Information technology -- Process assessment -- Process reference model for service management

This document defines a process reference model for the domain of service management. The model specifies a process architecture for the domain and comprises a set of processes. Each process is described in terms of process purpose and outcomes. The process reference model in this document is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement).

Technologie de l'information -- Évaluation des processus -- Modèle de référence de processus pour la gestion des services

General Information

Status
Published
Publication Date
01-Jun-2020
Current Stage
6060 - International Standard published
Start Date
02-Jun-2020
Ref Project

Buy Standard

Technical specification
ISO/IEC TS 33054:2020 - Information technology -- Process assessment -- Process reference model for service management
English language
73 pages
sale 15% off
Preview
sale 15% off
Preview
Technical specification
ISO/IEC TS 33054:2020 - Information technology -- Process assessment -- Process reference model for service management
English language
73 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/IEC TS
SPECIFICATION 33054
First edition
2020-06
Information technology — Process
assessment — Process reference
model for service management
Technologie de l'information — Évaluation des processus — Modèle
de référence de processus pour la gestion des services
Reference number
ISO/IEC TS 33054:2020(E)
ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC TS 33054:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TS 33054:2020(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Overview of the process reference model .................................................................................................................................. 1

5 Process descriptions ........................................................................................................................................................................................ 3

5.1 General ........................................................................................................................................................................................................... 3

5.2 COM.01 Communication management ............................................................................................................................... 4

5.3 COM.02 Documentation management ................................................................................................................................ 5

5.4 COM.03 Human resource management ............................................................................................................................. 6

5.5 COM.04 Improvement ....................................................................................................................................................................... 6

5.6 COM.05 Internal audit....................................................................................................................................................................... 7

5.7 COM.06 Management review ...................................................................................................................................................... 7

5.8 COM.07 Non-conformity management .............................................................................................................................. 8

5.9 COM.08 Operational planning .................................................................................................................................................... 8

5.10 COM.09 Operational implementation and control ................................................................................................... 9

5.11 COM.10 Performance evaluation ..........................................................................................................................................10

5.12 COM.11 Risk management .........................................................................................................................................................11

5.13 RAA.1 Business relationship management ..................................................................................................................11

5.14 RAA.2 Service level management.........................................................................................................................................12

5.15 RAA.3 Service reporting ...............................................................................................................................................................12

5.16 RAA.4 Supplier management ...................................................................................................................................................13

5.17 RAA.5 Service catalogue management ............................................................................................................................13

5.18 RAF.1 Incident management ....................................................................................................................................................14

5.19 RAF.2 Service request management ..................................................................................................................................14

5.20 RAF.3 Problem management ....................................................................................................................................................15

5.21 SAD.1 Budgeting and accounting for services ...........................................................................................................15

5.22 SAD.2 Demand management ....................................................................................................................................................15

5.23 SAD.3 Capacity management ...................................................................................................................................................16

5.24 SAS.1 Service availability management ..........................................................................................................................16

5.25 SAS.2 Service continuity management ............................................................................................................................17

5.26 SAS.3 Information security management .....................................................................................................................17

5.27 SDB.1 Service requirements definition ...........................................................................................................................18

5.28 SDB.2 Service design .......................................................................................................................................................................18

5.29 SDB.3 Service build and transition .....................................................................................................................................18

5.30 SDB.4 Release and deployment management ...........................................................................................................19

5.31 SDE.1 Service delivery ...................................................................................................................................................................19

5.32 SPC.1 Change management .......................................................................................................................................................20

5.33 SPC.2 Configuration management .......................................................................................................................................20

5.34 TOP.01 Leadership ............................................................................................................................................................................21

Annex A (informative) The relationship between management system requirements and a

process reference model ...........................................................................................................................................................................22

Annex B (informative) Statement of conformity to ISO/IEC 33004 ...................................................................................71

Bibliography .............................................................................................................................................................................................................................73

© ISO/IEC 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TS 33054:2020(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that

are members of ISO or IEC participate in the development of International Standards through

technical committees established by the respective organization to deal with particular fields of

technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other

international organizations, governmental and non-governmental, in liaison with ISO and IEC, also

take part in the work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC

list of patent declarations received (see http:// patents .iec .ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information Technology,

Subcommittee SC 7, Systems and Software Engineering.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TS 33054:2020(E)
Introduction

This document facilitates the development of a process assessment model (PAM) for service

management described in ISO/IEC TS 33074.

A process reference model is a model comprising definitions of processes described in terms of process

purpose and outcomes, together with an architecture describing the relationships between the

processes. Using the process reference model in a practical application can require additional elements

suited to the environment and circumstances.

The process reference model specified in this document describes the processes including the service

management system (SMS) processes implied by ISO/IEC 20000-1. Each process of this process

reference model provides traceability to requirements. The process reference model does not attempt

to place the processes in any specific environment nor does it pre-determine any level of process

capability required to fulfil the ISO/IEC 20000-1 requirements. The process reference model does not

provide the evidence required to be conformant to the evidence requirements of ISO/IEC 20000-1. The

process reference model is not intended to be used for a conformity assessment audit or as a process

implementation reference guide.

ISO/IEC 33001 describes the concepts and terminology used for process assessment. ISO/IEC 33002

describes the requirements for conducting an assessment. ISO/IEC 33004 describes the requirements for

process reference, process assessment and maturity models. ISO/IEC 33020 describes the measurement

scale for assessing the process quality characteristic of process capability. ISO/IEC TR 24774 describes

the common elements of processes.

The relationships between ISO/IEC 20000-1, ISO/IEC TR 24774, ISO/IEC 33002, ISO/IEC 33004,

ISO/IEC 33020, this document and ISO/IEC TS 33074 are shown in Figure 1.
Figure 1 — Relationships between relevant standards
Clause 4 provides an overview of the process reference model.
Clause 5 describes the processes in the process reference model.

Annex A describes the relationship between management system requirements and process model

elements.
Annex B provides the statement of conformity in accordance with ISO/IEC 33004.
© ISO/IEC 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC TS 33054:2020(E)
This document replaces ISO/IEC TR 20000-4.
vi © ISO/IEC 2020 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/IEC TS 33054:2020(E)
Information technology — Process assessment — Process
reference model for service management
1 Scope

This document defines a process reference model for the domain of service management.

The model specifies a process architecture for the domain and comprises a set of processes. Each

process is described in terms of process purpose and outcomes.

The process reference model in this document is directed at assessment sponsors and competent

assessors who wish to select a model, and associated documented process method, for assessment (for

either capability determination or process improvement).
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 20000-10, Information technology — Service management — Part 10: Concepts and vocabulary

ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 33001 and

ISO/IEC 20000-10 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
4 Overview of the process reference model

This clause describes the structure of a process reference model to support service management.

The process reference model includes processes, which can already exist in the context of a service

management system of a service provider.
Figure 2 identifies the processes derived from ISO/IEC 20000-1 requirements.

Processes are grouped according to their primary purpose, namely, generic processes associated

with the management system implementation, processes associated with technical aspects of service

management, and organisational processes associated with management of service management

activities.

NOTE The model shown in Figure 2 covers all the requirements of ISO/IEC 20000-1 but the grouping is

different.

The term "common processes" refers to those processes identified with the text within the management

system sub-clauses that is common to all management system standards. The "leadership" process is

also common to all management system standards.
© ISO/IEC 2020 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/IEC TS 33054:2020(E)
Technical processes include those associated with the following groups:
— service delivery processes;
— service design, build and transition processes;
— resolution and fulfilment processes;
— service control processes;
— supply and demand processes;
— service assurance processes.

Organizational processes are those that include processes in the group "relationship and agreement

processes".

Table A.2 shows the detailed traceability from ISO/IEC 20000-1:2018 to the process reference model

outcomes.

Users of this document may freely reproduce the detailed descriptions contained in this process

reference model as part of any tool or other material to support the performance of process assessments,

so that it can be used for its intended purpose.
2 © ISO/IEC 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC TS 33054:2020(E)
Figure 2 — Processes in the process reference model
5 Process descriptions
5.1 General

The process descriptions in this process reference model are defined following the guidance provided

in ISO/IEC TR 24774.

Each process in the process reference model has the following descriptive elements:

a) Process ID: Each process belonging to a group is identified with a process identifier consisting of

the group abbreviated name and a sequential number of the process in that group.

b) Name: the name of a process is a short phrase that summarizes the scope of the process, identifying

the principal concern of the process, and distinguishes it from other processes within the scope of

the process reference model.
© ISO/IEC 2020 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/IEC TS 33054:2020(E)

c) Purpose: the purpose of the process is a high level, overall goal for performing the process.

d) Outcomes: an outcome is an observable result of the successful achievement of the process purpose.

Outcomes are measurable, tangible, technical or business results that are achieved by a process.

Outcomes are observable and assessable.

e) Requirements traceability: the outcomes are based on the requirements of ISO/IEC 20000-1. The

references identify the applicable subclauses of ISO/IEC 20000-1, the subclause heading, and the

outcomes that are supported. (See A.6).

f) Number of outcomes: the set of process outcomes are necessary and sufficient to achieve the

purpose of the process.

In 5.2 to 5.34, all entries in the requirements traceability row end with numbers in square brackets,

(i.e. [n]). Each number in the square brackets is a reference to a numbered outcome. These outcomes are

directly linked to the requirements of ISO/IEC 20000-1.

Some outcomes are shown in square brackets. These are only indirectly linked to requirements

of ISO/IEC 20000-1. The outcomes in square brackets are not referenced by any of the entries in the

requirements traceability row. These additional outcomes have been included because they are

considered necessary in order for this type of process reference model to serve as the basis of the PAM

(ISO/IEC TS 33074). With these additional outcomes, the process is complete and the process purpose

can be achieved.
5.2 COM.01 Communication management
Process ID COM.01
Name Communication management

Purpose The purpose of communication management is to produce timely and accurate informa-

tion products to support effective communication and decision making.
Outcomes As a result of successful implementation of this process:

1. Information content is defined in terms of identified communication requirements.

2. Parties to communicate with are identified.
3. The party responsible for the communication is identified.
4. Events that require communication actions are identified.
5. The channel for the communication is selected.
6. Information products are communicated to relevant interested parties.

Requirements ISO/IEC 20000-1:2018, 5.2.2 Communicating the service management policy [6]

traceability
ISO/IEC 20000-1:2018, 6.2.1 Establish objectives [6]
ISO/IEC 20000-1:2018, 7.4 Communication [1,2,3,4,5]
ISO/IEC 20000-1:2018, 8.5.1.3 Change management activities [6]
ISO/IEC 20000-1:2018, 8.5.2.3 Build and transition [6]
ISO/IEC 20000-1:2018, 8.6.1 Incident management [6]
ISO/IEC 20000-1:2018, 8.7.3.1 Information security policy [6]
ISO/IEC 20000-1:2018, 9.2.2 [6]
ISO/IEC 20000-1:2018, 9.4 Service reporting [6]
4 © ISO/IEC 2020 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC TS 33054:2020(E)
5.3 COM.02 Documentation management
Process ID COM.02
Name Documentation management

Purpose The purpose of documentation management is to provide relevant, timely, complete, valid

documented information to designated parties.
Outcomes As a result of successful implementation of this process:
1. Documented information to be documented is identified.
2. The forms of documented information representation are defined.
[3. The documented information content status is known.]
4. Documented information is current, complete and valid.
5. Documented information is released according to defined criteria.
6. Documented information is available to relevant interested parties.
7. Documented information is archived, or disposed of, as required.

Requirements ISO/IEC 20000-1:2018, 4.3 Determining the scope of the service management

traceability system [4,6]
ISO/IEC 20000-1:2018, 5.2.2 Communicating the service management policy [1]
ISO/IEC 20000-1:2018, 6.1.2 [1]
ISO/IEC 20000-1:2018, 6.2.1 Establish objectives [1]
ISO/IEC 20000-1:2018, 7.2 Competence [1]
ISO/IEC 20000-1:2018, 7.5.2 Creating and updating documented information [1,2,4]
ISO/IEC 20000-1:2018, 7.5.3.1 [6]
ISO/IEC 20000-1:2018, 7.5.3.2 [1,4,6,7]
ISO/IEC 20000-1:2018, 7.5.4 Service management system documented information [1]
ISO/IEC 20000-1:2018, 7.6 Knowledge [1,4,6]
ISO/IEC 20000-1:2018, 8.1 Operational planning and control [1]
ISO/IEC 20000-1:2018, 8.2.2 Plan the services [1]
ISO/IEC 20000-1:2018, 8.2.3.1 [1]
ISO/IEC 20000-1:2018, 8.2.4 Service catalogue management [4,6]
ISO/IEC 20000-1:2018, 8.2.6 Configuration management [1,6]
ISO/IEC 20000-1:2018, 8.3.2 Business relationship management [1]
ISO/IEC 20000-1:2018, 8.3.3 Service level management [1]
ISO/IEC 20000-1:2018, 8.3.4.1 Management of external suppliers [1]

ISO/IEC 20000-1:2018, 8.3.4.2 Management of internal suppliers and customers acting

as a supplier [1]
ISO/IEC 20000-1:2018, 8.4.3 Capacity management [1,4]
ISO/IEC 20000-1:2018, 8.5.1.1 Change management policy [1]
ISO/IEC 20000-1:2018, 8.5.1.3 Change management activities [1]
ISO/IEC 20000-1:2018, 8.5.2.2 Design [1]
ISO/IEC 20000-1:2018, 8.5.3 Release and deployment management [1,6]
ISO/IEC 20000-1:2018, 8.6.1 Incident management [4]
ISO/IEC 20000-1:2018, 8.6.2 Service request management [4,6]
ISO/IEC 20000-1:2018, 8.6.3 Problem management [4,6]
© ISO/IEC 2020 – All rights reserved 5
---------------------- Page: 11 ----------------------
ISO/IEC TS 33054:2020(E)
Process ID COM.02
ISO/IEC 20000-1:2018, 8.7.1 Service availability management [1]
ISO/IEC 20000-1:2018, 8.7.2 Service continuity management [1,6]
ISO/IEC 20000-1:2018, 8.7.3.1 Information security policy [1,5]
ISO/IEC 20000-1:2018, 8.7.3.2 Information security controls [1,5]
ISO/IEC 20000-1:2018, 9.1 Monitoring, measurement, analysis and evaluation [1]
ISO/IEC 20000-1:2018, 9.2.2 [1]
ISO/IEC 20000-1:2018, 9.3 Management review [1]
ISO/IEC 20000-1:2018, 10.1.2 [1]
ISO/IEC 20000-1:2018, 10.2 Continual improvement [1]
5.4 COM.03 Human resource management
Process ID COM.03
Name Human resource management

Purpose The purpose of human resource management is to provide the organization with neces-

sary competent human resources and to improve their competencies, in alignment with

business needs.
Outcomes As a result of successful implementation of this process:

1. The competencies required by the organization to produce products and services are

identified.
2. Identified competency gaps are filled through training or recruitment.

3. Understanding of roles and activities in achieving organisational objectives in product

and service provision is demonstrated by each person.
Requirements ISO/IEC 20000-1:2018, 7.2 Competence [1,2]
traceability
ISO/IEC 20000-1:2018, 7.3 Awareness [3]
5.5 COM.04 Improvement
Process ID COM.04
Name Improvement

Purpose The purpose of improvement is to continually improve the management system, its pro-

cesses, products and services.
Outcomes As a result of successful implementation of this process:
1. Opportunities for improvement are identified.
2. Opportunities for improvement are evaluated against defined criteria.
3. Improvements are prioritised.
4. Improvements are implemented.
5. The effectiveness of implemented improvements is evaluated.
Requirements ISO/IEC 20000-1:2018, 8.3.2 Business relationship management [1]
traceability
ISO/IEC 20000-1:2018, 8.3.3 Service level management [1]
ISO/IEC 20000-1:2018, 8.3.4.1 Management of external suppliers [1]

ISO/IEC 20000-1:2018, 8.3.4.2 Management of internal suppliers and customers acting

as a supplier [1]
ISO/IEC 20000-1:2018, 8.5.1.3 Change management activities [1]
ISO/IEC 20000-1:2018, 8.5.3 Release and deployment management [1]
6 © ISO/IEC 2020 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/IEC TS 33054:2020(E)
Process ID COM.04
ISO/IEC 20000-1:2018, 8.6.1 Incident management [1]
ISO/IEC 20000-1:2018, 8.7.3.3 Information security incidents [1]
ISO/IEC 20000-1:2018, 10.2 Continual improvement [2,3,4,5]
5.6 COM.05 Internal audit
Process ID COM.05
Name Internal audit

Purpose The purpose of internal audit is to independently determine conformity of the manage-

ment system, products, services, and processes to the requirements, policies, plans and

agreements, as appropriate.
Outcomes As a result of successful implementation of this process:
1. The scope and purpose of each audit is defined.

2. The objectivity and impartiality of the conduct of audits and selection of auditors are

assured.

3. Conformity of selected services, products and processes with requirements, plans and

agreements is determined.
Requirements ISO/IEC 20000-1:2018, 9.2.1 [3]
traceability
ISO/IEC 20000-1:2018, 9.2.2 [1,2]
5.7 COM.06 Management review
Process ID COM.06
Name Management review

Purpose The purpose of management review is to assess the performance of the management sys-

tem, to identify and make decisions regarding potential improvements.
Outcomes As a result of successful implementation of this process:
1. The objectives of the review are established.

2. The status and performance of an activity or process are assessed in terms of the

established objectives.
3. Risks, problems and opportunities for improvement are identified.

Requirements ISO/IEC 20000-1:2018, 5.3 Organizational roles, responsibilities and authorities [2]

traceability
ISO/IEC 20000-1:2018, 9.3 Management review [1,2,3]
© ISO/IEC 2020 – All rights reserved 7
---------------------- Page: 13 ----------------------
ISO/IEC TS 33054:2020(E)
5.8 COM.07 Non-conformity management
Process ID COM.07
Name Non-conformity management

Purpose The purpose of the non-conformity management process is to resolve non-conformities

and to eliminate their causes when appropriate.
Outcomes As a result of successful implementation of this process:
1. Non-conformities are identified.
2. Non-conformities are resolved and closed.
3. The cause(s) of selected non-conformities is determined.
4. The need for action to eliminate the causes of non-conformities is evaluated.
5. A selected action proposal is implemented.
6. The effectiveness of changes to eliminate the non-conformities is confirmed.
Requirements ISO/IEC 20000-1:2018, 10.1.1 [1,2,3,4,5,6]
traceability
5.9 COM.08 Operational planning
Process ID COM.08
Name Operational planning

Purpose The purpose of operational planning is to define the characteristics of all operational and

organizational processes, and to plan their execution.
Outcomes As a result of successful implementation of this process:
1. Process requirements are identified.
[2. Process input and output products are determined.]
3. The set of activities that transform the inputs into outputs is determined.

4. The sequence and interaction of the process with other processes is determined.

5. The required competencies and roles for performing the process are identified.

6. The required resources for performing the process are identified.

7. Methods for monitoring the effectiveness and suitability of the process are determined.

8. Plans for the deployment of the process are developed.
Requirements ISO/IEC 20000-1:2018, 5.1 Leadership and commitment [4,5,6]
traceability
ISO/IEC 20000-1:2018, 6.1.2 [1]
ISO/IEC 20000-1:2018, 6.1.3 [4,8]
ISO/IEC 20000-1:2018, 6.2.2 Plan to achieve objectives [1,4,6,7]
ISO/IEC 20000-1:201
...

TECHNICAL ISO/IEC TS
SPECIFICATION 33054
First edition
Information technology — Process
assessment — Process reference
model for service management
PROOF/ÉPREUVE
Reference number
ISO/IEC TS 33054:2020(E)
ISO/IEC 2020
---------------------- Page: 1 ----------------------
ISO/IEC TS 33054:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TS 33054:2020(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Overview of the process reference model .................................................................................................................................. 1

5 Process descriptions ........................................................................................................................................................................................ 3

5.1 General ........................................................................................................................................................................................................... 3

5.2 COM.01 Communication management ............................................................................................................................... 4

5.3 COM.02 Documentation management ................................................................................................................................ 5

5.4 COM.03 Human resource management ............................................................................................................................. 6

5.5 COM.04 Improvement ....................................................................................................................................................................... 6

5.6 COM.05 Internal audit....................................................................................................................................................................... 7

5.7 COM.06 Management review ...................................................................................................................................................... 7

5.8 COM.07 Non-conformity management .............................................................................................................................. 8

5.9 COM.08 Operational planning .................................................................................................................................................... 8

5.10 COM.09 Operational implementation and control ................................................................................................... 9

5.11 COM.10 Performance evaluation ..........................................................................................................................................10

5.12 COM.11 Risk management .........................................................................................................................................................11

5.13 RAA.1 Business relationship management ..................................................................................................................11

5.14 RAA.2 Service level management.........................................................................................................................................12

5.15 RAA.3 Service reporting ...............................................................................................................................................................12

5.16 RAA.4 Supplier management ...................................................................................................................................................13

5.17 RAA.5 Service catalogue management ............................................................................................................................13

5.18 RAF.1 Incident management ....................................................................................................................................................14

5.19 RAF.2 Service request management ..................................................................................................................................14

5.20 RAF.3 Problem management ....................................................................................................................................................15

5.21 SAD.1 Budgeting and accounting for services ...........................................................................................................15

5.22 SAD.2 Demand management ....................................................................................................................................................15

5.23 SAD.3 Capacity management ...................................................................................................................................................16

5.24 SAS.1 Service availability management ..........................................................................................................................16

5.25 SAS.2 Service continuity management ............................................................................................................................17

5.26 SAS.3 Information security management .....................................................................................................................17

5.27 SDB.1 Service requirements definition ...........................................................................................................................18

5.28 SDB.2 Service design .......................................................................................................................................................................18

5.29 SDB.3 Service build and transition .....................................................................................................................................18

5.30 SDB.4 Release and deployment management ...........................................................................................................19

5.31 SDE.1 Service delivery ...................................................................................................................................................................19

5.32 SPC.1 Change management .......................................................................................................................................................20

5.33 SPC.2 Configuration management .......................................................................................................................................20

5.34 TOP.01 Leadership ............................................................................................................................................................................21

Annex A (informative) The relationship between management system requirements and a

process reference model ...........................................................................................................................................................................22

Annex B (informative) Statement of conformity to ISO/IEC 33004 ...................................................................................71

Bibliography .............................................................................................................................................................................................................................73

© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE iii
---------------------- Page: 3 ----------------------
ISO/IEC TS 33054:2020(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that

are members of ISO or IEC participate in the development of International Standards through

technical committees established by the respective organization to deal with particular fields of

technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other

international organizations, governmental and non-governmental, in liaison with ISO and IEC, also

take part in the work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC

list of patent declarations received (see http:// patents .iec .ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information Technology,

Subcommittee SC 7, Systems and Software Engineering.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
iv PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TS 33054:2020(E)
Introduction

This document facilitates the development of a process assessment model (PAM) for service

management described in ISO/IEC TS 33074.

A process reference model is a model comprising definitions of processes described in terms of process

purpose and outcomes, together with an architecture describing the relationships between the

processes. Using the process reference model in a practical application can require additional elements

suited to the environment and circumstances.

The process reference model specified in this document describes the processes including the service

management system (SMS) processes implied by ISO/IEC 20000-1. Each process of this process

reference model provides traceability to requirements. The process reference model does not attempt

to place the processes in any specific environment nor does it pre-determine any level of process

capability required to fulfil the ISO/IEC 20000-1 requirements. The process reference model does not

provide the evidence required to be conformant to the evidence requirements of ISO/IEC 20000-1. The

process reference model is not intended to be used for a conformity assessment audit or as a process

implementation reference guide.

ISO/IEC 33001 describes the concepts and terminology used for process assessment. ISO/IEC 33002

describes the requirements for conducting an assessment. ISO/IEC 33004 describes the requirements for

process reference, process assessment and maturity models. ISO/IEC 33020 describes the measurement

scale for assessing the process quality characteristic of process capability. ISO/IEC TR 24774 describes

the common elements of processes.

The relationships between ISO/IEC 20000-1, ISO/IEC TR 24774, ISO/IEC 33002, ISO/IEC 33004,

ISO/IEC 33020, this document and ISO/IEC TS 33074 are shown in Figure 1.
Figure 1 — Relationships between relevant standards
Clause 4 provides an overview of the process reference model.
Clause 5 describes the processes in the process reference model.

Annex A describes the relationship between management system requirements and process model

elements.
Annex B provides the statement of conformity in accordance with ISO/IEC 33004.
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE v
---------------------- Page: 5 ----------------------
ISO/IEC TS 33054:2020(E)
This document replaces ISO/IEC TR 20000-4.
vi PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/IEC TS 33054:2020(E)
Information technology — Process assessment — Process
reference model for service management
1 Scope

This document defines a process reference model for the domain of service management.

The model specifies a process architecture for the domain and comprises a set of processes. Each

process is described in terms of process purpose and outcomes.

The process reference model in this document is directed at assessment sponsors and competent

assessors who wish to select a model, and associated documented process method, for assessment (for

either capability determination or process improvement).
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 20000-10, Information technology — Service management — Part 10: Concepts and vocabulary

ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 33001 and

ISO/IEC 20000-10 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
4 Overview of the process reference model

This clause describes the structure of a process reference model to support service management.

The process reference model includes processes, which can already exist in the context of a service

management system of a service provider.
Figure 2 identifies the processes derived from ISO/IEC 20000-1 requirements.

Processes are grouped according to their primary purpose, namely, generic processes associated

with the management system implementation, processes associated with technical aspects of service

management, and organisational processes associated with management of service management

activities.

NOTE The model shown in Figure 2 covers all the requirements of ISO/IEC 20000-1 but the grouping is

different.

The term "common processes" refers to those processes identified with the text within the management

system sub-clauses that is common to all management system standards. The "leadership" process is

also common to all management system standards.
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 7 ----------------------
ISO/IEC TS 33054:2020(E)
Technical processes include those associated with the following groups:
— service delivery processes;
— service design, build and transition processes;
— resolution and fulfilment processes;
— service control processes;
— supply and demand processes;
— service assurance processes.

Organizational processes are those that include processes in the group "relationship and agreement

processes".

Table A.2 shows the detailed traceability from ISO/IEC 20000-1:2018 to the process reference model

outcomes.

Users of this document may freely reproduce the detailed descriptions contained in this process

reference model as part of any tool or other material to support the performance of process assessments,

so that it can be used for its intended purpose.
2 PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC TS 33054:2020(E)
Figure 2 — Processes in the process reference model
5 Process descriptions
5.1 General

The process descriptions in this process reference model are defined following the guidance provided

in ISO/IEC TR 24774.

Each process in the process reference model has the following descriptive elements:

a) Process ID: Each process belonging to a group is identified with a process identifier consisting of

the group abbreviated name and a sequential number of the process in that group.

b) Name: the name of a process is a short phrase that summarizes the scope of the process, identifying

the principal concern of the process, and distinguishes it from other processes within the scope of

the process reference model.
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE 3
---------------------- Page: 9 ----------------------
ISO/IEC TS 33054:2020(E)

c) Purpose: the purpose of the process is a high level, overall goal for performing the process.

d) Outcomes: an outcome is an observable result of the successful achievement of the process purpose.

Outcomes are measurable, tangible, technical or business results that are achieved by a process.

Outcomes are observable and assessable.

e) Requirements traceability: the outcomes are based on the requirements of ISO/IEC 20000-1. The

references identify the applicable subclauses of ISO/IEC 20000-1, the subclause heading, and the

outcomes that are supported. (See A.6).

f) Number of outcomes: the set of process outcomes are necessary and sufficient to achieve the

purpose of the process.

In 5.2 to 5.34, all entries in the requirements traceability row end with numbers in square brackets,

(i.e. [n]). Each number in the square brackets is a reference to a numbered outcome. These outcomes are

directly linked to the requirements of ISO/IEC 20000-1.

Some outcomes are shown in square brackets. These are only indirectly linked to requirements

of ISO/IEC 20000-1. The outcomes in square brackets are not referenced by any of the entries in the

requirements traceability row. These additional outcomes have been included because they are

considered necessary in order for this type of process reference model to serve as the basis of the PAM

(ISO/IEC TS 33074). With these additional outcomes, the process is complete and the process purpose

can be achieved.
5.2 COM.01 Communication management
Process ID COM.01
Name Communication management

Purpose The purpose of communication management is to produce timely and accurate informa-

tion products to support effective communication and decision making.
Outcomes As a result of successful implementation of this process:

1. Information content is defined in terms of identified communication requirements.

2. Parties to communicate with are identified.
3. The party responsible for the communication is identified.
4. Events that require communication actions are identified.
5. The channel for the communication is selected.
6. Information products are communicated to relevant interested parties.

Requirements ISO/IEC 20000-1:2018, 5.2.2 Communicating the service management policy [6]

traceability
ISO/IEC 20000-1:2018, 6.2.1 Establish objectives [6]
ISO/IEC 20000-1:2018, 7.4 Communication [1,2,3,4,5]
ISO/IEC 20000-1:2018, 8.5.1.3 Change management activities [6]
ISO/IEC 20000-1:2018, 8.5.2.3 Build and transition [6]
ISO/IEC 20000-1:2018, 8.6.1 Incident management [6]
ISO/IEC 20000-1:2018, 8.7.3.1 Information security policy [6]
ISO/IEC 20000-1:2018, 9.2.2 [6]
ISO/IEC 20000-1:2018, 9.4 Service reporting [6]
4 PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC TS 33054:2020(E)
5.3 COM.02 Documentation management
Process ID COM.02
Name Documentation management

Purpose The purpose of documentation management is to provide relevant, timely, complete, valid

documented information to designated parties.
Outcomes As a result of successful implementation of this process:
1. Documented information to be documented is identified.
2. The forms of documented information representation are defined.
[3. The documented information content status is known.]
4. Documented information is current, complete and valid.
5. Documented information is released according to defined criteria.
6. Documented information is available to relevant interested parties.
7. Documented information is archived, or disposed of, as required.

Requirements ISO/IEC 20000-1:2018, 4.3 Determining the scope of the service management

traceability system [4,6]
ISO/IEC 20000-1:2018, 5.2.2 Communicating the service management policy [1]
ISO/IEC 20000-1:2018, 6.1.2 [1]
ISO/IEC 20000-1:2018, 6.2.1 Establish objectives [1]
ISO/IEC 20000-1:2018, 7.2 Competence [1]
ISO/IEC 20000-1:2018, 7.5.2 Creating and updating documented information [1,2,4]
ISO/IEC 20000-1:2018, 7.5.3.1 [6]
ISO/IEC 20000-1:2018, 7.5.3.2 [1,4,6,7]
ISO/IEC 20000-1:2018, 7.5.4 Service management system documented information [1]
ISO/IEC 20000-1:2018, 7.6 Knowledge [1,4,6]
ISO/IEC 20000-1:2018, 8.1 Operational planning and control [1]
ISO/IEC 20000-1:2018, 8.2.2 Plan the services [1]
ISO/IEC 20000-1:2018, 8.2.3.1 [1]
ISO/IEC 20000-1:2018, 8.2.4 Service catalogue management [4,6]
ISO/IEC 20000-1:2018, 8.2.6 Configuration management [1,6]
ISO/IEC 20000-1:2018, 8.3.2 Business relationship management [1]
ISO/IEC 20000-1:2018, 8.3.3 Service level management [1]
ISO/IEC 20000-1:2018, 8.3.4.1 Management of external suppliers [1]

ISO/IEC 20000-1:2018, 8.3.4.2 Management of internal suppliers and customers acting

as a supplier [1]
ISO/IEC 20000-1:2018, 8.4.3 Capacity management [1,4]
ISO/IEC 20000-1:2018, 8.5.1.1 Change management policy [1]
ISO/IEC 20000-1:2018, 8.5.1.3 Change management activities [1]
ISO/IEC 20000-1:2018, 8.5.2.2 Design [1]
ISO/IEC 20000-1:2018, 8.5.3 Release and deployment management [1,6]
ISO/IEC 20000-1:2018, 8.6.1 Incident management [4]
ISO/IEC 20000-1:2018, 8.6.2 Service request management [4,6]
ISO/IEC 20000-1:2018, 8.6.3 Problem management [4,6]
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE 5
---------------------- Page: 11 ----------------------
ISO/IEC TS 33054:2020(E)
Process ID COM.02
ISO/IEC 20000-1:2018, 8.7.1 Service availability management [1]
ISO/IEC 20000-1:2018, 8.7.2 Service continuity management [1,6]
ISO/IEC 20000-1:2018, 8.7.3.1 Information security policy [1,5]
ISO/IEC 20000-1:2018, 8.7.3.2 Information security controls [1,5]
ISO/IEC 20000-1:2018, 9.1 Monitoring, measurement, analysis and evaluation [1]
ISO/IEC 20000-1:2018, 9.2.2 [1]
ISO/IEC 20000-1:2018, 9.3 Management review [1]
ISO/IEC 20000-1:2018, 10.1.2 [1]
ISO/IEC 20000-1:2018, 10.2 Continual improvement [1]
5.4 COM.03 Human resource management
Process ID COM.03
Name Human resource management

Purpose The purpose of human resource management is to provide the organization with neces-

sary competent human resources and to improve their competencies, in alignment with

business needs.
Outcomes As a result of successful implementation of this process:

1. The competencies required by the organization to produce products and services are

identified.
2. Identified competency gaps are filled through training or recruitment.

3. Understanding of roles and activities in achieving organisational objectives in product

and service provision is demonstrated by each person.
Requirements ISO/IEC 20000-1:2018, 7.2 Competence [1,2]
traceability
ISO/IEC 20000-1:2018, 7.3 Awareness [3]
5.5 COM.04 Improvement
Process ID COM.04
Name Improvement

Purpose The purpose of improvement is to continually improve the management system, its pro-

cesses, products and services.
Outcomes As a result of successful implementation of this process:
1. Opportunities for improvement are identified.
2. Opportunities for improvement are evaluated against defined criteria.
3. Improvements are prioritised.
4. Improvements are implemented.
5. The effectiveness of implemented improvements is evaluated.
Requirements ISO/IEC 20000-1:2018, 8.3.2 Business relationship management [1]
traceability
ISO/IEC 20000-1:2018, 8.3.3 Service level management [1]
ISO/IEC 20000-1:2018, 8.3.4.1 Management of external suppliers [1]

ISO/IEC 20000-1:2018, 8.3.4.2 Management of internal suppliers and customers acting

as a supplier [1]
ISO/IEC 20000-1:2018, 8.5.1.3 Change management activities [1]
ISO/IEC 20000-1:2018, 8.5.3 Release and deployment management [1]
6 PROOF/ÉPREUVE © ISO/IEC 2020 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/IEC TS 33054:2020(E)
Process ID COM.04
ISO/IEC 20000-1:2018, 8.6.1 Incident management [1]
ISO/IEC 20000-1:2018, 8.7.3.3 Information security incidents [1]
ISO/IEC 20000-1:2018, 10.2 Continual improvement [2,3,4,5]
5.6 COM.05 Internal audit
Process ID COM.05
Name Internal audit

Purpose The purpose of internal audit is to independently determine conformity of the manage-

ment system, products, services, and processes to the requirements, policies, plans and

agreements, as appropriate.
Outcomes As a result of successful implementation of this process:
1. The scope and purpose of each audit is defined.

2. The objectivity and impartiality of the conduct of audits and selection of auditors are

assured.

3. Conformity of selected services, products and processes with requirements, plans and

agreements is determined.
Requirements ISO/IEC 20000-1:2018, 9.2.1 [3]
traceability
ISO/IEC 20000-1:2018, 9.2.2 [1,2]
5.7 COM.06 Management review
Process ID COM.06
Name Management review

Purpose The purpose of management review is to assess the performance of the management sys-

tem, to identify and make decisions regarding potential improvements.
Outcomes As a result of successful implementation of this process:
1. The objectives of the review are established.

2. The status and performance of an activity or process are assessed in terms of the

established objectives.
3. Risks, problems and opportunities for improvement are identified.

Requirements ISO/IEC 20000-1:2018, 5.3 Organizational roles, responsibilities and authorities [2]

traceability
ISO/IEC 20000-1:2018, 9.3 Management review [1,2,3]
© ISO/IEC 2020 – All rights reserved PROOF/ÉPREUVE 7
---------------------- Page: 13 ----------------------
ISO/IEC TS 33054:2020(E)
5.8 COM.07 Non-conformity management
Process ID COM.07
Name Non-conformity management

Purpose The purpose of the non-conformity management process is to resolve non-conformities

and to eliminate their causes when appropriate.
Outcomes As a result of successful implementation of this process:
1. Non-conformities are identified.
2. Non-conformities are resolved and closed.
3. The cause(s) of selected non-conformities is determined.
4. The need for action to eliminate the causes of non-conformities is evaluated.
5. A selected action proposal is implemented.
6. The effectiveness of changes to eliminate the non-conformities is confirmed.
Requirements ISO/IEC 20000-1:2018, 10.1.1 [1,2,3,4,5,6]
traceability
5.9 COM.08 Operational planning
Process ID COM.08
Name Operational planning

Purpose The purpose of operational planning is to define the characteristics of all operational and

organizational processes, and to plan their execution.
Outcomes As a result of successful implementation of this process:
1. Process requirements are identified.
[2. Process input and output products are determined.]
3. The set of activities that transform the inputs into outputs is determined.

4. The sequence and interaction of the process with other processes is determined.

5. The required competencies and roles for performing the process are identified.

6. The required resources for performing the process are identified.

7. Methods for monitoring the effectiveness and suitability of the process are determined.

8. Plans for the deployment of the process are developed.
Requirements ISO/IEC 20000-1:2018, 5.1 Leadership and commitment [4,5,6]
traceability
ISO/IEC 20000-1:2018, 6.1.2 [1]
ISO/IEC 20000-1:2018, 6.1.3 [4,8]
ISO/IEC 20000-1:2018, 6.2.2 Plan to achieve
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.