episode 1 one punch man PCS Technology
Clients   |   Case Studies   |   Testimonials
Home > Case Studies

Governance and Risk Consultancy Services Case Study On ISO 20000 Implementation


Over View :

A leading network services company with a revenue base of over US$ 220 million, working with various technologies for addressing the networking, communication and infrastructure management needs of globally distributed enterprises and telecom carriers.

Challenges :

The Managed Services vertical, working with flat budgets and low head counts  wanted to deliver IT services to its global clients in such a way as to facilitate the objectives of the client organisations with excellence and efficiency.  The organisation has several Fortune 500 companies as customers for IT services. These outsourced services are driven by very strict and rigid Service Level Agreements (SLAs) with very high penalties. The organisation faces reputation and monetary risks in the event of a breach of these SLAs. 

Solution :

The solution lay in standardizing the processes the client’s business would follow and providing users with a system that would enforce efficient processes. This required the organisation to develop a vision for the future and figuring out what core processes it needed to get there. The objective was to have a lean organisation, one that could anticipate and solve problems before they happened and adapt to changes in the business as quickly as the business itself changed.

The IT governance framework found most suitable to the client’s requirement was Information Technology Infrastructure Library, popularly known as ITIL integrated with Information Security Management System.  ITIL is a collection of best practices for IT operations first developed by the British government 20 years ago. It differed from the other process frameworks as it was high-level and had enough detail to make the meaning of each term clear and show how it could be applied to an organization.

The client also believed that information security is of critical importance and percieved information security as key to extending the enterprise to enable deep integration with customers while aiding compliance with regulations. Importantly, information security also protects economically vital critical infrastructure from attack. Thus the client wanted to establish Information Security Governance framework that would be built on existing frameworks and accepted best practices and would bring about a process driven culture in the organisation. 

The key security concerns were :

Security of client environment and client information shared with them which is the intellectual property of the customers

The goal of the organisation was to achieve ISO 20000 certificate, the first and only international standard for IT service management which has ITIL as its base. And then integrate both the ISO 20000 and ISO 27001 Standard.

PCS Consulting, the consulting arm of PCS Technology Ltd., was awarded the contract to implement the service management processes and to assist the organisation in receiving the BS 15000-1:2003 certification for the following services:
  1. Network Management  
  2. Server Management
  3. Security Management
  4. Desktop Management
The organisation achieved ISO 20000 certificate in a record time of nine months which included implementation of service management processes and deployment of service management tools.

Benefits :

ISO 20000 Certification provided the following benefits to the client:
  • improved customer service
  • focused services that supports the customer’s business strategy
  • cost efficiency
  • reliable and consistent service quality
  • independent proof of service quality that serves as the marketing tool for all service offerings  
PCS Consulting also assisted the client in the implementation of the ISO 27001 standard that entailed:
  • Scope definition
  • Training of the core team, users and internal auditors
  • Risk Assessment
  • Identification of relevant controls
  • Documentation involving development of policies, procedures and relevant formats
  • Preparing the Statement of Applicability (SOA)
  • Implementing Control Framework and controls
  • Measurement of effectiveness of controls implemented and measurement of efficiency of its key members involved in implementing and maintaining the standard.
The project was completed in a record time of seven months.

The benefits the client derived from ISO/IEC 27001:2005 certification are :
  • establishment of a process driven culture in the organisation for information security thereby enhancing security awareness within the organisation
  • a benchmark to measure the security measures and management systems deployed in the organisation
  • a framework for resolving security issues
  • enhanced customer’ and business partners’ confidence and perception of the organisation
Copyright © 2024 PCS Technology Ltd. All Rights Reserved.
Designed and Website Maintenance by MiracleworX Web Design Mumbai
TOP