ISO/IEC 30105-3:2024

International
Standard
ISO/IEC 30105-3
Second edition
Information technology — IT
2024-06
Enabled Services-Business Process
Outsourcing (ITES-BPO) lifecycle
processes —
Part 3:
Measurement framework (MF) and
organization maturity model (OMM)
Technologies de l'information — Processus du cycle de vie de la
délocalisation du processus d'affaires des services activés par IT —
Partie 3: Modèle de maturité de l'organisation (OMM) et cadre de
mesure (MF)
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions .1
3.2 Abbreviated terms .2
4 Overview of MF and OMM . 3
5 ITES-BPO MF for process capability . 4
6 Rating and aggregating PAs . 5
6.1 PA rating scale .5
6.2 PA rating method .5
7 Process capability level model — Achievement of process capability levels . 6
8 OMM . 7
8.1 Overview of OMM .7
8.2 Structure of the OMM .7
9 Organization maturity levels . 8
9.1 Overview of organization maturity levels .8
9.2 Level 0 Organization: Immature organization .8
9.3 Level 1 Organization: Basic organization .8
9.4 Level 2 Organization: Managed activities .9
9.5 Level 3 Organization: Managed organization .9
9.6 Level 4 Organization: Strategic alignment .9
9.7 Level 5 Organization: Transformational organization .10
10 Rules for deriving maturity levels from process capability levels .10
10.1 Overview of maturity levels .10
10.2 Maturity level 1 .10
10.3 Maturity level 2 .11
10.4 Maturity level 3 . 12
10.5 Maturity level 4 . 13
10.6 Maturity level 5 .14
11 Conditions for inclusion of process areas .16
Annex A (informative) Conformity of the MF . 19
Annex B (informative) Conformity of the OMM .21
Bibliography .22

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 40, IT service management and IT governance.
This second edition cancels and replaces the first edition (ISO/IEC 30105-3:2016), which has been technically
revised. It also incorporates the Amendment ISO 30105-3:2016/Amd. 1:2020.
The main changes are as follows:
— terms and abbreviated terms have been added;
— definitions of capability levels have been added to improve the sequence of the document;
— capability levels and process attributes (PAs) have been updated according to ISO/IEC 33020:2019 to
harmonize organization maturity levels (see Table 1);
— in Clause 10, “process attribute rating” has been changed to “process capability level” in line with
ISO/IEC 33004:2015;
— two new tactical enablement processes, TEN9 (Communication management) and TEN10 (Documentation
management), have been added in order to align with ISO/IEC 20000-1 and ISO/IEC TS 33074;
— editorial errors from the previous edition have been corrected.
A list of all parts in the ISO/IEC 30105 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
IT Enabled Services-Business Process Outsourcing (ITES-BPO) services encompass the delegation of one
or more IT enabled business processes to a service provider who uses appropriate technology to deliver
that service. Such a service provider manages, delivers, improves and administers the outsourced business
processes in accordance with predefined and measurable performance metrics. This covers diverse business
process areas such as human resource management, administration, healthcare, financial management,
supply chain management, travel and hospitality, media, market research, data analytics, telecommunication,
manufacturing, etc. ITES-BPO services provide business solutions to customers across the globe and form
part of the core service delivery chain for customers.
The ISO/IEC 30105 series specifies the requirements for lifecycle processes performed by an ITES-BPO
service provider. It defines the processes to plan, establish, implement, operate, monitor, review, maintain
and improve its services. Key characteristics of the ISO/IEC 30105 series are as follows.
— It provides overarching guidance and requirements for all aspects of ITES-BPO industry from the view of
the service provider that performs the outsourced business processes. This is applicable for any service
provider providing services to customers through contracts and in industry verticals.
— It covers the entire outsourcing lifecycle and defines the processes that are considered to be good
practices.
— It enables process capability gap determination and improvement for service providers performing
outsourced business processes. It also serves as a process reference model (PRM) for service providers.
— It focuses on IT enabled business processes which are outsourced.
— It is generic and can be applied to all IT enabled business process outsourced services, regardless of type,
size and the nature of the services delivered.
— Process improvement (PI) implemented using the ISO/IEC 30105 series can lead to a clear return on
investment for customers and service providers.
— Alignment to the ISO/IEC 30105 series can improve consistency, delivery quality and predictability in
delivery of services.
Figure 1 illustrates the key entities and relationships involved in an ITES-BPO service. This includes
the customer, the service provider and various levels of suppliers. This is in line with the supply chain
relationship depicted in ISO/IEC 20000-1:2018, 8.3.1. This document and ISO/IEC 20000-1 complement
each other. ISO/IEC 30105-2:2024, Annex C describes the potential correlation and differences, and their
complementary nature.
© ISO/IEC 2024 – All rights reserved
v
Key
RLS relationship
SDL service delivery
SLA service level agreement
Figure 1 — ITES-BPO key entities

© ISO/IEC 2024 – All rights reserved
vi
International Standard ISO/IEC 30105-3:2024(en)
Information technology — IT Enabled Services-Business
Process Outsourcing (ITES-BPO) lifecycle processes —
Part 3:
Measurement framework (MF) and organization maturity
model (OMM)
1 Scope
This document specifies a measurement framework (MF) and an organization maturity model (OMM). It
provides the overview of how an organization can use the process reference model (PRM) in ISO/IEC 30105-1
and the process assessment model (PAM) in ISO/IEC 30105-2 to measure their capability and maturity
levels. It conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004 and supports the performance
assessment by providing a framework to measure and derive capability and organization maturity levels.
This document is intended to be used in concurrence with the other parts of the ISO/IEC 30105 series and
the assessment approach provided by ISO/IEC 33002 for assessing processes.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33020:2019, Information technology — Process assessment — Process measurement framework for
assessment of process capability
3 Terms, definitions and abbreviated terms
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Terms and definitions
3.1.1
basic process set
set of processes that ensure the achievement of maturity level 1
Note 1 to entry: The set of processes are drawn from specified process assessment models.
Note 2 to entry: A basic process set will include a minimum set of processes, together with additional and optional
processes determined by the organization context for the assessment.
[SOURCE: ISO/IEC 33001:2015, 3.3.4, modified — "the basic maturity level" has been changed to "maturity
level 1" in the definition.]
© ISO/IEC 2024 – All rights reserved
3.1.2
extended process set
set of processes specific to a maturity level higher than maturity level 1 that ensures the achievement of the
relevant process attributes
Note 1 to entry: The set of processes are drawn from specified process assessment models.
Note 2 to entry: An extended process set will include the minimum set of processes, together with additional and
optional processes determined by the organizational context for the assessment.
[SOURCE: ISO/IEC 33001:2015, 3.3.5, modified — "the basic maturity level" has been changed to "maturity
level 1" and "relevant process profile" has been changed to "relevant process attributes" in the definition.]
3.1.3
maturity model
model derived from one or more specified process assessment model(s), that identifies the process sets
associated with the levels in a specified scale of organizational process maturity
[SOURCE: ISO/IEC 33001:2015, 3.3.7]
3.1.4
process capability
characterization of the ability of a process to meet current or projected business goals
[SOURCE: ISO/IEC 33020:2019, 3.4]
3.1.5
process capability level
characterization of a process on an ordinal measurement scale of process capability
[SOURCE: ISO/IEC 33020:2019, 3.5]
3.2 Abbreviated terms
ITES-BPO IT Enabled Services-Business Process Outsourcing
MF measurement framework
OEN operational enablement
OMM organization maturity model
PA process attribute
PAM process assessment model
PRM process reference model
RLS relationship
SDL service delivery
SEN strategic enablement
SLA service level agreement
SLN solution
TEN tactical enablement
TRN transition in
© ISO/IEC 2024 – All rights reserved
TRO transition out
4 Overview of MF and OMM
Figure 2 illustrates the relationship between the parts of the ISO/IEC 30105 series relating to MF and OMM
and the assessment methods and requirements in ISO/IEC 33002, ISO/IEC 33004 and ISO/IEC 33020.
Figure 2 — Overview of MF and OMM
This document specifies the principles for an ITES-BPO MF which supports the assessment of process
capability, in accordance with the requirements of ISO/IEC 33003, as indicated in Annex A. The MF provides
a schema that can be used to construct a PAM conformant with ISO/IEC 33004, which can in turn be used
to assess process capability according to the requirements of ISO/IEC 33002. Process capability is a process
quality characteristic related to the ability of a process to consistently meet current or projected business
goals. The capability level rating does not guarantee that an organization will perform its processes at any
given process capability level, but simply that it is capable of performing its processes at that level.
This MF forms a structure that:
a) facilitates self-assessment;
b) provides a basis for use in process capability determination and process improvement;
c) is applicable across all business domains and sizes of organization;
d) produces a set of PA ratings (process profile);
e) derives a process capability level.
This document defines the principles for the ITES-BPO OMM, which supports the assessment of organization
maturity, in accordance with the requirements of ISO/IEC 33004.

© ISO/IEC 2024 – All rights reserved
5 ITES-BPO MF for process capability
This clause describes the MF to be employed for the assessment of process capability in the ITES-BPO
domain. The MF elements shall be in accordance with the definitions in ISO/IEC 33020:2019, Clause 5. The
MF defines a six-point ordinal scale for the assessment of process capability, defined as the characterization
of the ability of a process to meet current or projected business goals.
The process capability MF is expressed in terms of a set of PAs. Each PA is defined in terms of a set of PA
outcomes that can be evaluated to indicate the extent of achievement of the PA. The PAs are organized into
process capability levels, ranging from "Level 0: Incomplete" (in which the process does not achieve its
defined process outcomes) to "Level 5: Innovating" (in which the process is continually improved to respond
to changes in an organization). There are six capability levels incorporating nine PAs.
— Level 0: Incomplete process — the process is not implemented or fails to achieve the process purpose.
At this level, there is little or no evidence of any systematic achievement of the process purpose.
— Level 1: Performed process — the implemented process achieves its process purpose.
— Level 2: Managed process — the Level 1 “Performed” process is implemented in a managed fashion
(planned, monitored and adjusted) and its documented information is appropriately established,
controlled and maintained.
— Level 3: Established process — the Level 2 “Managed” process is implemented using a defined process
that is assured and continually improved.
— Level 4: Predictable process — the Level 3 “Established” process is now performed predictively.
Quantitative management needs are identified, measurement data are collected and analysed to identify
causes of variation.
— Level 5: Innovating process — the Level 4 “Predictable” process is continually improved to respond to
changes through identified innovative approaches for process innovation.
The set of process capability levels and PAs that comprise the MF are defined in Table 1.
Table 1 — Capability levels and PAs
Capability levels PA IDs PAs
Level 0: Incomplete process - -
Level 1: Performed process PA 1.1 Process performance
PA 2.1 Performance management
Level 2: Managed process
PA 2.2 Documented information management
PA 3.1 Process definition
Level 3: Established process PA 3.2 Process deployment
PA 3.3 Process assurance
PA 4.1 Quantitative analysis
Level 4: Predictable process
PA 4.2 Quantitative control
Level 5: Innovating process PA 5.1 Process innovation
Detailed definitions for all of the process capability levels and PAs are contained in ISO/IEC 33020:2019,
5.2, and are also set out in ISO/IEC 30105-2:2024, Clause 6, together with the relevant process capability
indicators.
The extent of PA achievement is characterized on a defined rating scale. The rating scale and requirements
for the rating of attribute achievement are set out in Clause 6.

© ISO/IEC 2024 – All rights reserved
6 Rating and aggregating PAs
6.1 PA rating scale
Within this MF, a PA is a measurable property of process capability. A PA rating is a judgment of the degree
to which a PA is achieved for the assessed process.
Each attribute rating represents a judgment by the assessor of the extent to which the attribute is achieved.
To improve the reliability and repeatability of the assessment, the judgements of the assessor are based on a
coherent set of recorded objective artefacts.
Aggregation may be performed using a defined set of rules to summarize the ratings.
A PA is measured using an ordinal scale.
— N Not achieved: There is little or no evidence of achievement of the defined PA in the assessed process.
— P− Partially achieved: There is some evidence of an approach to, and some achievement of, the defined PA
in the assessed process. Many aspects of achievement of the PA are potentially unpredictable.
— P+ Partially achieved: There is some evidence of an approach to, and some achievement of, the defined PA
in the assessed process. Some aspects of achievement of the PA are potentially unpredictable.
— L− Largely achieved: There is evidence of a systematic approach to, and significant achievement of, the
defined PA in the assessed process. Many weaknesses related to this PA potentially exist in the assessed
process.
— L+ Largely achieved: There is evidence of a systematic approach to, and significant achievement of, the
defined PA in the assessed process. Some weaknesses related to this PA potentially exist in the assessed
process.
— F Fully achieved: There is evidence of a complete and systematic approach to, and full achievement of,
the defined PA in the assessed process. No significant weaknesses related to this PA exist in the assessed
process.
The corresponding percentages shall be as follows:
— N Not achieved 0 % to ≤15 % achievement;
— P- Partially achieved− >15 % to ≤32,5 % achievement;
— P+ Partially achieved+ >32,5 % to ≤50 % achievement;
— L- Largely achieved− >50 % to ≤ 67,5 % achievement;
— L+ Largely achieved+ >67.5 % to ≤85 % achievement;
— F Fully achieved >85 % to ≤100 % achievement.
6.2 PA rating method
A PA outcome is the observable result of the achievement of a specified PA.
A process outcome is the observable result of the successful achievement of the process purpose.
Process outcomes and PA outcomes can be characterized as an intermediate step providing a PA rating.
The rating method employed for this document is based on rating method R1 defined in ISO/IEC 33020:2019,
5.4.2, which identifies that the approach to PA rating shall satisfy the following conditions.
a) Each process outcome for processes within the scope of the assessment shall be characterized for all
process instances, based on validated data.

© ISO/IEC 2024 – All rights reserved
b) Each PA outcome of each PA for processes within the scope of the assessment shall be characterized for
all process instances, based on validated data.
c) Process outcome characterizations for all assessed process instances shall be aggregated to provide a
process performance attribute achievement rating.
d) PA outcome characterizations for all assessed process instances shall be aggregated to provide a PA
achievement rating.
7 Process capability level model — Achievement of process capability levels
The capability level achieved by a process shall be derived from the PA ratings for that process according to
the process capability level model defined in Table 2.
This approach is based on ISO/IEC 33020:2019, 5.6, with two-dimensional aggregation using heuristics (see
ISO/IEC 33020:2019, 5.5.3.3).
Table 2 — Capability level ratings
Scale PA Rating
Level 0 Process performance Largely(−) or below
Level 1 Process performance Largely(+) or fully
Level 2 Process performance Fully
Performance management Largely(+) or fully
Documented information manage- Largely(+) or fully
ment
Level 3 Process performance Fully
Performance management Fully
Documented information manage- Fully
ment
Process definition Largely(+) or fully
Process deployment Largely(+) or fully
Process assurance Largely(+) or fully
Level 4 Process performance Fully
Performance management Fully
Documented information manage- Fully
ment
Process definition Fully
Process deployment Fully
Process assurance Fully
Quantitative analysis Largely(+) or fully
Quantitative control Largely(+) or fully
Level 5 Process performance Fully
Performance management Fully
Documented information manage- Fully
ment
Process definition Fully
Process deployment Fully
Process assurance Fully
Quantitative analysis Fully
Quantitative control Fully
Process innovation Largely(+) or fully

© ISO/IEC 2024 – All rights reserved
8 OMM
8.1 Overview of OMM
An organization’s maturity is measured on a six-point ordinal scale from "Level 0 Organization: Immature
organization" to "Level 5 Organization: Transformational organization". The scale represents the extent to
which the organization has explicitly and consistently performed, managed and established its processes
with predictable performance, and demonstrated the ability to change and adapt the performance of the
processes fundamental to achieving the organization’s business goals. Organization maturity is derived
from the underlying process capability measures.
Within the framework defined in Clause 7 of this document, each level of an organization’s maturity is
characterized by the demonstration of achievement of specified ratings of PA achievement in process sets
drawn from the ISO/IEC 30105-2 ITES-BPO PAM.
For each of the maturity levels 1-5, processes are categorized based on their contributions to the business
goals of the organization. The categories are as follows.
a) Basic process set: set of processes that ensures the achievement of the basic maturity level.
NOTE 1 A basic process set will include a minimum set of processes, together with optional processes
determined by the organization’s context for the a
...