Secure Your Business

Case Study Siemens:
Integration of ISO 20000, 27001, 9001


  • Seamless integration of ISO 9001, ISO 27001, ISO 20000
  • Siemens IT Solutions and Services wins perspectives: by integrating quality, security and Service Management in one system

Siemens IT Solutions and Services has been one of the first European outsourcing provider to be certified according to the International Standard for IT Service Management ISO 20000. The goal was to standardize IT service provision processes in order to actively counteract the cost pressure increasing globally. Furthermore, services within the locations should become comparable. What also is interesting is the structure: full integration of the individual ISO Standards in a generic management system, which is based on quality management acc. to ISO 9001, has been extended by adding information security acc. to ISO 27001 and now also includes IT Service Management acc. to ISO 20000. 




“We are working with a uniform management system, which enables an overall view of the company’s development that could not be achieved otherwise by seamless integration of partial aspects,” stresses Dr. Albert Felbauer, Area Manager of Siemens IT Solutions and Services. Even generic planning processes and processes for finding strategies are defined while considering quality, security and service management. Establishing parallel organizations should be done without deliberately. “This has helped Siemens IT Solutions and Services to create exemplary structures. On the one hand, these structures are cost effective and efficient because synergies can be utilized. On the other hand, they are well-aimed because single topics can be subordinated in alignment with the big corporate goals,” summarizes CIS Auditor Dr. Peter Soudat, who conducted the Certification Audit acc. to ISO 20000 at Siemens IT Solutions and Services.


  • Securing a competitive edge, reducing costs 

The Siemens Group has been aligned to ITIL (IT Infrastructure Library) on an international scale since 1993. When ISO 20000, the Standard for IT Service Management based upon this, was published in 2006, the Group Management rated this as being a trend in IT relevant for the future. “Siemens has realized this development soon enough and decided to be among the first,” stresses Dr. Albert Felbauer. The location in Germany was certified acc. to ISO 20000 in mid-2006. In 2007, Siemens IT Solutions and Services in Austria took the same step. Other locations are to follow.


Siemens IT Solutions and Services in Vienna is one of the five global Production Centers within

the company group, has 1,500 employees and is number one on the Austrian outsourcing market with about 300 large-scale customers. “Standardized service processes acc. to ISO 20000 are the basic requirement to offer services with a constant quality and with the same processes to our customers all around the globe. Furthermore, they form the basis for worldwide quality and process improvement so that our competitive edge can be consolidated even more and the increasing cost pressure can be counteracted.” This is how Dr. Albert Felbauer summarizes the most important advantages.


  • From ITIL to ISO 20000 integration 

“ISO 20000 is the tool for integrating processes conforming to ITIL in an ISO based management system.” This is how CIS Auditor Dr. Peter Soudat explains the interrelations and interactions. While ITIL is a collection of best practices on 1600 pages, the ISO 20000 Standard summarizes the key requirements placed on a professional IT Service Management System on 23 pages in

a focused manner.


It is true ITIL and ISO 20000 include identical processes, such as change, release, incident, problem or security management. But in order to conform to ISO 20000, it is not enough to thoroughly implement all the best practices described in ITIL. By focusing on the key requirements for the individual processes, important influencing factors, such as company size, service offer or customer structure, can definitely be considered when designing the service management system. Thus even smaller companies can work and be certified according to the standard. The binding requirements placed by ISO 20000 help to establish comparable structures for processes conforming to ITIL and to continually improve these processes and seal them by granting a Certificate. Compliance with service levels becomes measurable.


  • Service catalogues with budgeting increase efficiency

In ISO 20000, the idea of quality and costs plays a central role: “At IT Service Management

acc. to ISO 20000, it is a matter of improving IT processes, documenting and then avoiding nonconformities, preventing double work and optimally observing agreements with customers. For this purpose, service catalogues with budgeting are elaborated,” says CIS Manager Erich Scheiber. This enables increase in efficiency and improvement of quality. Quality Manager Walter Kvapil can confirm this: “On the whole, ISO 20000 yields much more lasting savings than its implementation leads to costs. This is an investment in sustainable structures.”


Building still other ISO Standards upon a base system yields significant advantages. As for SIS, ISO 9001 had grown to a mature system for many years. Thus it was useful to integrate information security acc. to ISO 27001 and IT service management acc. to ISO 20000 on this basis with a relatively low expenditure. In quality management, the threads meet to form an overall system. For example, such central indicators as “customer satisfaction” or “availability of services” are simultaneously acquired for all the areas while actions will also be implemented globally. Quality Manager Walter Kvapil is the general coordinator. The individual subordinate systems are led by technical managers.


  • Top-Down: The system is made to live by top management

Thanks to the combination of quality, security and IT service management to one overall system, top management also is involved optimally – this is one of the most important requirements for successful operations. Business goals will be broken down to individual topics and not vice versa.


Where is the company to be in three years? What actions in QM, IS and ITSM are necessary for this? The top managerial level will even be involved in monitoring the actions. In future the topics of QM, IS and ITSM also are to be anchored in corporate strategy explicitly in order to enhance awareness in all the hierarchical levels even more.


In reports as well as the regular management reviews, the three key topics will be handled together, which also reduces the hours spent on meetings – at a better result for the overall company. This helps to save time and is efficient. As Walter Kvapil adds, “Even at our internal audits, QM, IS and ITSM Representatives are sitting round one table. A lot of potential is released by linking technical knowledge relating to all the standards in a cross-departmental manner. This potential will be of benefit to the company as a whole, not only to one’s own Department.” This helps to elegantly avoid internal walls. Joint documentation and combined audits yield enormous synergies.


  • Improving the company’s image thanks to certification

For Siemens IT Solutions & Services, certification acc. to ISO 20000 plays a central role. “On the one hand, the competitive edge is made clearly identifiable by the ISO Certificate. On the other hand, the employees will be much more motivated if they have a concrete goal in mind,” explains Quality Manager Walter Kvapil. “Furthermore, we use the internal audits necessary for certification as a powerful tool for system optimization – after all, we want to achieve measurable improvements in results by using ISO 20000.”








CIS - Certification & Information Security Services T +421 55 677 0156 office.sk@cis-cert.com Imprint