ISO/IEC TR 20000-5:2013

TECHNICAL ISO/IEC
REPORT TR
20000-5
Second edition
2013-11-01
Information technology — Service
management —
Part 5:
Exemplar implementation plan for
ISO/IEC 20000-1
Technologies de l’information — Gestion des services —
Partie 5: Exemple de plan de mise en application pour l’ISO/CEI 20000-1
Reference number
©
ISO/IEC 2013
© ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Benefits of a phased approach . 1
5 Approach . 2
5.1 Overview . 2
5.2 Key considerations . 3
5.3 Understanding ISO/IEC 20000-1:2011 . 3
5.4 Scope and applicability . 3
5.5 Changes to scope . 3
5.6 Project support and commitment . 4
5.7 Gap analysis . 4
5.8 Developing the business case . 5
5.9 Implementation . 6
5.10 Project readiness . 6
5.11 Project team . 7
6 Overview of implementation phases . 7
7 Taxonomy of each phase . 9
7.1 Summary of activities in each phase . 9
7.2 Key characteristics and activities of each phase . 9
8 Post-implementation .12
8.1 Control of the SMS and improving service .12
8.2 Plan-Do-Check-Act .12
8.3 Interfaces to projects for new and changed services .13
Annex A (informative) Project initiation and business case development .14
Annex B (informative) Three phases of the implementation project.16
Annex C (informative) Developing policies.22
Annex D (informative) Documentation management.25
Annex E (informative) Templates .28
Bibliography .41
© ISO/IEC 2013 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the national bodies
casting a vote.
In exceptional circumstances, when the joint technical committee has collected data of a different kind
from that which is normally published as an International Standard (“state of the art”, for example), it
may decide to publish a Technical Report. A Technical Report is entirely informative in nature and shall
be subject to review every five years in the same manner as an International Standard.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 20000-5 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This second edition cancels and replaces the first edition (ISO/IEC TR 20000-5:2010), which has been
technically revised. The major differences are changes in terminology to reflect international usage and
realignment to the second edition of ISO/IEC 20000-1:2011.
ISO/IEC 20000 consists of the following parts, under the general title Information technology —
Service management:
— Part 1: Service management system requirements
— Part 2: Guidance on the application of service management systems
— Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1
— Part 4: Process reference model [Technical Report]
— Part 5: Exemplar implementation plan for ISO/IEC 20000-1 [Technical Report]
The following parts are under preparation:
— Part 6: Requirements for bodies providing audit and certification of service management systems
— Part 8: Guidance on the application of service management systems for smaller organizations
— Part 9: Guidance on the application of ISO/IEC 20000-1 to the cloud
— Part 10: Concepts and terminology
— Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks
iv © ISO/IEC 2013 – All rights reserved

Introduction
ISO/IEC 20000-1:2011 specifies the requirements for a service management system (SMS) to design,
transition, deliver, manage and improve services. ISO/IEC 20000-1:2011 can be used by organizations of
all sizes, sectors, types and many different organizational structures or business models.
This part of ISO/IEC 20000 is an exemplar implementation plan providing guidance on how to implement
an SMS to fulfil the requirements specified in ISO/IEC 20000-1:2011. The intended users of this part of
ISO/IEC 20000 are service providers, but it can also be useful for those advising service providers on
how to implement an SMS.
This part of ISO/IEC 20000 includes advice for service providers on a suitable order in which to plan,
implement and improve an SMS using, as an example, a generic three-phased approach to manage the
implementation. The service provider may choose their own sequence to implement the SMS. Also
included is advice on the development of a business case, the project initiation and other activities that
are recommended for the implementation to be successful.
The phases described in this part of ISO/IEC 20000 do not include changes to the intended scope of
the service provider’s SMS. The scope itself is not subject to phased changes as a result of adopting the
advice in this part of ISO/IEC 20000. Instead, each phase should improve the SMS in alignment with the
service provider’s agreed scope, building on the results of the previous phase.
The main activities for the development of the business case and initiation of the implementation project
are shown in Annex A. A list of the main activities to implement the SMS based on the requirements
specified in ISO/IEC 20000-1:2011, in three phases, is shown in Annex B. Many of the activities described
in this part of ISO/IEC 20000 are intended to be met by actions over more than one phase, with each
phase building upon the achievements of the earlier phase. Once the final phase is completed, the service
provider’s organization can achieve the benefits of an SMS that fulfils the requirements specified in
ISO/IEC 20000-1:2011. Supporting information for the implementation project is also provided.
Annex C provides examples of policies to illustrate what a service provider can want to put in place.
Because policies depend on the organization and the strategy of the service provider, these example
policies can be tailored to suit the organizational requirement.
Annex D provides guidance on documentation management. Annex E includes templates for some of the
documents specified in ISO/IEC 20000-1:2011 that can be amended to suit individual circumstances.
© ISO/IEC 2013 – All rights reserved v

TECHNICAL REPORT ISO/IEC TR 20000-5:2013(E)
Information technology — Service management —
Part 5:
Exemplar implementation plan for ISO/IEC 20000-1
1 Scope
This part of ISO/IEC 20000 provides guidance for an approach to implement an SMS that can fulfil the
requirements specified in ISO/IEC 20000-1:2011. This part of ISO/IEC 20000 illustrates a generic, three-
phased plan to manage implementation activities, taking into consideration the design, transition,
delivery, management and improvement of services. The service provider can tailor the phases to suit
its needs and constraints.
This part of ISO/IEC 20000 can be used together with the other parts of ISO/IEC 20000.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management
system requirements
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 20000-1:2011 apply.
4 Benefits of a phased approach
Although the demonstration of conformity to ISO/IEC 20000-1:2011 is only possible once all the
requirements of the standard are fulfilled, there can be many reasons to opt for a phased approach to
implementation. The phases are based on identification of a suitable sequence of improvements, each
designed to assist in fulfilling one or more of the requirements specified in ISO/IEC 20000-1:2011. This
can allow better and more efficient risk management than attempting to make all the improvements and
necessary changes in a single phase.
A phased approach can allow costs to be incurred over a longer period of time. This can make it easier
to fund the SMS implementation using operational budget instead of capital budget. It can also generate
benefits earlier, encouraging management commitment and funding of later phases.
Additional benefits can include:
a) allowing the service provider to gain experience with a smaller set of implementation activities,
rather than attempting everything in one big phase;
b) explaining each phase in a way that can be understood easily by all parties involved in or affected
by the changes;
c) planning the phased use of resources that can be scarce, expensive or already committed to
other projects;
d) allowing lessons learnt to be used in later phases of implementation;
© ISO/IEC 2013 – All rights reserved 1

e) enabling the service provider to build internal expertise to implement the project;
f) achieving key objectives of the SMS in a planned sequence.
5 Approach
5.1 Overview
To identify a suitable approach to fulfilling the requirements of ISO/IEC 20000-1:2011, the implementation
project should take into account some important factors. These factors can include the following:
Familiarity with ISO/IEC 20000
a) the understanding of ISO/IEC 20000-1:2011 principles, purpose and requirements;
b) the scope and applicability of ISO/IEC 20000-1:2011;
The customer perspective
c) the objectives and the needs of the business and customers using the services;
d) the users’ experience with the current services;
The service provider’s capabilities
e) the service provider’s business model, organizational structure and objectives;
f) the responsiveness and flexibility of the service provider when changes are necessary;
g) the expected major changes to be made by or made to the service provider;
h) other priorities of the service provider which can conflict with the requirements of
ISO/IEC 20000-1:2011;
i) the processes and contracts used to manage suppliers;
j) the service provider’s ability and readiness for the change;
The current situation
k) the support of top management;
l) the management of risks related to current and planned services;
m) the current status of the SMS;
n) the current effectiveness of service management processes;
o) the clarity and suitability of current accountabilities, authorities, roles and responsibilities;
p) the current status of the supporting service management technology;
q) the current status of participating personnel’s readiness for the change;
The expected situation
r) the need for both process and service improvement is established;
s) the financial and participating personnel’s availability for each phase or any constraints that can
affect the project;
t) the statutory and regulatory requirements and contractual obligations are known.
2 © ISO/IEC 2013 – All rights reserved

5.2 Key considerations
The service provider should ensure that the SMS is implemented with the appropriate design, transition,
delivery, management and improvement structure to facilitate the delivery and management of services
that can fulfil the service requirements. The implementation of service management processes should
support the priorities of the service provider and customers.
To attain support and goodwill from the customer, the service provider should start by establishing and
implementing those processes where the customer or the service provider experiences difficulties or
can see the most immediate benefit. In addition, the service provider should consider the impact of the
organizational change on the personnel working with or supporting the SMS. For example, the service
provider should ensure that sufficient time is allocated for communication and training. There should be
sufficient time for people to understand how their day to day activities are to change and the long term
benefits of these changes for the organization. This cannot be achieved if the implementation of the SMS
relies mainly on the production of documents and procedure descriptions. However, documents and
procedure descriptions remain important to successful implementation.
One of the risks during implementation of the SMS is that the production of documents can be
considered more important than changing the way people work. The service provider should focus on
understanding the specific context and business needs of a particular organization when implementing
the SMS. Documents and records specified in ISO/IEC 20000-1:2011 should be considered as a tool that
can support and facilitate the changes to organizational practices. They should be appropriate to the
size and complexity of the service provider’s organization.
Each phase in this part of ISO/IEC 20000 builds on the achievements of the previous phase. Each
phase facilitates important and measurable evidence of achievements against the requirements
specified in ISO/IEC 20000-1:2011. The phases described in Clause 6 of this part of ISO/IEC 20000 are
recommended but can differ from organization to organization.
5.3 Understanding ISO/IEC 20000-1:2011
The success of an SMS implementation relies on the understanding of the service provider’s
personnel regarding:
a) requirements and guidance in ISO/IEC 20000;
b) service management objectives;
c) service requirements;
d) any new or changed practices, roles or organizational structure to support the SMS.
5.4 Scope and applicability
In the planning activity, the service provider should ensure that ISO/IEC 20000-1:2011 is applicable to
the service provider’s organization. This applicability should take into account the scope of the services,
activities and the contribution of suppliers.
The service provider should perform an initial analysis to identify and agree to a suitable scope for its
SMS, using the guidance on scope definition and applicability provided in ISO/IEC 20000-3:2012.
5.5 Changes to scope
A service provider can plan to implement an SMS based on the requirements specified in
ISO/IEC 20000-1:2011 for only part of its services. The service provider can decide in the future to
expand the scope of the SMS within the organization. It should be noted that the guidance in this part of
ISO/IEC 20000 is based on the defined scope being unchanged during all three phases, not on a phased
increase in scope of the SMS. When a service provider decides to increase the scope of the SMS, it can be
useful to again follow the guidance in this part of ISO/IEC 20000 from Phase 1 for the additional scope.
© ISO/IEC 2013 – All rights reserved 3

Implementation timeframes can be shortened in future improvement efforts as the service provider
gains practical experience and can extend what has already been done to the larger scope.
5.6 Project support and commitment
The successful implementation of an SMS is dependent on management commitment through all phases.
Establishing management support and commitment should be achieved as soon as possible. Based on
initial analysis, a business case can help clarify understanding and establish commitment. It can help
sustain support and commitment for each phase and therefore minimize the risks to the success of the
planned changes.
Management ensures a focus on service requirements and constraints, including statutory and
regulatory requirements and contractual obligations. Additionally, management should ensure
appropriate priorities are allocated. The service provider should aim to maintain the understanding
and the involvement of all interested parties during all phases, not just during the first phase.
5.7 Gap analysis
The service provider should perform a detailed analysis to evaluate the gap between the service
provider’s current organization and the requirements specified in ISO/IEC 20000-1:2011 for the defined
scope of the SMS. This should include the identification and review of:
a) management systems that have already been established and implemented, including the scope of each;
b) existence and quality of both documents and records, including:
1) policies;
2) service management plan;
3) service management processes;
4) procedures;
5) service level agreements (SLAs);
6) supplier contracts;
7) records of service improvement achievements by the service provider and suppliers;
c) actual working practices;
d) service reviews, internal audits, conformity assessments;
e) workload characteristics and actual achievement against service targets;
f) recent or current service improvement plans;
g) complexity of the organization structure;
h) accuracy of the definitions of roles, responsibilities and authorities of the staff;
i) skills and competencies of the staff;
j) service provider’s culture;
k) any major changes planned to the organizational structure, services and/or technology;
l) relevant statutory and regulatory requirements and contractual obligations.
The level of detail at which the gap analysis is conducted should be tailored to the needs of the service
provider and of the service provider’s customers.
4 © ISO/IEC 2013 – All rights reserved

The outcome of the gap analysis exercise should be an assessment of the readiness of the service provider
to implement ISO/IEC 20000-1:2011 in terms of financial readiness, people readiness, risk readiness, etc.
5.8 Developing the business case
The business case for the SMS should include:
a) description of the business need and objectives the SMS is intended to fulfil;
b) proposed scope of the SMS;
c) constraints and assumptions affecting the SMS or the implementation;
d) qualitative and quantitative benefits of the SMS, including:
1) improvement to services or achieved service targets as a result of improved service
management processes;
2) changes to workloads, changes to processes, increased use of the service or proactive reduction
in support needs;
3) the ability to visibly support the business strategy, with opportunities to improve the efficiency
of services in all areas, leading to improvements in cost, quality and agility;
4) the ability to manage suppliers and partners more efficiently and effectively and to better
understand the dependencies, risks and interfaces of the supply chain;
5) the ability to be more responsive to customers, with services that are aligned with business
needs and customer requirements;
6) increased customer satisfaction of the delivered services demonstrating incremental improvement;
7) helping build a long term relationship between the service provider and customers and also
between the service provider and suppliers through their involvement through each phase;
8) potential cost savings, overall and unit costs;
9) direct or indirect benefits such as customer satisfaction, personnel satisfaction, reduced
business risks;
10) return on investment;
e) costs, including:
1) estimation of resources, including technology and people requirements;
2) costs and use of external resources;
f) risk assessment and recommendations for risk management covering organizational change,
financial and technical risks;
g) description of how the costs and benefits of the implemented SMS should be evaluated;
h) recommendations on formal, independent conformity assessment;
i) timescales;
j) interested parties who should be involved in or affected by the implementation;
k) proposed terms of reference;
l) project support, commitment and management.
© ISO/IEC 2013 – All rights reserved 5

5.9 Implementation
In order to ensure a successful implementation of the SMS, the service provider’s objectives and policies,
culture and structure should be understood. In addition, any other relevant standards, contractual obligations,
statutory and regulatory requirements that can impact the delivered services should be considered.
The appointment of a qualified project manager to lead the implementation of the SMS should be treated
as a critical aspect of a successful implementation. This person should have both appropriate project
management and service management expertise.
In addition, a group of people should be identified, including management representation, which should
have the responsibility to oversee the project, e.g. a project steering committee. The roles, authorities
and responsibilities of this group should be agreed before the project starts. Although this part of
ISO/IEC 20000 refers throughout to ‘the project’, in practice there can be several projects working
closely together during each phase of the implementation. The coordination and management of multiple
projects can be a part of this group’s responsibilities.
During the project, this group should be accountable for the implementation of the SMS.
It is important to ensure that at the end of each phase, lessons learnt are captured and provided for
the continual improvement of the SMS. Lessons learnt should be used to improve the work in the next
phase. After the last phase is completed, it is important to ensure the continual improvement of the
SMS is maintained. The group that had responsibility for the implementation of the SMS can become
responsible for the continual improvement of the established SMS or a new group can be created.
5.10 Project readiness
Based on the business case and gap analysis, the project manager should take into account the following
when developing the project plan:
a) scope of the SMS;
b) timeframe;
c) resource concerns such as:
1) skills and competence of the implementation project team;
2) accommodation, travel, facilities and tools to support the implementation;
d) funding sources for the implementation project and estimates including any known assumptions
and constraints on funding the implementation, e.g. capital expenditure not yet approved;
e) risks and issues that can cause conflicting priorities;
f) identification and early engagement of project interested parties that are recipients of the project
deliverables;
g) the service management maturity of the organization;
h) the receptiveness to change within the organization and the ability of the organization to absorb
and manage the changes successfully;
i) communication;
j) procurement;
k) review procedures for:
1) organizational and project objectives with related measurements and reporting requirements;
2) project’s business, technical, functional and resource requirements;
6 © ISO/IEC 2013 – All rights reserved

3) organizational and project processes such as: quality assurance, quality control, configuration
management, change management and related process requirements.
5.11 Project team
To ensure a smooth transition throughout the three phases described in Clause 6 of this part of
ISO/IEC 20000, the project team should have strong leadership and expertise in establishing and
implementing policies, service management processes and continual improvement activities.
Selecting personnel for the project team who are also involved in existing day to day operational
activities can lead to conflicting priorities. This is particularly important when day to day workloads
are unpredictable.
The project team should have expertise in and be responsible for:
a) designing and implementing the SMS;
b) defining the procedure for developing and implementing new or changed processes;
c) developing, implementing and integrating processes within the scope of the SMS;
d) minimizing impact of the SMS implementation on day to day activities;
e) testing and measuring the effectiveness, efficiency and continual improvement of processes;
f) managing organizational change, communication and training.
The project team should be aware that the effectiveness of the SMS depends on the integration of
the service management processes. Defining the processes and understanding their integration at
the beginning of the project can help ensure the coherent implementation of the SMS based on the
requirements specified in ISO/IEC 20000-1:2011.
Service owners, process owners and operational managers should have an important role in identifying
and managing changes to improve processes and services. As process owners and service owners are
identified, they should contribute to and support the project team.
For some service providers, the process owner can often be the same individual for multiple processes.
The process owner role can sometimes also be combined with the process manager role. For other service
providers, there can be benefits to each process owner only having responsibility for a single process
or involving people with increased process specialization and responsibilities. Service providers should
give consideration to coordinating this larger group of people, especially if they are based at different
locations or focused on the delivery or management of different types of services.
Operational managers, if different from the process owners and service owners, should also be
represented on the project team. This can ensure they are kept aware of any changes affecting operations.
Their involvement can also ensure that the plans are realistic and that the plans minimize the impact on
day to day operations.
6 Overview of implementation phases
Figure 1 represents a high level view of the clauses of ISO/IEC 20000-1:2011 in terms of their relation to
the three implementation phases described in this part of ISO/IEC 20000. These phases are described in
greater detail in Table 1 in Section 7.
© ISO/IEC 2013 – All rights reserved 7

Figure 1 — Clauses of ISO/IEC 20000-1:2011 across each of the three phases
Figure 1 represents a generic approach and a service provider should adapt these phases to suit their
individual circumstances based on the output from the initial gap analysis recommendations.
If the service provider has already implemented some processes, these processes can be improved
beginning in Phase 1. During later phases, additional improvements to these processes can be completed,
such as developing effective interfaces to new or improved processes.
The service management processes should be:
a) defined;
b) documented;
c) implemented;
d) operated and managed;
e) measured;
f) reviewed / audited;
g) improved to support service management objectives, align with policies or meet customer
requirements.
The Plan-Do-Check-Act (PDCA) methodology should be used for planning, monitoring, reviewing and
improving the SMS, including the service management processes and the services.
8 © ISO/IEC 2013 – All rights reserved

7 Taxonomy of each phase
7.1 Summary of activities in each phase
The table below introduces a summary of activities in each phase. This summary is the basis for the
definition of the three implementation phases described in Annex B.
Table 1 — Summary of activities in each phase
Phase 1 characteristic: React to service Phase 2 characteristic: Anticipate service Phase 3 characteristic: Fully integrate
disruptions or requests quickly and disruptions or requests and provide a processes and improve the SMS and
effectively. reliable service. services.
Incorporates the findings of the gap analysis Adjustment of plans based on results of Adjustment of plans based on results of
and the business case. analysis at the end of Phase 1. analysis at the end of Phase 2.
SMS structure established and implemented Revision of policies, additional processes, Revision of policies, final processes, inte-
including service management plan, initial integration of existing processes, procedures gration of all processes, documentation of
policies, commitment/accountability, major and other supporting documentation. detailed procedures and supporting docu-
incident management/reactive processes. ments.
On completion of Phase 1, the service pro- On completion of Phase 2, the service pro- On completion of Phase 3, the service
vider has implemented policies, processes vider has implemented activities, processes, provider has a good understanding of the
and procedures to fulfil the requirements of procedures and control CIs that enable it to customer’s business and service require-
ISO/IEC 20000-1 for a basic SMS. The focus anticipate and avoid service disruptions. ments. Measurement of the effectiveness
includes reacting quickly and effectively The service provider has put in place initial and efficiency of the services and processes
to service disruptions and requests. The measurements. The service provider has is in place, and measurements can include
service provider has knowledge of all the stabilized its processes in order to provide a customers’ satisfaction and continual
services and related components that enable more reliable service to its customers. It has improvement of delivered services. The
it to react to these service disruptions or begun discussing with its customers their service provider has understood and
requests. future service requirements, in order to established business relationships with
incorporate their needs into its plans. both suppliers and customers. As a result,
the service provider should now be able to
demonstrate conformity to all requirements
of ISO/IEC 20000-1.
Analysis of status at the end of Phase 1. Analysis of status at the end of Phase 2. Analysis of the status at the end of Phase 3,
including a full internal audit and, where
appropriate, conformance to the standard.
By the end of Phase 1 the SMS provides the By the end of Phase 2 the SMS provides the By the end of Phase 3 the SMS provides the
basis for Phase 2. basis for Phase 3. basis for continual improvement of the SMS
and services.
7.2 Key characteristics and activities of each phase
Table 2 introduces key characteristics and activities which are aligned with Figure 1 and Annex B.
Table 2 — Key characteristics and activities of each phase
ISO/IEC 20000-1 com- Phase 1 characteristic: React to Phase 2 characteristic: Antici- Phase 3 characteristic: Fully inte-
ponent service disruptions or requests pate service disruptions or grate processes and improvement
quickly and effectively. requests and provide a reliable of the SMS and services.
service.
4.1 Management respon- Service management policy and Service management policy and Service management policy and pro-
sibility process specific policies and plan process specific policies and plan cess specific policies and plan are
are defined. are updated to provide a more evaluated and updated for continual
reliable service. improvement.
4.2 Governance of pro- Processes operated by other par- Agreement with other parties to Processes operated by other par-
cesses operated by other ties are identified and contracts allow service provider to demon- ties are measured, monitored and
parties are reviewed to identify which strate governance of all processes controlled against agreements and
ones allow the service provider operated by other parties. policies.
to demonstrate governance of pro-
Reviews with other parties are in
cesses in Part 1, Clauses 5 to 9.
place and improvement areas are
identified and prioritized.
© ISO/IEC 2013 – All rights reserved 9

Table 2 (continued)
ISO/IEC 20000-1 com- Phase 1 characteristic: React to Phase 2 characteristic: Antici- Phase 3 characteristic: Fully inte-
ponent service disruptions or requests pate service disruptions or grate processes and improvement
quickly and effectively. requests and provide a reliable of the SMS and services.
service.
4.3 Documentation man- Service management policy, and Service management policy, and Any additional service manage-
agement process specific policies and process specific policies and ment roles and responsibilities are
objectives are documented. objectives are updated. documented.
Implemented processes and pro- Additional processes, procedures Process and procedure documents
cedures are documented. and interfaces are documented are evaluated and updated for con-
and existing ones updated. tinual improvement.
Document controls are imple-
mented. Service management roles and Document controls are verified and
responsibilities are documented. audited.
4.4 Resource manage- Determine and provide resources Service management roles and Evaluate, determine and provide
ment for SMS and services. responsibilities are agreed. any additional resources or differ-
ent skill sets to support the SMS and
Service provider personnel Service provider personnel are
services.
understand the services offered to aware of ISO/IEC 20000, their
customers. role in supporting the SMS and
services and they are competent
The project team, key line
to perform their roles and respon-
managers, process owners and
sibilities.
service owners are aware of ISO/
IEC 20000, their role in service
management and their responsi-
bilities in the implementation.
4.5 Establish and Customers are identified and Risks are documented and man- Effectiveness of SMS is evaluated
improve the SMS service requirements are docu- aged. and improved.
mented.
SMS is implemented. The performance of the processes
The scope of SMS is defined. and services is monitored and cor-
Reports on the performance of the
rective action taken as required.
SMS is established. The concept delivered processes are produced
of continual improvement is and reviewed. Internal audit and management
understood. reviews take place.
Improvements are identified,
recorded, planned and imple- The effectiveness of planned
mented. improvements is monitored.
5.1 General Where other parties are used to Changes to new or changed services
develop new or changed services, that have the potential to have a
suitable suppliers are identified major impact on services to the cus-
via the supplier management tomer are identified. Where other
process. parties are used to develop the new
or changed services, authorities and
Ensure that changes in the scope
responsibilities between the service
of Clause 5 are defined in the
provider and supplier are clearly
change management policy.
defined.
5.2 Plan new or changed New or changed services are The plans relating to new or
services planned to fulfil the service changed services are evaluated
requirements. and agreed with the customer and
interested parties.
5.3 Design and develop- The new or changed services are New or changed services are evalu-
ment of new or changed designed and developed to meet ated and adjusted to meet changing
services the agreed service requirements. service requirements, policies or
business objectives.
5.4 Transition of new or The new and changed services are Final test results are produced and
changed services built and tested to ensure they communicated to interested parties
fulfil the service requirements, prior to releasing and deploying
prior to being deployed using the processes.
release and deployment manage-
ment process.
6.1 Service level manage- A service catalogue is in place Targets for each service are docu- Performance of the service is
ment detailing all live services and mented in SLAs and agreed with reviewed and opportunities for
information about those services. the customer. improvement identified.
Changes in customer and service Service reviews will be held with
requirements are adequately customers.
managed, controlled, approved,
implemented and verified.
10 © ISO/IEC 2013 – All rights reserved

Table 2 (continued)
ISO/IEC 20000-1 com- Phase 1 characteristic: React to Phase 2 characteristic: Antici- Phase 3 characteristic: Fully inte-
ponent service disruptions or requests pate service disruptions or grate processes and improvement
quickly and effectively. requests and provide a reliable of the SMS and services.
service.
6.2 Service reporting Desired service reports are Service reports are produced as Customer satisfaction and service
designed and agreed with inter- per design and agreement with complaint reports are produced
ested parties. interested parties. and analysed to support decision
making. Improvement actions are
On need basis service reports are
identified based on the findings.
produced.
6.3 Service continuity Unplanned non-availability is Business plans, SLAs and risk Availability plans are reviewed and
and availability manage- investigated and action taken to assessments are used to develop audited.
ment understand the root cause. an availability plan.
The service continuity plan is tested
Business plans, SLAs and risk and the results are used to update
assessments are used to develop the plan and feed improvements.
a service continuity plan which is
Once updated, availability and
tested.
service continuity plans are agreed
The availability of services is with the customer.
measured.
6.4 Budgeting and Costs are understood and tracked Budgets and costs are available Budgets and costs support the
accounting for services at a simple le
...