ISO/IEC TS 20000-5:2022

TECHNICAL ISO/IEC TS
SPECIFICATION 20000-5
First edition
Information technology — Service
management —
Part 5:
Implementation guidance for ISO/IEC
20000-1
Technologies de l'information — Gestion des services —
Partie 5: Exemple de plan de mise en application pour l'ISO/CEI
20000-1
PROOF/ÉPREUVE
Reference number
ISO/IEC TS 20000-5:2021(E)
© ISO/IEC 2021

---------------------- Page: 1 ----------------------
ISO/IEC TS 20000-5:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TS 20000-5:2021(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Key considerations .1
4.1 Understanding ISO/IEC 20000-1:2018 . 1
4.2 Appropriate use of an SMS . 2
4.3 Scope of an SMS . 2
4.4 An SMS as a goal-oriented system. 3
4.5 Support and commitment . 3
4.6 Risk-based thinking . 4
4.7 Project readiness . 4
4.8 Project team . 5
4.9 Outsourcing some part of implementation . 6
4.10 Tools . 6
4.11 Very small entities . 7
4.12 Integration with other management systems . 7
4.13 Organizational change management . 8
5 Implementation steps .8
5.1 Implementation considerations . 8
5.2 Phased implementation . 9
5.2.1 General . 9
5.2.2 Approach 1: A subset of SMS processes in each phase . 10
5.2.3 Approach 2: Evolution of the SMS at three levels .13
5.3 Initiation . 19
5.3.1 Business case development. 19
5.3.2 Baseline assessment/gap analysis . 19
5.3.3 Set target state .20
5.4 Planning . 21
5.5 Implementation . .22
5.6 Evaluation . 22
5.7 Future action . 22
6 Implementation challenges .22
7 Post-implementation .31
7.1 Monitoring and control of the SMS and improving services. 31
7.2 Preparation for the certification audit . 31
7.3 Post-audit actions . 31
7.4 Organizations not seeking certification . 32
Bibliography .33
iii
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE

---------------------- Page: 3 ----------------------
ISO/IEC TS 20000-5:2021(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 40, IT Service Management and IT Governance.
This first edition cancels and replaces the second edition (ISO/IEC TR 20000-5:2013), which has been
technically revised.
The main changes are as follows:
— updated relevant content based on the release of ISO/IEC 20000-1:2018;
— taken into account organizations which are not mature in service management;
— revised a three-phased plan to manage a service management system (SMS) implementation.
A list of all parts in the ISO/IEC 20000 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
iv
PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TS 20000-5:2021(E)
Introduction
This document provides guidance for organizations on how to implement a service management system
(SMS).
An SMS supports the management of the service lifecycle, including the planning, design, transition,
delivery and improvement of services, which meet agreed requirements and deliver value for customers,
users and the organization delivering the services. ISO/IEC 20000-1:2018 specifies requirements for
planning, establishing, implementing, maintaining and continually improving an SMS.
This document focuses on providing the key considerations and different approaches for organizations
which want to plan and implement an SMS for the first time or improve an existing implementation.
These organizations, also known as service providers, can provide different types of services using
technology and digital information. They can be of any size, sector or type, with different organizational
structures or business models.
Organizations can approach the implementation of an SMS in any way: as part of a programme, a major
project, or in a more incremental manner with different phases or iterations. The results of any gap
analysis will determine which approach is appropriate for each organization. Organizations can use
different methodologies for an SMS implementation.
This document addresses the typical steps for implementation of a phase or a whole project including
project initiation, planning, implementation, evaluation and future action. Implementation of an SMS
based on three maturity levels is also described in this document.
During the implementation of an SMS, an organization will potentially face many challenges. This
document illustrates some of the challenges and the key considerations to overcome them.
v
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE

---------------------- Page: 5 ----------------------
TECHNICAL SPECIFICATION ISO/IEC TS 20000-5:2021(E)
Information technology — Service management —
Part 5:
Implementation guidance for ISO/IEC 20000-1
1 Scope
This document provides guidance for organizations on how to implement a service management system
(SMS). Organizations can use this document to implement the entire SMS in order to conform to the
requirements specified in ISO/IEC 20000-1, or parts of an SMS for a selected subset of requirements.
This document illustrates a generic plan to manage implementation activities for an SMS.
The intended users of this document are:
a) organizations that require support on how to implement an SMS;
b) consultants and advisors who support an organization during SMS implementation.
This document can be used together with the other parts of ISO/IEC 20000 series.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 20000-1, Information technology — Service management — Part 1: Service management system
requirements
ISO/IEC 20000-10, Information technology — Service management — Part 10: Concepts and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 20000-1 and
ISO/IEC 20000-10 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Key considerations
4.1 Understanding ISO/IEC 20000-1:2018
The success of an SMS implementation depends on top management commitment and the organization’s
personnel understanding:
a) ISO/IEC 20000-1 requirements;
b) service management policies and objectives;
1
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE

---------------------- Page: 6 ----------------------
ISO/IEC TS 20000-5:2021(E)
c) service requirements;
d) any new or changed practices, roles or organizational structures implemented to support the SMS.
4.2 Appropriate use of an SMS
Appropriate implementation and use of an SMS ensures that:
a) the requirements of all service level agreements and contractual obligations are defined,
implemented and tracked;
b) new and existing customers’ needs and expectations will be met by demonstrating the ability to
meet the organization’s commitments;
c) new services and changes to existing services to meet customer requirements are introduced
without disrupting current service provision or affecting the integrity of the services;
d) all levels of management are aware of the resources and capacity (such as human, technology and
financial) needed by an organization to meet current and future customer requirements;
e) the activities of all parties involved in the service lifecycle are coordinated and integrated in order
to meet service requirements;
f) service personnel comply with the organization's policies and top management priorities as stated
in the service management objectives;
g) a common service management vocabulary between the organization and all interested parties is
established;
h) a feedback mechanism is established to manage the outcomes of the SMS and the services;
i) communication with customers and other interested parties is established and continually
improved;
j) all internal or external parties who contribute to service provision enhance the organization’s
capability to meet agreed requirements and deliver value for customers, users and the organization;
k) when performance issues with infrastructure and service components are identified, the
organization takes corrective actions in order to continue to meet all service requirements and
contractual obligations;
l) the service portfolio is developed and maintained to support organizational objectives and ensure
budgets for services are established, accounted for and managed;
m) the organization maintains or improves its reputation by demonstrating delivery of services
against commitments;
n) personnel, whose work affects performance and effectiveness of service management and the
services, are competent and their competence is monitored and improved;
o) all levels of the organization understand the service requirements and performance commitments.
4.3 Scope of an SMS
Before any detailed planning activity starts, the organization should ensure that ISO/IEC 20000-1 is
applicable to the organization. This applicability should take into account the scope of the services,
service management activities and the contribution of other parties (see ISO/IEC 20000-1:2018, 1.2).
The organization should identify and agree a suitable scope for its SMS, using requirements from
ISO/IEC 20000-1:2018, 4.3 and the guidance on scope definition and applicability provided in
ISO/IEC 20000-3. Even when an organization is using ISO/IEC 20000-1 to implement just one process or
a group of processes, the scope of the SMS should be defined.
2
PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC TS 20000-5:2021(E)
An organization can initially plan to implement its SMS based on the requirements specified in
ISO/IEC 20000-1 for only part of its services. The organization can decide in the future to extend the
current SMS scope (including covered services). It should be noted that the guidance in this document
is based on the defined scope that remains unchanged during implementation. When an organization
decides to define or extend the scope of the SMS, the approaches defined in ISO/IEC 20000-3 can
be followed. Implementation timeframes can be shortened in future improvement efforts, as the
organization gains practical experience and can extend what has already been done to a larger scope of
the SMS and the services covered.
4.4 An SMS as a goal-oriented system
An SMS is neither an abstract or conceptual system, nor a process model, or a collection of processes. It
is a set of interrelated or interacting elements of an organization used to establish service management
policies and objectives aligned with the organization’s strategic direction. The essence of an SMS is
'togetherness': the drawing together of various elements and interactions producing a whole system
rather than a collection of silos connected solely by information systems and shared facilities.
An SMS is a goal-oriented system with specified elements and outcomes which work together to
be efficient and effective. These elements include people, competence, plans, processes, policies,
infrastructures, knowledge, tools and facilities. The potential outcomes can include trust, reputation,
customer loyalty, competence and competitive advantage.
Organizations implement an SMS to take inputs, for example, customer requirements and use a set of
interrelated or interacting activities to deliver intended outcomes. Feedback loops provide information
on these activities to drive sustainable improvements of performance which can require changes to the
SMS or the organization. The SMS is resilient and adaptable, able to respond to changing requirements
as well as internal or external, anticipated or unanticipated events. In addition, audits and reviews
provide the opportunity to maintain or improve an SMS.
4.5 Support and commitment
The ISO/IEC 20000-1 requirements place significant responsibility on top management to demonstrate
its leadership, with respect to service management objectives and policies, aligned with an
organization’s strategic direction.
Effective leadership is required for organizations to implement and operate an SMS. Without effective
leadership, the direction of an organization’s SMS may be defined separately by different management
groups, resulting in inconsistency.
Top management is accountable for the performance, efficiency and effectiveness of the SMS and
the services. The successful implementation of an SMS depends on the commitment of all personnel
with different levels of authority. Commitment starts with top management and extends across the
organization.
Top management should adopt a way of thinking about the performance, efficiency and effectiveness of
the SMS and services. This strongly influences personnel activities and motivates them to support and
participate actively in achieving SMS objectives.
It is not an option for top management to act as an observer with respect to an SMS and the services.
However, accountability does not mean that all decisions are made by top management. Where
responsibility for achieving objectives and delivering services is delegated within the organization or
contracted to a third party, top management always remains accountable for the SMS and delivery of
services.
Although incremental implementation is a suitable way of SMS adoption, for some organizations
successful implementation of an SMS requires a major change in thinking and communicating across all
interested parties. For more mature organizations, the implementation of an SMS may require smaller
adjustments to their ways of working.
3
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE

---------------------- Page: 8 ----------------------
ISO/IEC TS 20000-5:2021(E)
The successful implementation of an SMS is highly dependent on management support and commitment.
Establishing management support and commitment should be achieved as soon as possible and
sustained during all the SMS implementation phases as well as SMS operations. Based on initial
analysis, a business case can help clarify understanding and establish commitments. It can help sustain
support and commitment for each phase and, therefore, effectively address risks related to the success
of planned changes.
Management should ensure that priorities are defined appropriately. The organization should aim to
maintain the understanding and involvement of all interested parties during all phases, not just at the
start.
4.6 Risk-based thinking
Risk-based thinking is not new and is now embedded in ISO management systems standards such as
ISO 9001, ISO/IEC 27001 and ISO/IEC 20000-1.
The introduction of risk-based thinking allows management to prioritize customer requirements and
define the effect of those requirements on service provision. It ensures that the risks, including the
potential advantages or disadvantages of any specific course of action, are fully understood before
making a decision. In applying risk-based thinking, both short-term and long-term benefits are
considered. It is possible to sacrifice a short-term benefit to achieve a long-term one.
The risks and opportunities identified by an assessment of the organizational context are addressed
during SMS planning to give assurance that the SMS can achieve its intended results. Having assessed
the risks and addressed them in the implementation plan, organizations can implement an SMS with
confidence. If the effects of the identified risks turn out differently, the organization can need to revise
the implementation plan.
Risk assessment is the overall process of identification, analysis, evaluation and treatment of risks.
ISO 31000, ISO/IEC 20000-2 and other sources provide advice on risk assessment.
Categorizing risks and maintaining their historical data makes assessment and treatment of similar
risks in the future much easier.
4.7 Project readiness
Based on the business case and gap analysis described in Clause 5, the following items should be
considered when developing the project management plan:
a) scope of the SMS;
b) timeframe and schedule;
c) human resources;
d) data, information and tools;
e) allocation of financial resources;
f) identification of risks and issues that impact the project and cause conflicting priorities;
g) early identification and engagement of interested parties, both for the services in the scope of the
SMS and the SMS implementation project;
h) service management maturity within the organization;
i) receptiveness to change within the organization and the ability of the organization to manage the
changes successfully;
j) project management and control methods;
k) procurement requirements;
4
PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC TS 20000-5:2021(E)
l) project review procedures to identify achievements and opportunities for improvement.
4.8 Project team
A project team should have strong leadership and expertise in establishing and implementing service
management policies, processes and continual improvement activities.
Selecting personnel for the project team who are also involved in day-to-day operational activities can
lead to conflicting priorities. To avoid impact on a project, management should support their new roles
and responsibilities and control workloads.
The project team should have expertise in and be responsible for:
a) managing projects;
b) designing and implementing an SMS;
c) defining the procedure for developing and implementing new or changed processes;
d) developing, implementing and integrating processes within the scope of the SMS;
e) minimizing the impact of the SMS implementation on day-to-day activities;
f) testing and measuring the efficiency, effectiveness and continual improvement of processes;
g) managing organizational change, communication and training.
The project team should be aware that the effectiveness of the SMS depends on the integration of
the service management processes. Defining the processes and understanding their integration
at the beginning of the project can help ensure the coherent implementation of the SMS based on
the requirements specified in ISO/IEC 20000-1. It is also vital to ensure the integration of the SMS
requirements and processes into the organization’s business processes so that the SMS requirements
are not additional to, but part of, business as usual for the organization.
Process owners and operational managers can play an important role in identifying and managing
changes to improve processes. As process owners are identified, they should contribute to and support
the project team. Service owners should also support the implementation of the SMS to ensure that
it will be able to deliver high-quality services in an efficient way throughout the service lifecycle.
Operational managers, who are also process managers, should contribute to the SMS implementation
by providing accurate information about the operational level of each process and performing
improvement activities to achieve the target level.
For some organizations, the process owner can often be the same individual for multiple processes.
Although the process owner role can be combined with the process manager role, there is a risk when
one person holds both the owner and manager role within the same process. In some organizations, it
can be difficult to separate the roles of process owner and process manager, in which case, additional
controls will be required. Other organizations can find benefits in identifying people with increased
process specialization and responsibilities. In these organizations, a process owner is only responsible
for a single process.
Operational managers, if different from the process owners and service owners, should also be
represented on the project team. This ensures they are kept aware of any changes affecting operations.
Their involvement also ensures that the plans are realistic and that they minimize the impact on day-
to-day operations.
NOTE Guidance on the responsibilities of process owners, process managers and service owners is provided
in ISO/IEC 20000-2. For convenience, the definitions are shown here.
— A process owner role is responsib
...