ISO/IEC TS 20000-5:2022

TECHNICAL ISO/IEC TS
SPECIFICATION 20000-5
First edition
2022-01
Information technology — Service
management —
Part 5:
Implementation guidance for ISO/IEC
20000-1
Technologies de l'information — Gestion des services —
Partie 5: Exemple de plan de mise en application pour l'ISO/CEI
20000-1
Reference number
© ISO/IEC 2022
© ISO/IEC 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2022 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Key considerations .1
4.1 Understanding ISO/IEC 20000-1 . 1
4.2 Appropriate use of an SMS . 2
4.3 Scope of an SMS . 2
4.4 An SMS as a goal-oriented system. 3
4.5 Support and commitment . 3
4.6 Risk-based thinking . 4
4.7 Project readiness . 4
4.8 Project team . 5
4.9 Outsourcing some part of implementation . 6
4.10 Tools . 6
4.11 Very small entities . 7
4.12 Integration with other management systems . 7
4.13 Organizational change management . 8
5 Implementation steps .8
5.1 Implementation considerations . 8
5.2 Phased implementation . 9
5.2.1 General . 9
5.2.2 Approach 1: A subset of SMS processes in each phase . 10
5.2.3 Approach 2: Evolution of the SMS at three levels .13
5.3 Initiation . 19
5.3.1 Business case development. 19
5.3.2 Baseline assessment/gap analysis . 19
5.3.3 Set target state .20
5.4 Planning . 21
5.5 Implementation . .22
5.6 Evaluation . 22
5.7 Future action . 22
6 Implementation challenges .22
7 Post-implementation .31
7.1 Monitoring and control of the SMS and improving services. 31
7.2 Preparation for the certification audit . 31
7.3 Post-audit actions . 31
7.4 Organizations not seeking certification . 32
Bibliography .33
iii
© ISO/IEC 2022 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 40, IT Service Management and IT Governance.
This first edition cancels and replaces the second edition (ISO/IEC TR 20000-5:2013), which has been
technically revised.
The main changes are as follows:
— updated relevant content based on the release of ISO/IEC 20000-1:2018;
— taken into account organizations which are not mature in service management;
— revised a three-phased plan to manage a service management system (SMS) implementation.
A list of all parts in the ISO/IEC 20000 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
iv
© ISO/IEC 2022 – All rights reserved

Introduction
This document provides guidance for organizations on how to implement a service management system
(SMS).
An SMS supports the management of the service lifecycle, including the planning, design, transition,
delivery and improvement of services, which meet agreed requirements and deliver value for
customers, users and the organization delivering the services. ISO/IEC 20000-1 specifies requirements
for planning, establishing, implementing, maintaining and continually improving an SMS.
This document focuses on providing the key considerations and different approaches for organizations
which want to plan and implement an SMS for the first time or improve an existing implementation.
These organizations, also known as service providers, can provide different types of services using
technology and digital information. They can be of any size, sector or type, with different organizational
structures or business models.
Organizations can approach the implementation of an SMS in any way: as part of a programme, a major
project, or in a more incremental manner with different phases or iterations. The results of any gap
analysis will determine which approach is appropriate for each organization. Organizations can use
different methodologies for an SMS implementation.
This document addresses the typical steps for implementation of a phase or a whole project including
project initiation, planning, implementation, evaluation and future action. Implementation of an SMS
based on three maturity levels is also described in this document.
During the implementation of an SMS, an organization will potentially face many challenges. This
document illustrates some of the challenges and the key considerations for overcoming them.
v
© ISO/IEC 2022 – All rights reserved

TECHNICAL SPECIFICATION ISO/IEC TS 20000-5:2022(E)
Information technology — Service management —
Part 5:
Implementation guidance for ISO/IEC 20000-1
1 Scope
This document provides guidance for organizations on how to implement a service management system
(SMS). Organizations can use this document to implement the entire SMS in order to conform to the
requirements specified in ISO/IEC 20000-1, or parts of an SMS for a selected subset of requirements.
This document illustrates a generic plan to manage implementation activities for an SMS.
The intended users of this document are:
a) organizations that require support on how to implement an SMS;
b) consultants and advisors who support an organization during SMS implementation.
This document can be used together with the other parts of ISO/IEC 20000 series.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 20000-1, Information technology — Service management — Part 1: Service management system
requirements
ISO/IEC 20000-10, Information technology — Service management — Part 10: Concepts and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 20000-1 and
ISO/IEC 20000-10 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Key considerations
4.1 Understanding ISO/IEC 20000-1
The success of an SMS implementation depends on top management commitment and the organization’s
personnel understanding:
a) ISO/IEC 20000-1 requirements;
b) service management policies and objectives;
© ISO/IEC 2022 – All rights reserved

c) service requirements;
d) any new or changed practices, roles or organizational structures implemented to support the SMS.
4.2 Appropriate use of an SMS
Appropriate implementation and use of an SMS ensures that:
a) the requirements of all service level agreements and contractual obligations are defined,
implemented and tracked;
b) new and existing customers’ needs and expectations will be met by demonstrating the ability to
meet the organization’s commitments;
c) new services and changes to existing services to meet customer requirements are introduced
without disrupting current service provision or affecting the integrity of the services;
d) all levels of management are aware of the resources and capacity (such as human, technology and
financial) needed by an organization to meet current and future customer requirements;
e) the activities of all parties involved in the service lifecycle are coordinated and integrated in order
to meet service requirements;
f) service personnel comply with the organization's policies and top management priorities as stated
in the service management objectives;
g) a common service management vocabulary between the organization and all interested parties is
established;
h) a feedback mechanism is established to manage the outcomes of the SMS and the services;
i) communication with customers and other interested parties is established and continually
improved;
j) all internal or external parties who contribute to service provision enhance the organization’s
capability to meet agreed requirements and deliver value for customers, users and the organization;
k) when performance issues with infrastructure and service components are identified, the
organization takes corrective actions in order to continue to meet all service requirements and
contractual obligations;
l) the service portfolio is developed and maintained to support organizational objectives and ensure
budgets for services are established, accounted for and managed;
m) the organization maintains or improves its reputation by demonstrating delivery of services
against commitments;
n) personnel, whose work affects performance and effectiveness of service management and the
services, are competent and their competence is monitored and improved;
o) all levels of the organization understand the service requirements and performance commitments.
4.3 Scope of an SMS
Before any detailed planning activity starts, the organization should ensure that ISO/IEC 20000-1 is
applicable to the organization. This applicability should take into account the scope of the services,
service management activities and the contribution of other parties (see ISO/IEC 20000-1:2018, 1.2).
The organization should identify and agree a suitable scope for its SMS, using requirements from
ISO/IEC 20000-1:2018, 4.3 and the guidance on scope definition and applicability provided in
ISO/IEC 20000-3. Even when an organization is using ISO/IEC 20000-1 to implement just one process or
a group of processes, the scope of the SMS should be defined.
© ISO/IEC 2022 – All rights reserved

An organization can initially plan to implement its SMS based on the requirements specified in
ISO/IEC 20000-1 for only part of its services. The organization can decide in the future to extend the
current SMS scope (including covered services). It should be noted that the guidance in this document
is based on the defined scope that remains unchanged during implementation. When an organization
decides to define or extend the scope of the SMS, the approaches defined in ISO/IEC 20000-3 can
be followed. Implementation timeframes can be shortened in future improvement efforts, as the
organization gains practical experience and can extend what has already been done to a larger scope of
the SMS and the services covered.
4.4 An SMS as a goal-oriented system
An SMS is neither an abstract or conceptual system, nor a process model, or a collection of processes. It
is a set of interrelated or interacting elements of an organization used to establish service management
policies and objectives aligned with the organization’s strategic direction. The essence of an SMS is
'togetherness': the drawing together of various elements and interactions producing a whole system
rather than a collection of silos connected solely by information systems and shared facilities.
An SMS is a goal-oriented system with specified elements and outcomes which work together to
be efficient and effective. These elements include people, competence, plans, processes, policies,
infrastructures, knowledge, tools and facilities. The potential outcomes can include trust, reputation,
customer loyalty, competence and competitive advantage.
Organizations implement an SMS to take inputs, for example, customer requirements and use a set of
interrelated or interacting activities to deliver intended outcomes. Feedback loops provide information
on these activities to drive sustainable improvements of performance which can require changes to the
SMS or the organization. The SMS is resilient and adaptable, able to respond to changing requirements
as well as internal or external, anticipated or unanticipated events. In addition, audits and reviews
provide the opportunity to maintain or improve an SMS.
4.5 Support and commitment
The ISO/IEC 20000-1 requirements place significant responsibility on top management to demonstrate
its leadership, with respect to service management objectives and policies, aligned with an
organization’s strategic direction.
Effective leadership is required for organizations to implement and operate an SMS. Without effective
leadership, the direction of an organization’s SMS may be defined separately by different management
groups, resulting in inconsistency.
Top management is accountable for the performance, efficiency and effectiveness of the SMS and
the services. The successful implementation of an SMS depends on the commitment of all personnel
with different levels of authority. Commitment starts with top management and extends across the
organization.
Top management should adopt a way of thinking about the performance, efficiency and effectiveness of
the SMS and services. This strongly influences personnel activities and motivates them to support and
participate actively in achieving SMS objectives.
It is not an option for top management to act as an observer with respect to an SMS and the services.
However, accountability does not mean that all decisions are made by top management. Where
responsibility for achieving objectives and delivering services is delegated within the organization or
contracted to a third party, top management always remains accountable for the SMS and delivery of
services.
Although incremental implementation is a suitable way of SMS adoption, for some organizations
successful implementation of an SMS requires a major change in thinking and communicating across all
interested parties. For more mature organizations, the implementation of an SMS may require smaller
adjustments to their ways of working.
© ISO/IEC 2022 – All rights reserved

The successful implementation of an SMS is highly dependent on management support and commitment.
Establishing management support and commitment should be achieved as soon as possible and
sustained during all the SMS implementation phases as well as SMS operations. Based on initial
analysis, a business case can help clarify understanding and establish commitments. It can help sustain
support and commitment for each phase and, therefore, effectively address risks related to the success
of planned changes.
Management should ensure that priorities are defined appropriately. The organization should aim to
maintain the understanding and involvement of all interested parties during all phases, not just at the
start.
4.6 Risk-based thinking
Risk-based thinking is not new and is now embedded in ISO management systems standards such as
ISO 9001, ISO/IEC 27001 and ISO/IEC 20000-1.
The introduction of risk-based thinking allows management to prioritize customer requirements and
define the effect of those requirements on service provision. It ensures that the risks, including the
potential advantages or disadvantages of any specific course of action, are fully understood before
making a decision. In applying risk-based thinking, both short-term and long-term benefits are
considered. It is possible to sacrifice a short-term benefit to achieve a long-term one.
The risks and opportunities identified by an assessment of the organizational context are addressed
during SMS planning to give assurance that the SMS can achieve its intended results. Having assessed
the risks and addressed them in the implementation plan, organizations can implement an SMS
with confidence. If the effects of the identified risks turn out differently, it can be necessary for the
organization to revise the implementation plan.
Risk assessment is the overall process of identification, analysis, evaluation and treatment of risks.
ISO 31000, ISO/IEC 20000-2 and other sources provide advice on risk assessment.
Categorizing risks and maintaining their historical data makes assessment and treatment of similar
risks in the future much easier.
4.7 Project readiness
Based on the business case and gap analysis described in Clause 5, the following items should be
considered when developing the project management plan:
a) scope of the SMS;
b) timeframe and schedule;
c) human resources;
d) data, information and tools;
e) allocation of financial resources;
f) identification of risks and issues that impact the project and cause conflicting priorities;
g) early identification and engagement of interested parties, both for the services in the scope of the
SMS and the SMS implementation project;
h) service management maturity within the organization;
i) receptiveness to change within the organization and the ability of the organization to manage the
changes successfully;
j) project management and control methods;
k) procurement requirements;
© ISO/IEC 2022 – All rights reserved

l) project review procedures to identify achievements and opportunities for improvement.
4.8 Project team
A project team should have strong leadership and expertise in establishing and implementing service
management policies, processes and continual improvement activities.
Selecting personnel for the project team who are also involved in day-to-day operational activities can
lead to conflicting priorities. To avoid impact on a project, management should support their new roles
and responsibilities and control workloads.
The project team should have expertise in and be responsible for:
a) managing projects;
b) designing and implementing an SMS;
c) defining the procedure for developing and implementing new or changed processes;
d) developing, implementing and integrating processes within the scope of the SMS;
e) minimizing the impact of the SMS implementation on day-to-day activities;
f) testing and measuring the efficiency, effectiveness and continual improvement of processes;
g) managing organizational change, communication and training.
The project team should be aware that the effectiveness of the SMS depends on the integration of
the service management processes. Defining the processes and understanding their integration
at the beginning of the project can help ensure the coherent implementation of the SMS based on
the requirements specified in ISO/IEC 20000-1. It is also vital to ensure the integration of the SMS
requirements and processes into the organization’s business processes so that the SMS requirements
are not additional to, but part of, business as usual for the organization.
Process owners and operational managers can play an important role in identifying and managing
changes to improve processes. As process owners are identified, they should contribute to and support
the project team. Service owners should also support the implementation of the SMS to ensure that
it will be able to deliver high-quality services in an efficient way throughout the service lifecycle.
Operational managers, who are also process managers, should contribute to the SMS implementation
by providing accurate information about the operational level of each process and performing
improvement activities to achieve the target level.
For some organizations, the process owner can often be the same individual for multiple processes.
Although the process owner role can be combined with the process manager role, there is a risk when
one person holds both the owner and manager role within the same process. In some organizations, it
can be difficult to separate the roles of process owner and process manager, in which case, additional
controls will be required. Other organizations can find benefits in identifying people with increased
process specialization and responsibilities. In these organizations, a process owner is only responsible
for a single process.
Operational managers, if different from the process owners and service owners, should also be
represented on the project team. This ensures they are kept aware of any changes affecting operations.
Their involvement also ensures that the plans are realistic and that they minimize the impact on day-
to-day operations.
NOTE Guidance on the responsibilities of process owners, process managers and service owners is provided
in ISO/IEC 20000-2. For convenience, the definitions are shown here.
— A process owner role is responsible for the design of the process, ensuring adherence to the process and the
measurement and improvement of the process.
© ISO/IEC 2022 – All rights reserved

— A process manager is responsible for the operation of the process and the management of the process
management resources.
— A service owner role (can be a member of top management or an operational manager) is responsible for a
service throughout the service lifecycle, including planning, design, transition, delivery, improvement and
retirement.
4.9 Outsourcing some part of implementation
When some of the service management implementation activities are outsourced, it is important to
ensure that all parties:
— contribute to a successful SMS implementation by taking an active role;
— communicate effectively throughout the implementation;
— understand and confirm the role(s) and responsibilities in implementation;
— agree clear terms and conditions for their part in the implementation of the SMS;
— participate in decision making effectively.
Accountability for the implementation project and its success cannot be delegated in any way to an
external supplier. The implementation project team plans and executes under the organization’s
control and stewardship. If a supplier is unwilling or unable to participate, it may be necessary to find
an alternative, if possible. Additionally, the following subclauses in ISO/IEC 20000-1 can be of use when
considering outsourcing in an SMS implementation project:
a) Subclause 4.2 — Understanding the needs and expectations of interested parties;
b) Subclause 6.2 — Service management objectives and planning to achieve them;
c) Subclause 6.3 — Plan the service management system;
d) Subclause 7.4 — Communication;
e) Subclause 7.5.4 — Service management system documented information;
f) Subclause 8.2.3 — Control of parties involved in the service lifecycle;
g) Subclause 8.3 — Relationship and agreement.
NOTE General guidance for outsourcing is provided in ISO 37500.
4.10 Tools
All organizations will use a variety of toolsets to support their existing operations. Some can be
sophisticated, fully able to support an SMS implementation, while others are less able to do this.
For some organizations, the decision to implement an SMS can drive a toolset review and the acquisition
of new ones that are better able to support the work.
ISO/IEC 20000-1 does not specify that any particular tool or toolset should be used. Each organization
should decide what works best, given their specific requirements and circumstances, e.g. budget limits.
The toolsets should be assessed to ensure that they can support the operation of the SMS as stated in
ISO/IEC 20000-1:2018, Clause 8.
In addition, the following subclauses in ISO/IEC 20000-1:2018 can be of particular use:
a) Subclause 7.1 — Resources;
b) Subclause 7.5 — Documented information;
© ISO/IEC 2022 – All rights reserved

c) Subclause 7.6 — Knowledge.
4.11 Very small entities
For very small entities (VSEs), there will be challenges in implementing an SMS. These can include
staffing of roles and responsibilities, defining the benefits versus the costs and not taking a strict
interpretation of the requirements in ISO/IEC 20000-1. For example, ISO/IEC 20000-1 only states that
“configuration information shall be recorded to a level of detail appropriate to the criticality and type
of services". This does not mean that a VSE is required to buy an expensive configuration management
toolset when a spreadsheet can be good enough.
NOTE A VSE is an organization or unit of fewer that 25 people (as defined in ISO/IEC TR 29110-1).
A VSE considering the implementation of an SMS based on ISO/IEC 20000-1 should ask itself questions
such as, “How do we manage changes now?”, “How can we improve?” and “What are the benefits of
ISO/IEC 20000-1 for us?”.
The requirements in ISO/IEC 20000-1:2018, Clause 8 should be assessed for their applicability in the
context of the VSE.
In addition, the following clauses and subclauses in ISO/IEC 20000-1:2018 can be of particular use to a
VSE in an SMS implementation project:
a) Subclause 4.3 — Determining the scope of the service management system;
b) Subclause 5.3 — Organizational roles, responsibilities and authorities;
c) Clause 6 — Planning (covered in Clause 5 of this document);
d) Clause 7 — Support of the service management system.
4.12 Integration with other management systems
Organizations that decide to implement an SMS can already have experience implementing other
management systems or can decide to implement an SMS together with another management system
such as ISO 9001 or ISO/IEC 27001.
In order to reduce redundancy and become more efficient, one option for organizations is to implement
an integrated management system. Although the idea of implementing an integrated management
system has many advantages, it can require additional resources, such as longer timelines, timescales
and higher costs. The added complexity can expose the organization to new risks. If the organization
is unable to manage the risks or allocate additional resources, it will not benefit from implementing an
integrated management system. It can also fail to implement an SMS. Understanding the current state
of the organization is important in making a decision to implement the SMS separately or to integrate
it with other management systems. The following factors should be considered and documented in a
business case before making any decision:
— the risks and opportunities (separated and integrated);
— the scope and objectives of an SMS and other management systems (common, partially overlapping
or completely separate scope and/or objectives);
— the need to implement an integrated management system (operational or strategic factors);
— the organizational maturity in implementing management systems;
— the impacts of implementing an integrated management system on:
— customers or interested parties,
— organizational operations,
© ISO/IEC 2022 – All rights reserved

— the organization’s strategic direction,
— top management commitment,
— services;
— the additional resources, authorities and responsibilities required to implement an SMS integrated
with other management systems;
— the overlapping or common elements of an SMS and other management systems.
If an organization decides to implement an SMS integrated with other management systems, they
should:
a) perform a mapping of SMS requirements against the other management systems to define what can
be integrated and how;
b) consider the integration of the common requirements such as leadership and commitment,
planning, determining and acquiring competence, control of documented information, monitoring,
measurement, analysis and evaluation, internal audits, management reviews and continual
improvement;
c) use the guidelines for implementing an SMS with other management system standards, such as:
1) ISO/IEC TR 20000-7;
2) ISO/IEC 27013;
3) The ISO Handbook – Integrated Use of Management System Standards (IUMSS);
d) decide how to run the implementation projects, such as:
1) implement each management system separately and later run a new project to integrate them;
2) execute management systems implementation projects concurrently within one programme
that includes integration work to ensure alignment and integration. A separate group can be
responsible for the integration work.
4.13 Organizational change management
A successful implementation of an SMS requires managing the human aspects of the change through
organizational change management. Personnel need to be encouraged to change their behaviours, e.g.,
by taking on new roles and responsibilities. Some organizations establish a Change Management Office
which interacts with a Project Management Office to support the smooth and successful implementation
of an SMS. Areas where organizational change management can be helpful are shown in Clause 6,
Table 2.
5 Implementation steps
5.1 Implementation considerations
Organizations that decide to use this document fall into the following categories.
a) Organizations that have never implemented an SMS before and now decide to do so.
b) Organizations that have already implemented an SMS and need to change it to improve performance
or effectiveness of the SMS.
c) Organizations that decide to implement only a subset of the requirements specified in
ISO/IEC 20000-1.
© ISO/IEC 2022 – All rights reserved

The decision to implement, or improve an SMS, can be driven by, but not limited to:
— political, economic, social, technological, legal and environmental forces;
— the requirements of customers and other interested parties;
— the organization’s objectives or policies;
— nonconformities reported by audits;
— feedback and complaints from customers or other interested parties;
— the output of management reviews.
The typical steps which are used for implementation are shown in Figure 1 and described in
subclauses 5.3 to 5.7. An organization can adjust these steps according to its culture and goals.
Figure 1 — Typical implementation steps
Organizations can approach the implementation of an SMS in any way, from a major project with
aggressive timescales and targets, to something smaller, using methodologies such as Agile, in a
more incremental manner and with different phases or iterations. Whichever approach is chosen,
no organization can claim conformity with ISO/IEC 20000-1 unless all requirements specified in
ISO/IEC 20000-1:2018, Clauses 4 to 10 have been met.
1)
The chosen approach can be used with ISO/IEC 20000-2, ITIL and other guidance or frameworks. The
relationship between ISO/IEC 20000-1 and ITIL is described in ISO/IEC 20000-11.
5.2 Phased implementation
5.2.1 General
Phased implementation allows organizations to start simply and move forward by dividing the work
to make it more manageable. Each phase can have a limited set of goals or objectives. This makes it
1) ITIL® is a registered trade mark and product owned by AXELOS Limited. This information is given for the
convenience of users of this document and does not constitute an endorsement by ISO and IEC of the product named.
Equivalent products may be used if they can be shown to lead to the same results.
© ISO/IEC 2022 – All rights reserved

easier to maintain progress and manage the expectations and needs of customers and other interested
parties.
Using feedback throughout and after each phase will quickly deliver incremental value, even if
circumstances change. Figure 2 shows an example of phased implementation.
Figure 2 — Phased implementation
The phases described in this document do not include changes to the intended scope of the organization’s
SMS. Instead, each phase should improve the SMS in alignment with the organization’s agreed scope,
building on the results of the previous phase.
There are different approaches for defining the scope of each phase. The results of any gap analysis will
determine which approach is appropriate for each organization. Some possible approaches are:
a) Approach 1: A subset of SMS processes in each phase;
b) Approach 2: Evolution of the SMS at three levels.
If an organization provides services with different maturity levels, the phased approach can be useful
limiting the scope of each phase to the provision of services with the same maturity levels. Alternatively,
the organization can develop a programme covering a number of different implementation or
integration projects, where each project scope includes implementing the SMS for services with the
same levels of maturity.
5.2.2 Approach 1: A subset of SMS processes in each phase
In this approach, each phase contains a subset of SMS processes to be implemented or improved.
Additional processes are then added so that all processes are implemented by the end of the last
phase. A subset of processes can include any group of SMS processes. A suggested approach for
defining the groups is to use subclauses 8.1 to 8.7 in ISO/IEC 20000-1:2018. This approach for a phased
implementation is defined in the next paragraphs and presented in Figure 3.
Implementation of the resolution and fulfilment processes, which allow an organization to respond to
service disruptions, is at the highest level of priority.
Relationship and agreement processes whose implementation has direct and immediate impact on the
organization’s communication with customers and other external interested parties are in the second
priority level. At the third level of priority, implementation of service design, build and transition
processes enabling changes in service provision is suggested. Concurrently, it is a good idea for the
© ISO/IEC 2022 – All rights reserved

organization to start implementing supply and demand processes to manage demand and capacity
along with budgeting and accounting for services.
Implementation and improvement of operational planning and control processes are started from
Phase I and continue in all phases until the end. Implementation of the service assurance processes
starts with a minimal set of controls and measures and matures as each process is implemented, as
illustrated in Figure 3. Implementation of the service portfolio processes starts with designing an
initial and incomplete service catalogue and is improved during subsequent phases.
The organization can continually improve the suitability, adequacy and effectiveness of the SMS
processes, services and other elements. For further guidance on implementing the processes, refer to
ISO/IEC 20000-2.
© ISO/IEC 2022 – All rights reserved

NOTE In Figure 3, a shaded rectangle is used to show an organization is consistently improving its SMS
across all phases. A triangle indicates which phase will support the majority of the activities within the named
subclause.
Figure 3 — A subset of processes approach
A major risk in a phased implementation of an SMS is the loss of a holistic approach to management.
When breaking the implementation down into phases, each one is being implemented separately, not
necessarily under the same management and with the same team. Organizations need to be aware of
the dangers of a silo mentality where existing problems are simply shifted to somewhere else in the
organization or bigger ones are created later.
© ISO/IEC 2022 – All rights reserved

When organ
...