs. Investing some amount of time in assessment (what you have in place, which knowledge there is) is something that pays back very soon. I'm sure you would like it, but I'm even surer about your management's preferences.
Use this free ISO 20000 Gap Analysis Tool to check your compliance with the requirements - and do please let us know your experiences here at ITILNews.com.
by Branimir Valentic, 20000 Academy
20000Academy is one of the Academies of Advisera.com. Advisera specializes in helping organizations implement top international standards and frameworks such as ISO 27001, ISO 9001, OHSAS 18001, ISO 14001, ISO 20000 and ITIL. Over the years, Advisera has become a global leader in the provision of web-based training and documentation for ISO 27001 (information security management) and ISO 22301 (business continuity management).
Our best-in-class products and services have been successfully utilized in 100+ countries around the world, led by our top-shelf customer support.