ISO 20000 Certification & Compliance

Service management system general requirements

Top management shall provide evidence of its commitment to planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the SMS and the services of ISO 20000 Certification by:

1. Establishing and communicating the scope, policy and objectives for service management.
   • This basic business philosophy is relevant to our organizational goals and to meeting the needs and expectations of its customers. This philosophy has been communicated to all employees within the scope of the Business Quality Management System.  This is accomplished through communications, distribution of a variety of literature and monitoring of customer satisfaction.  Quality concepts are integrated into our company culture.
2. Ensuring that the service management plan is created, implemented, and maintained in order to adhere to the policy, achieve the objectives for service management, and fulfill the service requirements.
   • conducts internal audits at planned intervals to ensure conformance with:
     1. The Service Management Plan
     2. The ISO 20000-1 standard
     3. The ISO 9001 standard
     4. The ISO 27001 standard
     5. The CMMI corporate assessments (SVS/DEV), and
     6. To ensure that the Business Quality Management System is suitable, adequate, and effective.
3. Communicating the importance of fulfilling service requirements.
   1. Company has established and ensures communication takes place between its various levels and functions regarding the importance of meeting the service management objectives and the need for continual improvement. This is accomplished via the following vehicles:
      1. Planned business meetings
      2. Through e-mail and regular open forums,
      3. Through internal documents
   2. Communicating the importance of fulfilling statutory and regulatory requirements and contractual obligations.
      1. Before the submission of a proposal or the acceptance of a customer requirement, the contract or order is reviewed by staff to ensure that:
      2. Requirements are adequately defined and documented,
      3. Differences between the contract requirements and those in the proposal or quotation are resolved,
      4. Company has the capability and capacity to meet contract or order requirements, and
      5. If an order is received verbally, team ensures that the order requirements are agreed upon before acceptance and documents such statements as requirements.
      6. Business Development department personnel are responsible for communication and interface with customers’ organizations in contract matters.
   3. Ensuring the provision of resources
      1. management determines and provides, in a timely manner, resources needed:
         1. To implement and improve the processes of the Business Quality Management System which is the baseline for all Quality Standards embraced, and
         2. To enhance customer satisfaction by meeting requirements.
   4. Conducting management reviews at planned intervals.
   5. Ensuring that risks to services are assessed and managed.
      1. The Company has defined “Risk” as any event that represents potential harm to the Company’s interests/goals. Company Departments on a regular and periodic basis submit Risk Assessment reports to Executive Management. As well, risks, where identified, are catalogued at the Project, Task and Contract levels, as well as associated risk mitigation strategies and outcomes. Risk Management Objectives are the goals that are accomplished when such events do not occur. The goals are:
         1. Corporate Stability and Safety
         2. Corporate Business Continuity
         3. Corporate Compliance with Relevant Legal Frameworks
         4. Financial Viability
         5. Financial Fidelity
         6. Contract Profitability
         7. Effective Contract Performance
         8. High Employee Retention
         9. High level of information security
         10. Confidence in Business Continuity Plan
      2. As a preventive action when actions are taken to prevent the occurrence of a non-conformity/risk manifestation,
      3. As an anticipated/planned corrective action if non-conformity/risk manifestation occurs,
      4. As a corrective action taken to mitigate an unforeseen non-conformity/risk manifestation

Risk is evaluated and identified in the following areas:

1. Corporate
2. Financial
3. Contract
4. Health
5. Information Security

Corporate

The Company has an umbrella insurance plan that protects assets from litigation, natural disasters, acts of terror, loss of executive management and other unforeseen insurable events

Financial

The Company ensures that it maintains financial resources to effectively pursue its goals. In addition to retained earnings, the company maintains a standing line of credit to fund extraordinary expenses

Contract Profitability

The Company requires that Business Units (BDMs) provide a daily risk assessment report on all contracts, or processes to senior management. The report contains areas of potential harm and proposed mitigation methods.

Contract Performance

The Company invests human, financial, and system resources to monitor and ascertain Contract Performance. Customer surveys are performed daily on approximately 25 percent of all customer interactions. Survey data is automatically compiled and results in Customer Satisfaction Reports by a variety of categories including month, contract, as well as Company-wide

Health and Safety

The Company procures and makes available at no cost, to all full-time staff members medical and group life insurance plans, ensuring employee and dependent health maintenance resulting in low employee turnover.

Information Security

The Company has implemented ISO/IEC 27001:2005 the international standard for entities to manage their Information Security.  The standard sets out how a company should address the requirements of confidentiality, integrity and availability of its information assets and incorporate this into an Information Management Security System

Service management policy

Top management shall ensure that the service management policy:

1. is appropriate to the purpose of the service provider.
2. includes a commitment to fulfill service requirements.
3. includes a commitment to continually improve the effectiveness of the SMS and the services through the policy on continual improvement in Clause 4.5.5.1.
4. provides a framework for establishing and reviewing service management objectives.
5. is communicated and understood by the service provider’s personnel.
6. is reviewed for continuing suitability.

Authority, responsibility and communication

Top management shall ensure that:

1. service management authorities and responsibilities are defined and maintained
2. documented procedures for communication are established and implemented.

Monitor and review the SMS (Check)

The service provider shall use suitable methods for monitoring and measuring the SMS and the services. These methods shall include internal audits and management reviews. The objectives of all internal audits and management reviews shall be documented. The internal audits and management reviews shall demonstrate the ability of the SMS and the services to achieve service management objectives and fulfill service requirements. Nonconformities shall be identified against the requirements in this part of ISO/IEC 20000, the SMS requirements identified by the service provider or the service requirements. The results of internal audits and management reviews, including nonconformities, concerns and actions identified, shall be recorded. The results and actions shall be communicated to interested parties.

Internal audit

The service provider shall conduct internal audits, at planned intervals, to determine whether the SMS and the services:

1. fulfill the requirements in this part of ISO/IEC 20000.
2. fulfill the service requirements and the SMS requirements identified by the service provider;
3. are effectively implemented and maintained.

There shall be a documented procedure including the authorities and responsibilities for planning and conducting audits, reporting results, and maintaining audit records. An audit program shall be planned. This shall take into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency, and methods shall be documented. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit. Auditors shall not audit their own work. Nonconformities shall be communicated, prioritized and responsibility allocated for actions. The management responsible for the area being audited shall ensure that any corrections and corrective actions are taken without undue delay to eliminate nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of results.