Bimbingan Teknis - ITSM Forum Indonesiaitsmforum.id/BIMTEK_TATAKELOLA_LAYANAN-v1.pdfSep 19, 2017 ·...

Bimbingan TeknisTATA KELOLA DAN MANAJEMEN LAYANAN TEKNOLOGI INFORMASI

AGENDA

✓ WORKING GROUP LAYANAN & TATA KELOLA TI

✓ SNI 38500 - TATA KELOLA TEKNOLOGI INFORMASI

✓ TATA KELOLA DAN MANAJEMEN LAYANAN TI DAN PERATURAN DI INDONESIA

✓ SNI 20000 - MANAJEMEN LAYANAN TEKNOLOGI INFORMASI

19 SEPTEMBER 2017 IPB INTERNATIONAL CONVENTION

BIMTEK TATAKELOLA & LAYANAN TIK 2

WG LAYANAN & TATA KELOLA TI



WG LAYANAN & TATA KELOLA TIWorking Group ISO Layanan dibentuk oleh Kominfo dan BSN bekerjasama dengan praktisi, bertujuan untuk mengadopsi ISO menjadi SNI.

No Judul SNI

1 SNI ISO/IEC 20000-1: 2013Teknologi Informasi - Manajemen Layanan - Bagian 1: Persyaratan sistem manajemen layanan

2 SNI ISO/IEC 20000-2: 2013Teknologi informasi - Manajemen layanan - Bagian 2: Pedoman penerapan sistem manajemen layanan

3 SNI ISO/IEC TR 20000-3: 2013Teknologi informasi - Manajemen layanan - Bagian 3: Pedoman pendefinisian lingkup dan kesesuaian dari SNI ISO/IEC 20000-1

4 SNI ISO/IEC TR 20000-4: 2013Teknologi informasi - Manajemen layanan - Bagian 4: Model referensi proses

5 SNI ISO/IEC 20000-5:2016Teknologi informasi — Manajemen layanan — Bagian 5: Contoh acuan perencanaan implementasi SNI ISO/IEC 20000-1

6 SNI ISO/IEC TR 20000-9:2016 Teknologi informasi — Manajemen layanan — Bagian 9: Pedoman penerapan SNI ISO/IEC 20000-1 ke layanancloud

7 SNI ISO/IEC TR 20000-10:2016 Teknologi informasi — Manajemen layanan — Bagian 10: Konsep dan terminologi

19 SEPTEMBER 2017IPB INTERNATIONAL CONVENTION


WG LAYANAN & TATA KELOLA TI

No Judul SNI

8 SNI ISO/IEC 15504-6:2015Teknologi informasi - Asesmen proses - Bagian 6: Contoh model asesmen proses daur hidup sistem

9 SNI ISO/IEC TS 15504-8:2015Teknologi informasi - Asesmen proses - Bagian 8: Contoh model asesmen proses untuk manajemen layanan teknologi informasi

10 SNI ISO/IEC TS 15504-9:2015Teknologi informasi - Asesmen proses - Bagian 9: Profil proses target

11 SNI ISO/IEC TR 38502:2016Teknologi informasi — Tata kelola TI — Kerangka kerja dan model

12 SNI ISO/IEC 15504-3:2015Teknologi Informasi - Asesmen proses - Bagian 3: Panduan pelaksanaan asesmen

13 SNI ISO/IEC 15504-4 :2015Teknologi informasi - Asesmen proses - Bagian 4: Panduan penggunaan perbaikan proses dan penentuan kapabilitas proses

14 SNI ISO/IEC 15504-5:2015Teknologi informasi - Asesmen proses - Bagian 5: Contoh model asesmen proses daur hidup perangkat lunak



WG LAYANAN & TATA KELOLA TINo Judul SNI

15 SNI ISO/IEC 33001:2016 Teknologi informasi — Penilaian proses — Konsep dan terminologi

16 SNI ISO/IEC 33002:2016 Teknologi informasi — Penilaian proses — Persyaratan pelaksanaan penilaian proses

17 SNI ISO/IEC 33003:2016 Teknologi informasi — Penilaian proses — Persyaratan untuk kerangka kerja pengukuran proses

18 SIN ISO/IEC 33004:2016 Teknologi informasi — Penilaian proses — Persyaratan untuk acuan proses, penilaian proses dan model kematangan

19 SNI ISO/IEC TR 33014:2016 Teknologi informasi — Penilaian proses — Panduan untuk perbaikan proses

20 SNI ISO/IEC 33020:2016 Teknologi informasi — Penilaian proses — Kerangka kerja pengukuran proses untuk penilaian terhadap kemampuan proses

21 SNI ISO/IEC 38500:2016Teknologi informasi — Tata kelola TI untuk organisasi

22 SNI ISO/IEC TS 38501:2016 Teknologi informasi — Tata kelola TI — Panduan implementasi



WG LAYANAN & TATA KELOLA TIPrioritas Pertama : Kelompok SNI 38500

◦ SNI Tata Kelola TI menjadi kunci utama utkpenerapan berbagai sistem manajemen lainnya

Prioritas Kedua : Kelompok SNI 15504/33001

◦ SNI Penilaian Proses menjadi jembatan antaraSNI Tata Kelola dengan SNI Sistem Manajemen

Prioritas Ketiga : Kelompok SNI 20000 danKelompok SNI 27000 secara Terintegrasi

◦ SNI Sistem Manajemen Layanan dan SNI SistemManajemen Keamanan harus diadopsi secaraterintegrasi agar lebih efektif dan efisien

19 SEPTEMBER 2017 - IPB INTERNATIONAL CONVENTION


SNI 38500 – TATA KELOLA TICHANDRA YULISTIA, SE AK CISA CISM - IASII



ISO 38500 – AKTIFITAS & PRINSIP



Evaluasi

Arahkan Monitor

Tata Kelola

TIK

KebutuhanBisnis

TekananBisnis

Ren

can

ake

bija

kan

Kin

erja

Kes

esu

aian

Pro

po

sal

Proses Bisnis

Proyek TIK Operasi TIK

ISO 38501 – IMPLEMENTASI



ISO 38502 – ASSESSMENT RATING



Rating Description

Unknown — No knowledge of the level of achievement of outcomes and no evidence of success

Not Applied — The majority of beneficial outcomes are not being achieved

— Little evidence of success

Somewhat applied — Some beneficial outcomes being achieved to a certain degree with one or more beneficial outcomes not being achieved at all

— Some evidence of success visible with one or more aspects not in place at all

Largely Applied — All beneficial outcomes being achieved to a large degree with certain beneficial outcomes being fully achieved

— All evidence of success visible to a large extent with certain aspects being fully in place

Fully Applied — All beneficial outcomes are being fully achieved

— All evidence of success fully implemented and working effectively

ISO 38502 – ASSESSMENT – PRINCIPLE



Table B.1 — Assessment criteria for the Responsibility principle

Beneficial Outcomes Evidence of Success

The organization successfully implements IT enabled business change

Executive managers lead business process, organization structure and human change when implementing IT solutions

Organizational value is generated by IT Executive managers treat IT as an investment for return, not solely as a cost to be reduced

The organization receives the quality of services it requires in the most effective and efficient manner possible

Executive managers determine the best IT delivery model considering :

— Decision rights and control structures (central, de-central, federal, etc.)

— Supply : Optimising the provision of IT (sourcing strategy)




Table B.2 — Assessment criteria for the Strategy principle


The organization's operations are effectively supported by IT and strategic change is appropriately enabled by IT

IT clearly aligned to business strategy and architecture

The organization's decision support systems provide high quality and timely information

The business requirements regarding usability, confidentiality, integrity and availability of data used for decisions are identified and met.

The organization’s objectives are enabled through IT innovation

IT used to:

— Enable, disrupt and redefine business models

— Engage and connect with customers




Table B.3 — Assessment criteria for the Acquisition principle


Investments in IT prioritised on the extent to which their potential contribution to the business is both attractive and achievable

IT investments structured into portfolios, returns on investments required to meet hurdle rates

Business requirements are fully supported by selected IT solutions

IT solutions procurement process ensures that functionality, usability, architectural, security, performance, availability, etc. requirements are met

Implementation programs proceed according to plan and achieve business benefits

Change programs structured to deliver business capabilities with careful management of costs, risks, schedule and benefits




Table B.4 — Assessment criteria for the Performance principle


All stakeholders able to interact and transact with IT systems that provide the services, levels of service and service quality to meet their requirements

IT appropriately responsive and available even in the event of high demand and or disaster. IT changes and upgrades effected only with planned disruption to the business.

Information is complete, accurate, secure and accessible

IT is protected against unauthorised access or changes to data. Controls in place to ensure the integrity of data

Stakeholders effectively assisted when requesting IT support

Effective service desk that resolves requests, incidents & problems and ensures that customers are assisted within defined service levels




Table B.5 — Assessment criteria for the Conformance principle


The organization’s policies, rules and mandates are accurately implemented by IT

Mature IT processes and controls in place, ensuring conformance to organizational policies, service requirements and risk appetite

The organization properly manages its information and transactions so that there are no breaches of legal and/or regulatory requirements

On-going monitoring of relevant legislation, implementation of necessary IT processes and controls and provision of independent assurance




Table B.6 — Assessment criteria for the Human Behaviour principle


Stakeholders use the organization’s IT in an acceptable manner

Executive managers provide leadership, supported by appropriate policy education, training and conformance monitoring for users & service providers

Business efficiency and value generated from staff using IT in a productive and effective manner

On-going education, training & competence testing for all users on all aspects of the use of the organization's IT

ISO 38502 – KERANGKA ELEMEN UTAMA



TATA KELOLA & MANAJEMEN LAYANAN TI DAN PERATURAN DI INDONESIAHARUN AL RASYID, SE CISA COBIT5F, ISO27001 -IA



Keterhubungan Tata Kelola TI



COBIT dan Management Framework Lain



COBIT acting as CONSOLIDATOR

Keterhubungan SNI/ISO



Keterhubungan SNI/ISO



Drivers

Enterprise Governance

IT Governance

Best Practice Standards

Processes and Procedures

C O B I T

Balanced Scorecard

COSOPP60/2008

Performance Conformance

SNI ISO 9000

SNI ISO 27001

SNI ISO 20000

QA Procedures

Security Principles

IT Service Management

PP 60/2008Sistem Pengendalian Intern Pemerintah



Tata Kelola TI: COBIT 5 Standard & Framework Lain



SNI 20000 – MANAJEMEN LAYANAN TIDR. YUCKI PRIHADI, SSI , MM, MKOM – ITSM FORUM INDONESIA



ISO 20000 – MANAJEMEN LAYANAN



ITIL V3



DISKUSI



Bimbingan Teknis - ITSM Forum Indonesiaitsmforum.id/BIMTEK_TATAKELOLA_LAYANAN-v1.pdfSep 19, 2017 ·...

Documents

Transcript of Bimbingan Teknis - ITSM Forum Indonesiaitsmforum.id/BIMTEK_TATAKELOLA_LAYANAN-v1.pdfSep 19, 2017 ·...