Information technology -- Service management

The purpose of ISO/IEC TR 20000-4:2010 is to facilitate the development of a process assessment model according to ISO/IEC 15504 process assessment principles. ISO/IEC 15504-1 describes the concepts and terminology used for process assessment. ISO/IEC 15504-2 describes the requirements for the conduct of an assessment and a measurement scale for assessing process capability. The process reference model provided in ISO/IEC TR 20000-4:2010 is a logical representation of the elements of the processes within service management that can be performed at a basic level. Using the reference model in a practical application might require additional elements suited to the environment and circumstances. The process reference model specified in ISO/IEC TR 20000-4:2010 describes at an abstract level the processes including the general service management system processes implied by ISO/IEC 20000-1. Each process of this process reference model is described in terms of a purpose and outcomes. The process reference model does not attempt to place the processes in any specific environment nor does it predetermine any level of process capability required to achieve the ISO/IEC 20000-1 requirements. The process reference model is not intended to be used for a conformity assessment audit or process implementation reference guide. Any organization can define processes with additional elements in order to suit it to its specific environment and circumstances. The purpose and outcomes described in ISO/IEC TR 20000-4:2010 are, however, considered to be the minimum necessary to meet ISO/IEC 20000-1 requirements. Some processes address general strategic aspects of an organization. These processes have been identified in order to give coverage to all the requirements of ISO/IEC 20000-1. The process reference model does not provide the evidence required by ISO/IEC 20000-1. The process reference model does not specify the interfaces between the processes.

Technologies de l'information -- Gestion des services

General Information

Status
Withdrawn
Publication Date
24-Nov-2010
Withdrawal Date
24-Nov-2010
Current Stage
6060 - International Standard published
Start Date
16-Nov-2010
Completion Date
25-Nov-2010
Ref Project

Buy Standard

Technical report
ISO/IEC TR 20000-4:2010 - Information technology -- Service management
English language
23 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/IEC
REPORT TR
20000-4
First edition
2010-12-01
Information technology — Service
management —
Part 4:
Process reference model
Technologies de l'information — Gestion des services —
Partie 4: Modèle de référence de processus
Reference number
ISO/IEC TR 20000-4:2010(E)
ISO/IEC 2010
---------------------- Page: 1 ----------------------
ISO/IEC TR 20000-4:2010(E)
PDF disclaimer

This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but

shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In

downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat

accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.

Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation

parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In

the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2010

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or

ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2010 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 20000-4:2010(E)
Contents Page

Foreword ............................................................................................................................................................iv

Introduction.........................................................................................................................................................v

1 Scope......................................................................................................................................................1

2 Normative references............................................................................................................................1

3 Terms and definitions ...........................................................................................................................1

4 Overview of the PRM.............................................................................................................................1

5 Process descriptions ............................................................................................................................2

5.1 General ...................................................................................................................................................2

5.2 Audit........................................................................................................................................................3

5.3 Budgeting and accounting for IT services..........................................................................................4

5.4 Business relationship management....................................................................................................4

5.5 Capacity management ..........................................................................................................................5

5.6 Change management ............................................................................................................................5

5.7 Configuration management..................................................................................................................6

5.8 Human resource management.............................................................................................................6

5.9 Improvement ..........................................................................................................................................7

5.10 Incident management and request fulfilment.....................................................................................8

5.11 Information item management .............................................................................................................9

5.12 Information security management.....................................................................................................10

5.13 Management review ............................................................................................................................10

5.14 Measurement .......................................................................................................................................11

5.15 Organizational management ..............................................................................................................12

5.16 Problem management.........................................................................................................................13

5.17 Release and deployment management.............................................................................................13

5.18 Risk management................................................................................................................................14

5.19 Service continuity and availability management .............................................................................14

5.20 Service design .....................................................................................................................................15

5.21 Service level management .................................................................................................................15

5.22 Service planning and monitoring ......................................................................................................16

5.23 Service reporting.................................................................................................................................17

5.24 Service requirements..........................................................................................................................17

5.25 Service transition ................................................................................................................................18

5.26 SMS establishment and maintenance...............................................................................................19

5.27 Supplier management.........................................................................................................................20

Annex A (informative) Statement of conformity to ISO/IEC 15504-2 ...........................................................21

Bibliography......................................................................................................................................................23

Figures

Figure 1 — Relationships between relevant documents................................................................................v

Figure 2 — Processes in the process reference model .................................................................................2

© ISO/IEC 2010 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TR 20000-4:2010(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International

Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as

an International Standard requires approval by at least 75 % of the national bodies casting a vote.

In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report

of one of the following types:

⎯ type 1, when the required support cannot be obtained for the publication of an International Standard,

despite repeated efforts;

⎯ type 2, when the subject is still under technical development or where for any other reason there is the

future but not immediate possibility of an agreement on an International Standard;

⎯ type 3, when the joint technical committee has collected data of a different kind from that which is

normally published as an International Standard (“state of the art”, for example).

Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether

they can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to

be reviewed until the data they provide are considered to be no longer valid or useful.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

ISO/IEC TR 20000-4, which is a Technical Report of type 2, was prepared by Joint Technical Committee

ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering.

ISO/IEC TR 20000 consists of the following parts, under the general title Information technology — Service

management:
⎯ Part 1: Service management system requirements
⎯ Part 2: Code of practice

⎯ Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 [Technical Report]

⎯ Part 4: Process reference model [Technical Report]
⎯ Part 5: Exemplar implementation plan for ISO/IEC 20000-1 [Technical Report]

Process assessment model for service management will form the subject of a future Part 8.

iv © ISO/IEC 2010 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TR 20000-4:2010(E)
Introduction

The purpose of this part of ISO/IEC 20000 is to facilitate the development of a process assessment model

(PAM) that will be described in ISO/IEC TR 15504-8.

ISO/IEC 15504-2 describes the requirements for the conduct of an assessment and a measurement scale for

assessing process capability. ISO/IEC 15504-1 describes the concepts and terminology used for process

assessment.

This process reference model (PRM) is a logical representation of the elements of the processes within

service management. Using the PRM in a practical application might require additional elements suited to the

environment and circumstances.

The PRM specified in this part of ISO/IEC 20000 describes at an abstract level the processes including the

general service management system (SMS) processes implied by ISO/IEC 20000-1. Each process of this

PRM is described in terms of a purpose and outcomes. The PRM does not attempt to place the processes in

any specific environment nor does it pre-determine any level of process capability required to fulfil the

ISO/IEC 20000-1 requirements. The PRM is not intended to be used for a conformity assessment audit or

process implementation reference guide.

The relationships between ISO/IEC 20000-1, ISO/IEC TR 24774, ISO/IEC TR 20000-4, ISO/IEC 20000-8,

ISO/IEC TR 15504-8 and ISO/IEC 15504-2 are shown in Figure 1.
ISO/IEC 20000-1 – Service ISO/IEC TR 24774 – Guidelines for
management system requirements process definition
provides requirements
informs
ISO/IEC TR 20000-4 – Service
management – Process reference model
provides description of
processes assessed by
ISO/IEC 15504-2 – Performing ISO/IEC TR 20000-8/
provides requirements
an assessment ISO/IEC TR 15504-8 – An
for assessment
exemplar assessment model for
service management processes
Figure 1 — Relationships between relevant documents

Any organization can define processes with additional elements in order to suit it to its specific environment

and circumstances. The purposes and outcomes described in this part of ISO/IEC 20000 are, however,

considered to be the minimum necessary to meet ISO/IEC 20000-1 requirements. Some processes cover

general strategic aspects of an organization. These processes have been identified in order to give coverage

to all the requirements of ISO/IEC 20000-1.

The PRM does not provide the evidence required by ISO/IEC 20000-1. The PRM does not specify the

interfaces between the processes.
© ISO/IEC 2010 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC TR 20000-4:2010(E)

This part of ISO/IEC 20000 contains a PRM for IT service management with description of processes in

Clause 5. Annex A provides the statement of conformity for this part of ISO/IEC 20000 in accordance with

ISO/IEC 15504-2, Information technology — Process assessment — Part 2: Performing an assessment.

vi © ISO/IEC 2010 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/IEC TR 20000-4:2010(E)
Information technology — Service management —
Part 4:
Process reference model
1 Scope

This part of ISO/IEC 20000 defines a process reference model comprising a set of processes, described in

terms of process purpose and outcomes that demonstrate coverage of the requirements of ISO/IEC 20000-1.

2 Normative references

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced

document (including any amendments) applies.

ISO/IEC 20000-1, Information technology — Service management — Part 1: Service management system

requirements

ISO/IEC 15504-1, Information technology — Process assessment — Part 1: Concepts and vocabulary

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 20000-1 and ISO/IEC 15504-1

apply.
4 Overview of the PRM

This clause describes the structure of the process reference model in the context of a management system to

direct and control a service provider with regard to delivery of services to meet the business needs and

customer requirements.

Figure 2 identifies the processes derived from ISO/IEC 20000-1 requirements, which are included in this PRM

for Information technology – Service management.
© ISO/IEC 2010 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/IEC TR 20000-4:2010(E)
Customers Customers
Service management system (SMS)
(and (and
interested interested
Plan
parties) parties)
SMS general processes
Organizational management Improvement
SMS establishment and maintenance Human resource management
Management review Risk management
Audit Information item management
Measurement
Design and transition of new or changed services processes
Requirements
Service requirements Service planning and monitoring
Service
Service design Service transition
Service delivery processes
Do Act
Capacity management Service level management Information security
management
Service reporting
Service continuity and
availability management Budgeting & accounting
for services
Control processes
Configuration management
Change management
Release & deployment management
Resolution processes Relationship processes
Incident management and Business relationship management
request fulfilment
Supplier management
Problem management
Check
Figure 2 — Processes in the process reference model
5 Process descriptions
5.1 General
Each process in the PRM has the following descriptive elements.

a) Name: the name of a process is a short noun phrase that summarizes the scope of the process,

identifying the principal concern of the process, and distinguishes it from other processes within the scope

of the process reference model.

b) Context: for each process a brief overview describes the intended context of the application of the

process.

c) Purpose: the purpose of the process is a high level, overall goal for performing the process.

d) Outcomes: an outcome is an observable result of the successful achievement of the process purpose.

Outcomes are measurable, tangible, technical or business results that are achieved by a process.

Outcomes are observable and assessable.

e) Requirements traceability: the outcomes are based on the requirements of ISO/IEC 20000-1. The

references identify the applicable subclauses of ISO/IEC 20000-1, the subclause heading, and the

outcomes that are supported.

In Clauses 5.2 to 5.27 all entries in the requirements traceability row end with numbers in square brackets,

(i.e. [n]). Each number in the square brackets is a reference to a numbered outcome. These outcomes are

2 © ISO/IEC 2010 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC TR 20000-4:2010(E)

directly linked to the requirements of ISO/IEC 20000-1. The referencing is illustrated by example 1, given

below.

Some outcomes are shown in square brackets. These are only indirectly linked to requirements of

ISO/IEC 20000-1. The outcomes in square brackets are not referenced by any of the entries in the

requirements traceability row. These additional outcomes have been included because they are necessary in

order for this PRM to act as the basis of the PAM ISO/IEC 15504-8. With these additional outcomes, the

process is complete and the process purpose can be achieved. This is illustrated by example 2, below. Cross-

references are made to both the first edition (1ED) and second edition (2ED) of ISO/IEC 20000-1 for the same

reason.
EXAMPLE 1
The second requirements traceability entry in Clause 5.2 is:
20000 1ED IS 04.4.1 Continual improvement (Act): Policy [5]).
The [5] is a reference to outcome 5 in the previous row of Clause 5.2.

Outcome 5. is: nonconformities are communicated to those responsible for corrective action and resolution.

EXAMPLE 2
The first outcome requirements traceability entry in Clause 5.5 is:

1. [current and future capacity and performance requirements are identified and agreed;]

The entries in the requirements traceability row for Clause 5.5 includes references to only outcomes 2-5.

5.2 Audit
Name Audit

Context Audits assess whether the SMS is effectively established and maintained, and whether the SMS and the

services conform to the requirements established by the service provider. Planning for an audit takes into

account the importance of the services, processes and areas to be audited, and the results of previous

audits.

Purpose The purpose of the audit process is to independently determine conformity of selected services, products

and processes to the requirements, plans and agreements, as appropriate.
Outcomes As a result of successful implementation of this process:
1. the scope and purpose of each audit is defined [and agreed];

2. the objectivity and impartiality of the conduct of audits and selection of auditors are assured;

3. conformity of selected services, products and processes with requirements, plans and agreements is

determined;
4. nonconformities are recorded;

5. nonconformities are communicated to those responsible for corrective action and resolution;

6. corrective actions for nonconformities are verified.

Requirements 20000-1 1ED IS 04.3 Monitoring, measuring and reviewing (Check) [1,2,4,5]

traceability
20000-1 1ED IS 04.4.1 Continual improvement (Act): Policy [5]
20000-1 2ED DRAFT 4.5.5.1 General [4]
20000-1 2ED DRAFT 4.5.5.2 Internal audit [1,2,5,6]
20000-1 2ED DRAFT 6.6.1 Information security policy [3]
20000-1 2ED DRAFT 9.1 Configuration management [4]
© ISO/IEC 2010 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/IEC TR 20000-4:2010(E)
5.3 Budgeting and accounting for IT services
Name Budgeting and accounting for IT services

Context Budgeting covers predicting and controlling the spending of money and the monitoring and adjusting of

budgets. Accounting identifies the costs of delivering IT services, comparing these with budgeted costs,

and managing variance from the budget. All accounting practices need to be aligned to the wider

accountancy practices of the whole of the service provider’s organization.

Purpose The purpose of the budgeting and accounting for IT services process is to budget and account for service

provision.
Outcomes As a result of successful implementation of this process:
1. costs of service provision are estimated;
2. budgets are produced using cost estimates;
3. deviations from the budget and costs are controlled;
4. deviations from the budget are resolved;
5. deviations from the budget and costs are communicated to interested parties.

Requirements 20000-1 1ED IS 06.4 Budgeting and accounting for IT services [1,2,3,4,5]

traceability
20000-1 2ED DRAFT 6.4 Budgeting and accounting for services [1,2,3,4,5]
5.4 Business relationship management
Name Business relationship management

Context This process enables a service provider to build a good relationship with its customers by understanding

the business environment in which the services operate. This understanding enables the service provider

to identify the needs of the customers, respond to these needs and manage the expectations of

customers and interested parties.

Purpose The purpose of the business relationship management process is to identify and manage customer needs

and expectations.
Outcomes As a result of successful implementation of this process:
1. customers and interested parties are identified;
2. the needs and expectations of customers are identified and monitored;
3. communication with the customer is planned and implemented;
4. service performance is monitored;

5. changes to the scope of the services, service level agreements (SLAs) and contracts are identified;

6. service complaints are recorded and managed through their life cycle to closure;

7. service complaints which are not resolved through normal channels are escalated;

8. customer satisfaction is measured and analysed;

9. [customer satisfaction analysis results are communicated to interested parties.]

Requirements 20000-1 1ED IS 06.1 Service level management [4]
traceability
20000-1 1ED IS 06.3 Service continuity and availability management [4]
20000-1 1ED IS 07.2 Business relationship management [1,2,3,4,5,6,7,8]
20000-1 1ED IS 08.3 Problem management [4]
20000-1 2ED DRAFT 6.1 Service level management [4]
20000-1 2ED DRAFT 6.3 Service continuity and availability management [4]
20000-1 2ED DRAFT 7.1 Business relationship management [1,2,3,4,5,6,7,8]
20000-1 2ED DRAFT 8.1 Incident management and request fulfilment [4]
20000-1 2ED DRAFT 8.2 Problem management [4]
20000-1 2ED DRAFT 9.2 Change management [4]
4 © ISO/IEC 2010 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC TR 20000-4:2010(E)
5.5 Capacity management
Name Capacity management

Context This process ensures that there are sufficient resources and capacity to meet current and future agreed

requirements in a cost effective and timely manner. The process enables a service provider to provide

sufficient resources across an entire service in order to deliver the agreed service performance and meet

the service level targets.

Purpose The purpose of the capacity management process is to ensure that the service provider has service

capacity to meet current and future agreed requirements.
Outcomes As a result of successful implementation of this process:

1. [current and future capacity and performance requirements are identified and agreed;]

2. a capacity plan is developed based on the capacity and performance requirements;

3. capacity is provided to meet current capacity and performance requirements;
4. capacity usage is monitored, analysed and performance is tuned;
5. capacity is prepared to meet future capacity and performance needs;
6. changes to capacity and performance are reflected in the capacity plan.
Requirements 20000-1 1ED IS 06.5 Capacity management [2]
traceability
20000-1 2ED DRAFT 6.5 Capacity management [2,3,4,5,6]
5.6 Change management
Name Change management

Context Changes to services, their applications and infrastructure, are planned and controlled to ensure timeliness

without unnecessary disruption. Unintended effects of changes are remedied.

Purpose The purpose of the change management process is to ensure all changes are assessed, approved,

implemented and reviewed in a controlled manner.
Outcomes
As a result of successful implementation of this process:
1. change requests are recorded and classified;
2. change requests are assessed using defined criteria;
3. change requests are approved before changes are developed and deployed;

4. a schedule of changes and releases is established and communicated to interested parties;

5. approved changes are developed and tested;
6. unsuccessful changes are reversed or remedied.
20000-1 1ED IS 05 Planning and implementing new or changed services [3]
Requirements
traceability
20000-1 1ED IS 06.1 Service level management [1]
20000-1 1ED IS 06.3 Service continuity and availability management [2]
20000-1 1ED IS 06.4 Budgeting and accounting for IT services [1]
20000-1 1ED IS 06.6 Information security management [2]
20000-1 1ED IS 07.2 Business relationship management [1,5]
20000-1 1ED IS 07.3 Supplier management [1]
20000-1 1ED IS 08.3 Problem management [1]
20000-1 1ED IS 09.2 Change management [1,2,3,4,5]
20000-1 1ED IS 10.1 Release management [2,4]

20000-1 2ED DRAFT 5.2 Plan the design, development and transition of new or changed services [2]

20000-1 2ED DRAFT 6.1 Service level management [1]
20000-1 2ED DRAFT 6.3 Service continuity and availability management [2]
20000-1 2ED DRAFT 6.6.3 Information security changes and incidents [2]
20000-1 2ED DRAFT 7.1 Business relationship management [1]
20000-1 2ED DRAFT 7.2 Supplier management [1]
20000-1 2ED DRAFT 8.2 Problem management [1]
20000-1 2ED DRAFT 9.2 Change management [1,2,3,4,5,6]
20000-1 2ED DRAFT 9.3 Release and deployment management [4]
© ISO/IEC 2010 – All rights reserved 5
---------------------- Page: 11 ----------------------
ISO/IEC TR 20000-4:2010(E)
5.7 Configuration management
Name Configuration management

Context This process is concerned with establishing and maintaining the integrity of service components to enable

effective control of the services.

Purpose The purpose of the configuration management process is to establish and maintain the integrity of all

identified service components.
Outcomes
As a result of successful implementation of this process:
1. items requiring configuration management are identified;

2. the status of configuration items and modifications are recorded and reported;

3. changes to items under configuration management are controlled;
4. the integrity of systems, services and service components is assured;
5. the configuration of released items is controlled.
Requirements 20000-1 1ED IS 06.1 Service level management [1]
traceability
20000-1 1ED IS 07.3 Supplier management [1]
20000-1 1ED IS 09.1 Configuration management [1,2,3,4,5]
20000-1 2ED DRAFT 6.1 Service level management [1]
20000-1 2ED DRAFT 7.2 Supplier management [1]
20000-1 2ED DRAFT 9.1 Configuration management [1,2,3,4,5]
20000-1 2ED DRAFT 9.2 Change management [3]
5.8 Human resource management
Name
Human resource management

Context The scope of the human resource management process is limited to identifying and developing the

competencies of individuals in relation to their service management activities and the process needs of

the organization. This process specifically excludes other related and commonly accepted aspects of

human resource management such as health and safety, security, and laws or regulations on the fairness

of recruitment and employment practices.

Purpose The purpose of the human resource management process is to provide the organization with necessary

human resources and to maintain their competencies, consistent with business needs and service

requirements.
Outcomes As a result of successful implementation of this process:

1. the competencies required by the organization for service provision are identified;

2. identified competency gaps are filled through training or recruitment;
3. individual competencies and their development are monitored;

4. each individual demonstrates their understanding of their role in achieving service management

objectives.
Requirements 20000-1 1ED IS 03.3 Competence, awareness and training [2,3,4]
traceability
20000-1 2ED DRAFT 4.4.2.1 General [1]
20000-1 2ED DRAFT 4.4.2.2 Competence, awareness and training [1,2,3,4]
6 © ISO/IEC 2010 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/IEC TR 20000-4:201
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.