ISO/IEC TR 29110-5-3:2018

TECHNICAL ISO/IEC TR
REPORT 29110-5-3
First edition
2018-01
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 5-3:
Service delivery guidelines
Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour
très petits organismes (TPO) —
Partie 5-3: Lignes directices de prestation des services
Reference number
©
ISO/IEC 2018
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
1.1 Fields of application . 1
1.2 Target audience . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms and process structure . 8
4.1 Abbreviated terms . 8
4.2 Convention . 8
4.2.1 Process description . 8
4.2.2 Work Product Description . 9
5 Overview of this document . 9
6 Governance process (GO) .10
6.1 Introduction .10
6.2 GO purpose .10
6.3 GO objectives .11
6.4 GO diagram .11
6.5 GO activities .11
6.5.1 GO.1 Define the scope of the activity and required roles .12
6.5.2 GO.2 Define and implement the governance structure.13
6.5.3 GO.3 Manage resources including documentation .14
6.5.4 GO.4 Complete reporting and improvement activities.14
7 Service Control process (CO) .14
7.1 Introduction .14
7.2 CO purpose .15
7.3 CO objectives .15
7.4 CO diagram .15
7.5 CO activities .16
7.5.1 CO.1 Manage change to services .16
7.5.2 CO.2 Evaluate and build the service change .18
7.5.3 CO.3 Test and deploy approved service change .19
8 Service relationship process (RE) .19
8.1 Introduction .19
8.2 RE purpose .19
8.3 RE objectives .20
8.4 RE diagram .20
8.5 RE activities .20
8.5.1 RE.1 Create and/or maintain a suitable service catalogue .20
8.5.2 RE.2 Establish and manage agreements with customers and suppliers .21
9 Service incident process (IN) .22
9.1 Introduction .22
9.2 IN purpose .22
9.3 IN objectives .22
9.4 IN diagram .22
9.5 IN activities.22
9.5.1 IN.1 Prevent incidents .22
9.5.2 IN.2 Manage incidents .24
10 Service Delivery roles .24
11 Service Delivery Work Product Description .27
© ISO/IEC 2018 – All rights reserved iii

12 Software tools requirements .34
Bibliography .35
iv © ISO/IEC 2018 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/ iso/ foreword .html.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 29110 series can be found on the ISO website.
© ISO/IEC 2018 – All rights reserved v

Introduction
Very Small Entities (VSEs) around the world are creating valuable products and services. For the
purpose of ISO/IEC 29110, a Very Small Entity (VSE) is an enterprise, an organization, a department
or a project having up to 25 people. Since many VSEs develop and/or maintain system and software
components used in systems, either as independent products or incorporated in larger systems, a
recognition of VSEs as suppliers of high quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook report (2005) ‘Small and Medium Enterprises (SMEs) constitute the
dominant form of business organization in all countries world-wide, accounting for over 95 % and
up to 99 % of the business population depending on country’. The challenge facing governments
and economies is to provide a business environment that supports the competitiveness of this large
heterogeneous business population and that promotes a vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements including software in their domain. Therefore, VSEs are excluded
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the effort required to apply standards to their business practices. Most VSEs can neither
afford the resources, in terms of number of employees, expertise, budget and time, nor do they see a net
benefit in establishing over-complex systems or software life cycle processes. To address some of these
difficulties, a set of guidelines has been developed based on a set of VSE characteristics. The guidelines
are based on subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as
Profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSEs'
context; for example, processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software;
and processes, activities, tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information
products (documentation) of ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against
ISO/IEC 29110 specifications.
The ISO/IEC 29110 series of standards and technical reports can be applied at any phase of system or
software development within a life cycle. This series of standards and technical reports is intended to
be used by VSEs that do not have experience or expertise in adapting/tailoring ISO/IEC/IEEE 12207
or ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs that have expertise in
adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged to use those standards
instead of ISO/IEC 29110.
ISO/IEC 29110 is intended to be used with any lifecycle such as: waterfall, iterative, incremental,
evolutionary or agile.
Systems, in the context of ISO/IEC 29110, are typically composed of hardware and software components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality and process performance. See Table 1.
vi © ISO/IEC 2018 – All rights reserved

Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
ISO/IEC 29110-1 Overview VSEs and their customers, assessors,
standards producers, tool vendors and
methodology vendors.
ISO/IEC 29110-2 Framework for profile Profile producers, tool vendors and
preparation methodology vendors.
Not intended for VSEs.
ISO/IEC 29110-3 Certification and assessment VSEs and their customers, assessors,
guidance accreditation bodies.
ISO/IEC 29110-4 Profile specifications VSEs, customers, standards producers,
tool vendors and methodology vendors.
ISO/IEC 29110-5 Management, engineering and VSEs and their customers.
service delivery guides
If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC TR 29110-5 can be developed with minimal
impact to existing documents.
ISO/IEC 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and the
ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE and clarifies the rationale
for specific profiles, documents, standards and guidelines.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements
for process capability assessment, conformity assessments, and self-assessments for process
improvements. ISO/IEC 29110-3 also contains information that can be useful to developers of
certification and assessment methods and developers of certification and assessment tools.
ISO/IEC 29110-3 is addressed to people who have direct involvement with the assessment process, e.g.
the auditor, certification and accreditation bodies and the sponsor of the audit, who need guidance on
ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group (a profile group may
contain a single profile or multiple profiles). A profile is specified in terms of requirements imported
from appropriate base standards.
ISO/IEC TR 29110-5-m provides management, engineering and service delivery guidelines for the
profiles in a profile group.
This document provides guidelines to manage a set of services delivered to customers.
Figure 1 describes the ISO/IEC 29110 International Standards (IS) and Technical Reports (TR) and
positions the parts within the framework of reference. Overview, assessment guidelines, management
and engineering guidelines are available from ISO as freely available Technical Reports (TR). The
Framework document, profile specifications and certification schemes are published as International
Standards (IS).
For readers that are new to the ISO/IEC 29110 series, refer to ISO/IEC TR 29110-1:2016 Systems and
software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 1: Overview. Part 1 defines
the terms common to the set of ISO/IEC 29110 documents. It introduces processes, lifecycle and
standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and the ISO/IEC 29110
series. It also introduces the characteristics and requirements of a VSE and clarifies the rationale for
specific profiles, documents, standards and guidelines.
© ISO/IEC 2018 – All rights reserved vii

Figure 1 — ISO/IEC 29110 series
viii © ISO/IEC 2018 – All rights reserved

TECHNICAL REPORT ISO/IEC TR 29110-5-3:2018(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 5-3:
Service delivery guidelines
1 Scope
1.1 Fields of application
These Service Delivery guidelines are applicable to Very Small Entities (VSEs). A VSE is an enterprise,
an organization, a department or a project having up to 25 people.
This document provides guidance to manage a set of services delivered to customers. The VSE can act as
an internal service provider (providing services internal to the VSE) or as an external service provider
(providing services commercially to external customers). These lifecycle processes (Governance,
Service Control, Service Relationship and Service Incident) support and enhance the activities of
software and system operations (further to development and installation) to create effective and
efficient products and services.
This document provides guidance for Service Delivery. This document, when implemented, will assist
and guide the VSE in the delivery of services which can benefit customers. This document does not
promote uniformity in approach across all organizations as specific objectives and initiatives are
tailored to suit an individual organization’s needs.
Tasks described in this guideline document (and therefore activities and processes) are related by
input/output relationships which imply a logical execution sequence. The order of presentation of the
processes or the associated numbering scheme is for identification purposes only, NOT to indicate
implementation or execution order. As every VSE is different; tasks can be implemented in an order that
is suitable for the organization, while respecting the relationships between tasks.
1.2 Target audience
This document is intended to be used by VSEs to establish processes to implement effective and efficient
service delivery. This service delivery guidelines document can be used by VSEs that are offering only
services to its customers or it can be combined with the information from ISO/IEC 29110 systems
and/or software management and engineering guidelines.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 29110-2, Software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 2:
Framework and taxonomy
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 29110-2 and the
following apply.
© ISO/IEC 2018 – All rights reserved 1

ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http:// www .electropedia .org/
— ISO Online browsing platform: available at http:// www .iso .org/ obp
3.1
activity
set of cohesive tasks of a process
[SOURCE: ISO/IEC 29110-2-1:2015, 4.1]
3.2
agreement
mutual acknowledgement of terms and conditions under which a working relationship is conducted
EXAMPLE Contract, memorandum of agreement.
[SOURCE: ISO/IEC 12207:2008, 4.4]
3.3
audit
systematic, independent, documented process for obtaining records, statements of fact or other relevant
information and assessing them objectively, to determine the extent to which specified requirements
are fulfilled
Note 1 to entry: Whilst “audit” applies to management systems, “assessment” applies to conformity assessment
bodies as well as more generally.
[SOURCE: ISO/IEC 29110-1:2016, 3.7]
3.4
change
add, move, modify, removal of a configuration item (CI)
Note 1 to entry: Changes can be classified based on risk and impact to the organization; common types include
pre-approved, emergency or normal.
3.5
configuration item
CI
item or aggregation of hardware, software or both that is designated for configuration management
and treats as a single entity in the configuration management process
Note 1 to entry: Configuration items can vary widely in complexity, size and type, ranging from an entire system
including all hardware, software and documentation, to a single module or a minor hardware component.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.14]
3.6
control manager
CM
role that approves/rejects change and manages change-related tasks such as testing and deployment
Note 1 to entry: This role may be combined with other roles and is a direct report (or shared role) with the
Service Manager. If one person is appointed to the role, the person reports to the Service Manager for service
matters and has the authority over change-related tasks.
2 © ISO/IEC 2018 – All rights reserved

3.7
customer
CUS
person or organization that could or does receive a product or a service that is intended for or required
by this person or organization
EXAMPLE Consumer, client, end-user, retailer, receiver of product or service from an internal process (3.23),
beneficiary and purchaser.
Note 1 to entry: A customer can be internal or external to the organization.
[SOURCE: ISO 9000:2015, 3.2.4]
3.8
document
information and the medium on which it is contained
EXAMPLE Record, specification, procedure document, drawing, report, standard.
Note 1 to entry: The medium can be paper, magnetic, electronic or optical computer disc, photograph or master
sample, or combination thereof.
Note 2 to entry: A set of documents, for example specifications and records, is frequently called “documentation”.
Note 3 to entry: Some requirements (e.g. the requirement to be readable) relate to all types of documents.
However, there can be different requirements for specifications (e.g. the requirement to be revision controlled)
and for records (e.g. the requirement to be retrievable).
[SOURCE: ISO 9000:2015, 3.8.5]
3.9
effectiveness
extent to which planned activities are realized and planned results are achieved
[SOURCE: ISO 9000:2015, 3.7.11, modified — Note 1 to entry has been removed.]
3.10
efficiency
relationship between the result achieved and the resources used
[SOURCE: ISO 9000:2015, 3.7.10]
3.11
external service provider
providing services commercially to external customers
3.12
governance
system of directing and controlling
[SOURCE: ISO/IEC 38500:2015, 2.8]
3.13
incident
anomalous or unexpected event, set of events, condition, or situation at any time during the life cycle of
a project, product, service, or system
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.21]
© ISO/IEC 2018 – All rights reserved 3

3.14
incident manager
IM
role that has authority over all incidents and manages incident-related tasks
Note 1 to entry: This role may be combined with other roles. This role is a direct report (or shared role) with the
Service Manager. The person can also be responsible for a Service Desk, if one exists.
3.15
information security policy
document that states, in writing, how an organization plans to protect its physical and information
technology assets
[SOURCE: ISO/TS 21547:2010, 3.2.25]
3.16
internal service provider
providing services internal to the VSE
3.17
lifecycle
evolution of a system, product, service, project or other human-made entity, from conception through
retirement
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.23]
3.18
management
MGT
coordinated activities to direct and control an organization
Note 1 to entry: Management can include establishing policies and objectives, and processes to achieve these
objectives.
Note 2 to entry: The word “management” sometimes refers to people, i.e. a person or group of people with
authority and responsibility for the conduct and control of an organization. When “management” is used in this
sense, it should always be used with some form of qualifier to avoid confusion with the concept of “management”
as a set of activities defined above. For example, “management shall.” is deprecated whereas “top management
shall.” is acceptable. Otherwise different words should be adopted to convey the concept when related to people,
e.g. managerial or managers.
[SOURCE: ISO 9000:2015, 3.3.3]
3.19
operator
individual or organization that performs the operations of a system
Note 1 to entry: The role of operator and the role of user can be vested, simultaneously or sequentially, in the
same individual or organization.
Note 2 to entry: An individual operator combined with knowledge, skills and procedures can be considered as an
element of the system.
Note 3 to entry: An operator may perform operations on a system that is operated, or of a system that is operated,
depending on whether or not operating instructions are placed within the system boundary.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.26]
4 © ISO/IEC 2018 – All rights reserved

3.20
organization
person or a group of people that has its own functions responsibilities, authorities and relationships to
achieve its objectives
[SOURCE: ISO 9000:2015, 3.2.1, modified — Notes 1 and 2 to entry have been removed.]
3.21
practitioner
PT
person or team performing the activities within one or more process areas
3.22
procedure
specified way to carry out an activity or a process
Note 1 to entry: Procedures can be documented or not.
[SOURCE: ISO 9000:2015, 3.4.5]
3.23
process
set of interrelated or interacting activities which transforms inputs into outputs to deliver an
intended result
Note 1 to entry: Whether the “intended result” of a process is called output, product or service depends on the
context of the reference.
Note 2 to entry: Inputs to a process are generally the outputs of other processes and outputs of a process are
generally the inputs to other processes.
Note 3 to entry: Two or more interrelated and interacting processes in series can also be referred to as a process.
Note 4 to entry: Processes in an organization are generally planned and carried out under controlled conditions
to add value.
[SOURCE: ISO 9000:2015, 3.4.1, modified — Notes 5 and 6 to entry have been removed.]
3.24
profile
set of one or more base standards and/or profiles, and where applicable, the identification of chosen
classes, conforming subsets, options and parameters of those base standards, or standardized profiles
necessary to accomplish a particular function
[SOURCE: ISO/IEC TR 10000-1:1998, 3.1.4, modified — article “a” has been removed from the beginning
of the definition, “ISPs” has been replaced by “profiles” in the first instance, and in the second instance,
“ISPs” has been replaced by “standardized profiles”.]
3.25
record
document stating results achieved or providing evidence of activities performed
[SOURCE: ISO 9000:2015, 3.8.10]
3.26
relationship manager
RM
role that develops and manages the customer and supplier interfaces as well as the service catalogue (3.28)
Note 1 to entry: This role may be combined with other roles. This role is a direct report (or shared role) with the
Service Manager.
© ISO/IEC 2018 – All rights reserved 5

3.27
resource
asset that is utilized or consumed during the execution of a process
Note 1 to entry: Includes diverse entities such as funding, personnel, facilities, capital equipment, tools, and
utilities such as power, water, fuel and communication infrastructures.
Note 2 to entry: Resources include those that are reusable, renewable or consumable.
[SOURCE: ISO/IEC 12207:2008, 4.3.7, modified — Notes 1 and 2 to entry added.]
3.28
service
performance of activities, work or duties
Note 1 to entry: A service is self-contained, coherent, discrete, and can be composed of other services.
Note 2 to entry: A service is generally an intangible product.
[SOURCE: ISO/IEC 15288:2015, 4.1.42]
3.29
service catalogue
documented information about services that an organization provides to its customers
3.30
service change request
formal procedure for submitting a request for an adjustment of a configuration item
[SOURCE: ISO/IEC TR 18018:2010, 3.5, modified — “service” has been added to the term.]
3.31
service delivery policy
formal, brief, and high-level statement that embraces an organization’s general beliefs, ethics, goals, and
objectives of service(s)
3.32
service design
creation of a service solution(s); typically including the components which create the desired
functionality, technology architecture that supports the components, the processes to support and
manage the solution, the associated measures (internal performance or customer agreed measures),
and the supply chain interfaces
3.33
service level agreement
SLA
documented agreement between a service provider and a customer that identifies services and
service targets
Note 1 to entry: A service level agreement can also be established between the service provider and a supplier or
an internal group or a customer acting as a supplier.
Note 2 to entry: A service level agreement can be included in a contract or another type of documented agreement.
[SOURCE: ISO/IEC 20000-10:2013, 2.29]
6 © ISO/IEC 2018 – All rights reserved

3.34
service manager
SM
role that directly oversees the delivery of services and provides leadership and direction; has decision-
making authority on all activities; is a direct report or peer to the highest level of the organization
Note 1 to entry: The service manager may have more than one role in the delivery of services (assign the
responsibilities of the Control Manager and Service Manager to the same individual).
3.35
stakeholder
individual or organization having a right, share, claim, or interest in a system or in its possession of
characteristics that meet their needs and expectations
EXAMPLE End users, end user organizations, supporters, developers, trainers, maintainers, disposers,
acquirers, supplier organizations and regulatory bodies.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.44, modified — Note 1 to entry has been removed.]
3.36
supplier
SUP
organization or an individual that enters into an agreement with the acquirer for the supply of a product
or service
Note 1 to entry: Other terms commonly used for supplier are contractor, producer, seller or vendor.
Note 2 to entry: The acquirer and the supplier sometimes are part of the same organization.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.45]
3.37
system
combination of interacting elements organized to achieve one or more stated purposes
Note 1 to entry: A system may be considered as a product or as the services it provides.
Note 2 to entry: In practice, the interpretation of its meaning is frequently clarified by the use of an associative
noun, e.g. aircraft system. Alternatively, the word “system” may be substituted simply by a context-dependent
synonym, e.g. aircraft, though this may then obscure a system principles perspective.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.46, modified — Note 3 to entry has been removed.]
3.38
top management
person or group of people who directs and controls an organization at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources within the
organization.
Note 2 to entry: If the scope of the management system covers only part of an organization, then top management
refers to those who direct and control that part of the organization.
Note 3 to entry: This definition is only included to support wording used in quoted definitions; with 25 or less
people in a VSE, the concept of top management may not be applicable.
[SOURCE: ISO 9000:2015, 3.1.1, modified — Note 3 to entry has been replaced.]
3.39
vital business service
service that is critical to the success of the business
© ISO/IEC 2018 – All rights reserved 7

4 Abbreviated terms and process structure
4.1 Abbreviated terms
The following abbreviations are used in this document:
CM Control Manager
CO Service control process
CUS Customer
GO Governance process
IM Incident Manager
IN Service incident process
MGT Management
PT Practitioner
RE Service Relationship process
RM Relationship Manager
SM Service Manager
SUP Supplier
VSE Very Small Entity
WP Work product
4.2 Convention
4.2.1 Process description
Each process is described using the following structure:
Name - process identifier, followed by its abbreviation in parentheses “( )”.
Purpose - expected outcome of the effective implementation of the process. The implementation of the
process should provide tangible benefits to the stakeholders.
Objectives - ensures the process purpose is accomplished. The objectives are identified by the
abbreviation of the process name, followed by the letter “O” and a consecutive number, for example
GO.O1, RM.O2.
— Activity – a set of cohesive tasks. The activities are defined in individual tables which delineate the
role, the specific tasks, input and output work product(s). The task description does not impose any
technique or method to perform it. The selection of the techniques or methods is left to the VSE.
— Roles Involved – names and abbreviation of the functions to be performed by the service delivery
team. Several roles may be assigned to an individual and one role may be shared by several persons.
Roles are assigned to service delivery team members based on requirements of the service.
See Clause 10 for the alphabetical list of the roles, its abbreviations and required competencies
description.
— Tasks – A task is a requirement, recommendation, or permissible action, intended to contribute
to the achievement of one or more objectives of a process. A process activity is the first level of
8 © ISO/IEC 2018 – All rights reserved

process workflow decomposition and the second one is a task. Activities are identified by process
name abbreviation followed by consecutive number and the activity name. Each task is identified by
activity ID and consecutive number, for example, GO.1.1, GO.1.2.
— Input Work Products – products required to perform the process and its corresponding source,
which can be another process or an external entity to the project, such as the Customer.
— Output Work Products – products generated by the process and its corresponding destination,
which can be another process or an external entity to the project, such as Customer or Organizational
Management.
4.2.2 Work Product Description
Work products are identified with a unique code, WP.NN, where NN is a sequential number defined in
Clause 11.
5 Overview of this document
This document is intended to be used by the VSE to establish processes to implement an effective and
efficient service delivery. A VSE can also request suppliers to follow the same processes to ensure an
effective and efficient supply chain.
A VSE may apply the guidance in one of several approaches:
1. Implement one or more of the four processes: Governance, Service Control, Service Relationship,
Service Incident. Additionally, implementing the Governance process can address two scenarios:
— as a stand-alone, to create a good management base for the VSE; and
— as an addition to implementing Software or Systems ISO/IEC 29110 Guidelines.
2. Seeking third party recognition for either the full (all four processes mentioned above) or partial
implementation (for example, the Governance process or the Operational processes only) of
ISO/IEC 29110-4-3 profile specification (conformity audit);
3. Request third party supplier(s) to partially or fully implement the scope of the ISO/IEC 29110-4-3
profile specification.
Figure 2 below illustrates the service delivery processes which are presented in this document. They are:
— Governance process (GO) which establishes a system for directing and controlling activities within
the VSE;
— Service control process (CO) which supports and controls change to defined vital business services
and mitigates the associated risk of change;
— Service relationship process (RE) which maintains quality relationships with customers and
suppliers needed to support efficient service delivery; and
— Service incident process (IN) which restores service to the business with minimal disruption or
prevents incidents from occurring.
© ISO/IEC 2018 – All rights reserved 9

Figure 2 — Service Delivery Processes diagram
6 Governance process (GO)
6.1 Introduction
Many VSEs are already doing “something” right in delivering services to their customer(s), but, are the
operational processes and activities effective and efficient? An answer cannot be provided in every
single case, but it would not be unfair to state there is room for improvement.
If one accepts that there are some structures in place that allow the VSE to operate, such as conformity
to legal, regulatory and contractual obligations, then the path to improvement should not be, initially,
process improvement. Rather improvements should focus on implementing the governing factors, such
as defining the scope of operation with accompanying policies to guide actions, necessary for business-
based operations.
Before improving any process, the VSE should define the scope of their service delivery activities,
which will support the achievement of business goals and objectives. This action alone will provide
the necessary boundaries and constraints so resources are deployed appropriately to meet business
goals and objectives. A VSE addressing governance before improving a process or implementing a new
process can achieve more efficient, effective and economical service delivery.
NOTE Economical in this document means resources are purchased at the right level to achieve effectiveness.
6.2 GO purpose
The purpose of the governance process is to establish a system for directing and controlling service
delivery activities within the VSE. The result of these activities will define the scope, responsibilities
and leadership requirements for an effective and efficient service delivery.
10 © ISO/IEC 2018 – All rights reserved

This structure provides management control over activities as well as a service improvement emphasis.
Within a well-organized governance process, resources are deployed appropriately to meet the needs of
current and future customers while always maintaining market relevance. These governance process
principles describe a value-generating focus for the VSE.
6.3 GO objectives
GO.O1 Define the scope of the service delivery activities and assign authority;
GO.O2 Implement a service delivery policy, objectives and plan(s);
GO.O3 Establish a management structure; and
GO.O4 Report on and improve the services provided to customers.
6.4 GO diagram
Figure 3 illustrates the governance process activities, associated tasks and work products.
Figure 3 — Governance process diagram
6.5 GO activities
T
...