ISO/IEC PRF TS 20000-5

TECHNICAL ISO/IEC TS
SPECIFICATION 20000-5
First edition
Information technology — Service
management —
Part 5:
Implementation guidance for ISO/IEC
20000-1
Technologies de l'information — Gestion des services —
Partie 5: Exemple de plan de mise en application pour l'ISO/CEI
20000-1
PROOF/ÉPREUVE
Reference number
ISO/IEC TS 20000-5:2021(E)
© ISO/IEC 2021
---------------------- Page: 1 ----------------------
ISO/IEC TS 20000-5:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on

the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

Foreword ........................................................................................................................................................................................................................................iv

Introduction .................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ..................................................................................................................................................................................... 1

3 Terms and definitions .................................................................................................................................................................................... 1

4 Key considerations ............................................................................................................................................................................................1

4.1 Understanding ISO/IEC 20000-1:2018 .............................................................................................................................. 1

4.2 Appropriate use of an SMS ........................................................................................................................................................... 2

4.3 Scope of an SMS ...................................................................................................................................................................................... 2

4.4 An SMS as a goal-oriented system......................................................................................................................................... 3

4.5 Support and commitment ............................................................................................................................................................. 3

4.6 Risk-based thinking ........................................................................................................................................................................... 4

4.7 Project readiness .................................................................................................................................................................................. 4

4.8 Project team .............................................................................................................................................................................................. 5

4.9 Outsourcing some part of implementation ................................................................................................................... 6

4.10 Tools ................................................................................................................................................................................................................. 6

4.11 Very small entities ............................................................................................................................................................................... 7

4.12 Integration with other management systems ............................................................................................................ 7

4.13 Organizational change management .................................................................................................................................. 8

5 Implementation steps .....................................................................................................................................................................................8

5.1 Implementation considerations .............................................................................................................................................. 8

5.2 Phased implementation .................................................................................................................................................................. 9

5.2.1 General ........................................................................................................................................................................................ 9

5.2.2 Approach 1: A subset of SMS processes in each phase .................................................................. 10

5.2.3 Approach 2: Evolution of the SMS at three levels ...............................................................................13

5.3 Initiation .................................................................................................................................................................................................... 19

5.3.1 Business case development.................................................................................................................................... 19

5.3.2 Baseline assessment/gap analysis .................................................................................................................. 19

5.3.3 Set target state ..................................................................................................................................................................20

5.4 Planning ..................................................................................................................................................................................................... 21

5.5 Implementation ........................................................................................................................................... ........................................22

5.6 Evaluation ................................................................................................................................................................................................ 22

5.7 Future action ......................................................................................................................................................................................... 22

6 Implementation challenges ...................................................................................................................................................................22

7 Post-implementation ....................................................................................................................................................................................31

7.1 Monitoring and control of the SMS and improving services....................................................................... 31

7.2 Preparation for the certification audit ........................................................................................................................... 31

7.3 Post-audit actions .............................................................................................................................................................................. 31

7.4 Organizations not seeking certification ....................................................................................................................... 32

Bibliography .............................................................................................................................................................................................................................33

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical

activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

The procedures used to develop this document and those intended for its further maintenance

are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria

needed for the different types of document should be noted. This document was drafted in

accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC

Any trade name used in this document is information given for the convenience of users and does not

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to

the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see

www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

This first edition cancels and replaces the second edition (ISO/IEC TR 20000-5:2013), which has been

— revised a three-phased plan to manage a service management system (SMS) implementation.

A list of all parts in the ISO/IEC 20000 series can be found on the ISO and IEC websites.

Any feedback or questions on this document should be directed to the user’s national standards

body. A complete listing of these bodies can be found at www.iso.org/members.html and

This document provides guidance for organizations on how to implement a service management system

An SMS supports the management of the service lifecycle, including the planning, design, transition,

delivery and improvement of services, which meet agreed requirements and deliver value for customers,

users and the organization delivering the services. ISO/IEC 20000-1:2018 specifies requirements for

planning, establishing, implementing, maintaining and continually improving an SMS.

This document focuses on providing the key considerations and different approaches for organizations

which want to plan and implement an SMS for the first time or improve an existing implementation.

These organizations, also known as service providers, can provide different types of services using

technology and digital information. They can be of any size, sector or type, with different organizational

Organizations can approach the implementation of an SMS in any way: as part of a programme, a major

project, or in a more incremental manner with different phases or iterations. The results of any gap

analysis will determine which approach is appropriate for each organization. Organizations can use

This document addresses the typical steps for implementation of a phase or a whole project including

project initiation, planning, implementation, evaluation and future action. Implementation of an SMS

During the implementation of an SMS, an organization will potentially face many challenges. This

document illustrates some of the challenges and the key considerations to overcome them.

This document provides guidance for organizations on how to implement a service management system

(SMS). Organizations can use this document to implement the entire SMS in order to conform to the

requirements specified in ISO/IEC 20000-1, or parts of an SMS for a selected subset of requirements.

This document illustrates a generic plan to manage implementation activities for an SMS.

b) consultants and advisors who support an organization during SMS implementation.

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 20000-1, Information technology — Service management — Part 1: Service management system

ISO/IEC 20000-10, Information technology — Service management — Part 10: Concepts and vocabulary

For the purposes of this document, the terms and definitions given in ISO/IEC 20000-1 and

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

The success of an SMS implementation depends on top management commitment and the organization’s

d) any new or changed practices, roles or organizational structures implemented to support the SMS.

a) the requirements of all service level agreements and contractual obligations are defined,

b) new and existing customers’ needs and expectations will be met by demonstrating the ability to

c) new services and changes to existing services to meet customer requirements are introduced

without disrupting current service provision or affecting the integrity of the services;

d) all levels of management are aware of the resources and capacity (such as human, technology and

financial) needed by an organization to meet current and future customer requirements;

e) the activities of all parties involved in the service lifecycle are coordinated and integrated in order

f) service personnel comply with the organization's policies and top management priorities as stated

g) a common service management vocabulary between the organization and all interested parties is

h) a feedback mechanism is established to manage the outcomes of the SMS and the services;

i) communication with customers and other interested parties is established and continually

j) all internal or external parties who contribute to service provision enhance the organization’s

capability to meet agreed requirements and deliver value for customers, users and the organization;

k) when performance issues with infrastructure and service components are identified, the

organization takes corrective actions in order to continue to meet all service requirements and

l) the service portfolio is developed and maintained to support organizational objectives and ensure

m) the organization maintains or improves its reputation by demonstrating delivery of services

n) personnel, whose work affects performance and effectiveness of service management and the

o) all levels of the organization understand the service requirements and performance commitments.

Before any detailed planning activity starts, the organization should ensure that ISO/IEC 20000-1 is

applicable to the organization. This applicability should take into account the scope of the services,

service management activities and the contribution of other parties (see ISO/IEC 20000-1:2018, 1.2).

The organization should identify and agree a suitable scope for its SMS, using requirements from

ISO/IEC 20000-1:2018, 4.3 and the guidance on scope definition and applicability provided in

ISO/IEC 20000-3. Even when an organization is using ISO/IEC 20000-1 to implement just one process or

An organization can initially plan to implement its SMS based on the requirements specified in

ISO/IEC 20000-1 for only part of its services. The organization can decide in the future to extend the

current SMS scope (including covered services). It should be noted that the guidance in this document

is based on the defined scope that remains unchanged during implementation. When an organization

decides to define or extend the scope of the SMS, the approaches defined in ISO/IEC 20000-3 can

be followed. Implementation timeframes can be shortened in future improvement efforts, as the

organization gains practical experience and can extend what has already been done to a larger scope of

An SMS is neither an abstract or conceptual system, nor a process model, or a collection of processes. It

is a set of interrelated or interacting elements of an organization used to establish service management

policies and objectives aligned with the organization’s strategic direction. The essence of an SMS is

'togetherness': the drawing together of various elements and interactions producing a whole system

rather than a collection of silos connected solely by information systems and shared facilities.

An SMS is a goal-oriented system with specified elements and outcomes which work together to

be efficient and effective. These elements include people, competence, plans, processes, policies,

infrastructures, knowledge, tools and facilities. The potential outcomes can include trust, reputation,

Organizations implement an SMS to take inputs, for example, customer requirements and use a set of

interrelated or interacting activities to deliver intended outcomes. Feedback loops provide information

on these activities to drive sustainable improvements of performance which can require changes to the

SMS or the organization. The SMS is resilient and adaptable, able to respond to changing requirements

as well as internal or external, anticipated or unanticipated events. In addition, audits and reviews

The ISO/IEC 20000-1 requirements place significant responsibility on top management to demonstrate

its leadership, with respect to service management objectives and policies, aligned with an

Effective leadership is required for organizations to implement and operate an SMS. Without effective

leadership, the direction of an organization’s SMS may be defined separately by different management

Top management is accountable for the performance, efficiency and effectiveness of the SMS and

the services. The successful implementation of an SMS depends on the commitment of all personnel

with different levels of authority. Commitment starts with top management and extends across the

Top management should adopt a way of thinking about the performance, efficiency and effectiveness of

the SMS and services. This strongly influences personnel activities and motivates them to support and

It is not an option for top management to act as an observer with respect to an SMS and the services.

However, accountability does not mean that all decisions are made by top management. Where

responsibility for achieving objectives and delivering services is delegated within the organization or

contracted to a third party, top management always remains accountable for the SMS and delivery of

Although incremental implementation is a suitable way of SMS adoption, for some organizations

successful implementation of an SMS requires a major change in thinking and communicating across all

interested parties. For more mature organizations, the implementation of an SMS may require smaller

The successful implementation of an SMS is highly dependent on management support and commitment.

Establishing management support and commitment should be achieved as soon as possible and

sustained during all the SMS implementation phases as well as SMS operations. Based on initial

analysis, a business case can help clarify understanding and establish commitments. It can help sustain

support and commitment for each phase and, therefore, effectively address risks related to the success

Management should ensure that priorities are defined appropriately. The organization should aim to

maintain the understanding and involvement of all interested parties during all phases, not just at the

Risk-based thinking is not new and is now embedded in ISO management systems standards such as

The introduction of risk-based thinking allows management to prioritize customer requirements and

define the effect of those requirements on service provision. It ensures that the risks, including the

potential advantages or disadvantages of any specific course of action, are fully understood before

making a decision. In applying risk-based thinking, both short-term and long-term benefits are

considered. It is possible to sacrifice a short-term benefit to achieve a long-term one.

The risks and opportunities identified by an assessment of the organizational context are addressed

during SMS planning to give assurance that the SMS can achieve its intended results. Having assessed

the risks and addressed them in the implementation plan, organizations can implement an SMS with

confidence. If the effects of the identified risks turn out differently, the organization can need to revise

Risk assessment is the overall process of identification, analysis, evaluation and treatment of risks.

Categorizing risks and maintaining their historical data makes assessment and treatment of similar

Based on the business case and gap analysis described in Clause 5, the following items should be

f) identification of risks and issues that impact the project and cause conflicting priorities;

g) early identification and engagement of interested parties, both for the services in the scope of the

i) receptiveness to change within the organization and the ability of the organization to manage the

l) project review procedures to identify achievements and opportunities for improvement.

A project team should have strong leadership and expertise in establishing and implementing service

Selecting personnel for the project team who are also involved in day-to-day operational activities can

lead to conflicting priorities. To avoid impact on a project, management should support their new roles

c) defining the procedure for developing and implementing new or changed processes;

d) developing, implementing and integrating processes within the scope of the SMS;

f) testing and measuring the efficiency, effectiveness and continual improvement of processes;

The project team should be aware that the effectiveness of the SMS depends on the integration of

the service management processes. Defining the processes and understanding their integration

at the beginning of the project can help ensure the coherent implementation of the SMS based on

the requirements specified in ISO/IEC 20000-1. It is also vital to ensure the integration of the SMS

requirements and processes into the organization’s business processes so that the SMS requirements

Process owners and operational managers can play an important role in identifying and managing

changes to improve processes. As process owners are identified, they should contribute to and support

the project team. Service owners should also support the implementation of the SMS to ensure that

it will be able to deliver high-quality services in an efficient way throughout the service lifecycle.

Operational managers, who are also process managers, should contribute to the SMS implementation

by providing accurate information about the operational level of each process and performing

For some organizations, the process owner can often be the same individual for multiple processes.

Although the process owner role can be combined with the process manager role, there is a risk when

one person holds both the owner and manager role within the same process. In some organizations, it

can be difficult to separate the roles of process owner and process manager, in which case, additional

controls will be required. Other organizations can find benefits in identifying people with increased

process specialization and responsibilities. In these organizations, a process owner is only responsible

Operational managers, if different from the process owners and service owners, should also be

represented on the project team. This ensures they are kept aware of any changes affecting operations.

Their involvement also ensures that the plans are realistic and that they minimize the impact on day-

NOTE Guidance on the responsibilities of process owners, process managers and service owners is provided