The compliance requirements for ISO/IEC 20000:2011 meant that some additional planning and control evidence needed to be in place before the 2005 version of the scheme expires in June 2013. New key areas that Marval needed to demonstrate adherence to in order to comply with in the latest version of the standard, given the scope of certification were, ‘planning to implement new or changed services’, ‘information security management’ and ‘supplier management’.
Although Marval was well positioned by already doing most of what the standard required, at the start of 2012 it recognised that in order to fully comply with the updated 2011 standard it needed to enhance its change management policy, process and procedures to include additional impact assessment, design and reporting areas. The information security management process was also strengthened with additional documentation, controls and evidence of business-wide communication.
In many aspects, Marval was ahead of the game; partly because it has been continually improving how it does things since its original certification (against BS15000), partly because it had aligned its approach to improvements identified in the ITIL refresh, and partly due to the evidence gathered within its integrated ITSM software tool, MSM.
Don Page, CEO of Marval, says of the re-certification “It is a great achievement by our IT support team. Passing the audit with flying colours and without any non-conformances gives our customers comfort and confidence that the proper process and procedures are in place for Marval to deliver support to the highest possible standard.”