ISO/IEC TR 20000-5:2013
(Main)Information technology — Service management — Part 5: Exemplar implementation plan for ISO/IEC 20000-1
Information technology — Service management — Part 5: Exemplar implementation plan for ISO/IEC 20000-1
ISO/IEC TR 20000-5:2013 is an exemplar implementation plan providing guidance on how to implement a service management system (SMS) to fulfil the requirements of ISO/IEC 20000-1:2011. The intended users of ISO/IEC TR 20000-5:2013 are service providers, but it can also be useful for those advising service providers on how to implement an SMS. ISO/IEC TR 20000-5:2013 includes advice for service providers on a suitable order in which to plan, implement and improve an SMS using, as an example, a generic three-phased approach to manage the implementation. The service provider can choose their own sequence to implement the SMS. Also included is advice on the development of a business case, the project initiation and other activities that are recommended for the implementation to be successful. The phases described in ISO/IEC TR 20000-5:2013 do not include changes to the intended scope of the service provider's SMS. The scope itself is not subject to phased changes as a result of adopting the advice in ISO/IEC TR 20000-5:2013. Instead, each phase should improve the SMS in alignment with the service provider's agreed scope, building on the results of the previous phase. The main activities for the development of the business case and initiation of the implementation project are shown. The main activities to implement the SMS based on ISO/IEC 20000-1:2011, in three phases, are listed. Many of the activities described in ISO/IEC TR 20000-5:2013 are intended to be met by actions over more than one phase, with each phase building upon the achievements of the earlier phase. Once the final phase is completed, the service provider's organization can achieve the benefits of an SMS that meets the requirements in ISO/IEC 20000-1:2011. Supporting information for the SMS implementation project is also provided. Examples of policies to illustrate what a service provider can want to put in place are provided. Because policies depend on the organization and the strategy of the service provider, these example policies can be tailored to suit the organizational requirement. Guidance on documentation management is provided, and templates are included for some of the documents specified in ISO/IEC 20000-1:2011 that can be amended to suit individual circumstances.
Technologies de l'information — Gestion des services — Partie 5: Exemple de plan de mise en application pour l'ISO/CEI 20000-1
General Information
Relations
Standards Content (Sample)
TECHNICAL ISO/IEC
REPORT TR
20000-5
Second edition
2013-11-01
Information technology — Service
management —
Part 5:
Exemplar implementation plan for
ISO/IEC 20000-1
Technologies de l’information — Gestion des services —
Partie 5: Exemple de plan de mise en application pour l’ISO/CEI 20000-1
Reference number
ISO/IEC TR 20000-5:2013(E)
©
ISO/IEC 2013
---------------------- Page: 1 ----------------------
ISO/IEC TR 20000-5:2013(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 20000-5:2013(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Benefits of a phased approach . 1
5 Approach . 2
5.1 Overview . 2
5.2 Key considerations . 3
5.3 Understanding ISO/IEC 20000-1:2011 . 3
5.4 Scope and applicability . 3
5.5 Changes to scope . 3
5.6 Project support and commitment . 4
5.7 Gap analysis . 4
5.8 Developing the business case . 5
5.9 Implementation . 6
5.10 Project readiness . 6
5.11 Project team . 7
6 Overview of implementation phases . 7
7 Taxonomy of each phase . 9
7.1 Summary of activities in each phase . 9
7.2 Key characteristics and activities of each phase . 9
8 Post-implementation .12
8.1 Control of the SMS and improving service .12
8.2 Plan-Do-Check-Act .12
8.3 Interfaces to projects for new and changed services .13
Annex A (informative) Project initiation and business case development .14
Annex B (informative) Three phases of the implementation project.16
Annex C (informative) Developing policies.22
Annex D (informative) Documentation management.25
Annex E (informative) Templates .28
Bibliography .41
© ISO/IEC 2013 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TR 20000-5:2013(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the national bodies
casting a vote.
In exceptional circumstances, when the joint technical committee has collected data of a different kind
from that which is normally published as an International Standard (“state of the art”, for example), it
may decide to publish a Technical Report. A Technical Report is entirely informative in nature and shall
be subject to review every five years in the same manner as an International Standard.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 20000-5 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This second edition cancels and replaces the first edition (ISO/IEC TR 20000-5:2010), which has been
technically revised. The major differences are changes in terminology to reflect international usage and
realignment to the second edition of ISO/IEC 20000-1:2011.
ISO/IEC 20000 consists of the following parts, under the general title Information technology —
Service management:
— Part 1: Service management system requirements
— Part 2: Guidance on the application of service management systems
— Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1
— Part 4: Process reference model [Technical Report]
— Part 5: Exemplar implementation plan for ISO/IEC 20000-1 [Technical Report]
The following parts are under preparation:
— Part 6: Requirements for bodies providing audit and certification of service management systems
— Part 8: Guidance on the application of service management systems for smaller organizations
— Part 9: Guidance on the application of ISO/IEC 20000-1 to the cloud
— Part 10: Concepts and terminology
— Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks
iv © ISO/IEC 2013 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TR 20000-5:2013(E)
Introduction
ISO/IEC 20000-1:2011 specifies the requirements for a service management system (SMS) to design,
transition, deliver, manage and improve services. ISO/IEC 20000-1:2011 can be used by organizations of
all sizes, sectors, types and many different organizational structures or business models.
This part of ISO/IEC 20000 is an exemplar implementation plan providing guidance on how to implement
an SMS to fulfil the requirements specified in ISO/IEC 20000-1:2011. The intended users of this part of
ISO/IEC 20000 are service providers, but it can also be useful for those advising service providers on
how to implement an SMS.
This part of ISO/IEC 20000 includes advice for service providers on a suitable order in which to plan,
implement and improve an SMS using, as an example, a generic three-phased approach to manage the
implementation. The service provider may choose their own sequence to implement the SMS. Also
included is advice on the development of a business case, the project initiation and other activities that
are recommended for the implementation to be successful.
The phases described in this part of ISO/IEC 20000 do not include changes to the intended scope of
the service provider’s SMS. The scope itself is not subject to phased changes as a result of adopting the
advice in this part of ISO/IEC 20000. Instead, each phase should improve the SMS in alignment with the
service provider’s agreed scope, building on the results of the previous phase.
The main activities for the development of the business case and initiation of the implementation project
are shown in Annex A. A list of the main activities to implement the SMS based on the requirements
specified in ISO/IEC 20000-1:2011, in three phases, is shown in Annex B. Many of the activities described
in this part of ISO/IEC 20000 are intended to be met by actions over more than one phase, with each
phase building upon the achievements of the earlier phase. Once the final phase is completed, the service
provider’s organization can achieve the benefits of an SMS that fulfils the requirements specified in
ISO/IEC 20000-1:2011. Supporting information for the implementation project is also provided.
Annex C provides examples of policies to illustrate what a service provider can want to put in place.
Because policies depend on the organization and the strategy of the service provider, these example
policies can be tailored to suit the organizational requirement.
Annex D provides guidance on documentation management. Annex E includes templates for some of the
documents specified in ISO/IEC 20000-1:2011 that can be amended to suit individual circumstances.
© ISO/IEC 2013 – All rights reserved v
---------------------- Page: 5 ----------------------
TECHNICAL REPORT ISO/IEC TR 20000-5:2013(E)
Information technology — Service management —
Part 5:
Exemplar implementation plan for ISO/IEC 20000-1
1 Scope
This part of ISO/IEC 20000 provides guidance for an approach to implement an SMS that can fulfil the
requirements specified in ISO/IEC 20000-1:2011. This part of ISO/IEC 20000 illustrates a generic, three-
phased plan to manage implementation activities, taking into consideration the design, transition,
delivery, management and improvement of services. The service provider can tailor the phases to suit
its needs and constraints.
This part of ISO/IEC 20000 can be used together with the other parts of ISO/IEC 20000.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management
system requirements
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 20000-1:2011 apply.
4 Benefits of a phased approach
Although the demonstration of conformity to ISO/IEC 20000-1:2011 is only possible once all the
requirements of the standard are fulfilled, there can be many reasons to opt for a phased approach to
implementation. The phases are based on identification of a suitable sequence of improvements, each
designed to assist in fulfilling one or more of the requirements specified in ISO/IEC 20000-1:2011. This
can allow better and more efficient risk management than attempting to make all the improvements and
necessary changes in a single phase.
A phased approach can allow costs to be incurred over a longer period of time. This can make it easier
to fund the SMS implementation using operational budget instead of capital budget. It can also generate
benefits earlier, encouraging management commitment and funding of later phases.
Additional benefits can include:
a) allowing the service provider to gain experience with a smaller set of implementation activities,
rather than attempting everything in one big phase;
b) explaining each phase in a way that can be understood easily by all parties involved in or affected
by the changes;
c) planning the phased use of resources that can be scarce, expensive or already committed to
other projects;
d) allowing lessons learnt to be used in later phases of implementation;
© ISO/IEC 2013 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC TR 20000-5:2013(E)
e) enabling the service provider to build internal expertise to implement the project;
f) achieving key objectives of the SMS in a planned sequence.
5 Approach
5.1 Overview
To identify a suitable approach to fulfilling the requirements of ISO/IEC 20000-1:2011, the implementation
project should take into account some important factors. These factors can include the following:
Familiarity with ISO/IEC 20000
a) the understanding of ISO/IEC 20000-1:2011 principles, purpose and requirements;
b) the scope and applicability of ISO/IEC 20000-1:2011;
The customer perspective
c) the objectives and the needs of the business and customers using the services;
d) the users’ experience with the current services;
The service provider’s capabilities
e) the service provider’s business model, organizational structure and objectives;
f) the responsiveness and flexibility of the service provider when changes are necessary;
g) the expected major changes to be made by or made to the service provider;
h) other priorities of the service provider which can conflict with the requirements of
ISO/IEC 20000-1:2011;
i) the processes and contracts used to manage suppliers;
j) the service provider’s ability and readiness for the change;
The current situation
k) the support of top management;
l) the management of risks related to current and planned services;
m) the current status of the SMS;
n) the current effectiveness of service management processes;
o) the clarity and suitability of current accountabilities, authorities, roles and responsibilities;
p) the current status of the supporting service management technology;
q) the current status of participating personnel’s readiness for the change;
The expected situation
r) the need for both process and service improvement is established;
s) the financial and participating personnel’s availability for each phase or any constraints that can
affect the project;
t) the statutory and regulatory requirements and contractual obligations are known.
2 © ISO/IEC 2013 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC TR 20000-5:2013(E)
5.2 Key considerations
The service provider should ensure that the SMS is implemented with the appropriate design, transition,
delivery, management and improvement structure to facilitate the delivery and management of services
that can fulfil the service requirements. The implementation of service management processes should
support the priorities of the service provider and customers.
To attain support and goodwill from the customer, the service provider should start by establishing and
implementing those processes where the customer or the service provider experiences difficulties or
can see the most immediate benefit. In addition, the service provider should consider the impact of the
organizational change on the personnel working with or supporting the SMS. For example, the service
provider should ensure that sufficient time is allocated for communication and training. There should be
sufficient time for people to understand how their day to day activities are to change and the long term
benefits of these changes for the organization. This cannot be achieved if the implementation of the SMS
relies mainly on the production of documents and procedure descriptions. However, documents and
procedure descriptions remain important to successful implementation.
One of the risks during implementation of the SMS is that the production of documents can be
considered more important than changing the way people work. The service provider should focus on
understanding the specific context and business needs of a particular organization when implementing
the SMS. Documents and records specified in ISO/IEC 20000-1:2011 should be considered as a tool that
can support and facilitate the changes to organizational practices. They should be appropriate to the
size and complexity of the service provider’s organization.
Each phase in this part of ISO/IEC 20000 builds on the achievements of the previous phase. Each
phase facilitates important and measurable evidence of achievements against the requirements
specified in ISO/IEC 20000-1:2011. The phases described in Clause 6 of this part of ISO/IEC 20000 are
recommended but can differ from organization to organization.
5.3 Understanding ISO/IEC 20000-1:2011
The success of an SMS implementation relies on the understanding of the service provider’s
personnel regarding:
a) requirements and guidance in ISO/IEC 20000;
b) service management objectives;
c) service requirements;
d) any new or changed practices, roles or organizational structure to support the SMS.
5.4 Scope and applicability
In the planning activity, the service provider should ensure that ISO/IEC 20000-1:2011 is applicable to
the service provider’s organization. This applicability should take into account the scope of the services,
activities and the contribution of suppliers.
The service provider should perform an initial analysis to identify and agree to a suitable scope for its
SMS, using the guidance on scope definition and applicability provided in ISO/IEC 20000-3:2012.
5.5 Changes to scope
A service provider can plan to implement an SMS based on the requirements specified in
ISO/IEC 20000-1:2011 for only part of its services. The service provider can decide in the future to
expand the scope of the SMS within the organization. It should be noted that the guidance in this part of
ISO/IEC 20000 is based on the defined scope being unchanged during all three phases, not on a phased
increase in scope of the SMS. When a service provider decides to increase the scope of the SMS, it can be
useful to again follow the guidance in this part of ISO/IEC 20000 from Phase 1 for the additional scope.
© ISO/IEC 2013 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO/IEC TR 20000-5:2013(E)
Implementation timeframes can be shortened in future improvement efforts as the service provider
gains practical experience and can extend what has already been done to the larger scope.
5.6 Project support and commitment
The successful implementation of an SMS is dependent on management commitment through all phases.
Establishing management support and commitment should be achieved as soon as possible. Based on
initial analysis, a business case can help clarify understanding and establish commitment. It can help
sustain support and commitment for each phase and therefore minimize the risks to the success of the
planned changes.
Management ensures a focus on service requirements and constraints, including statutory and
regulatory requirements and contractual obligations. Additionally, management should ensure
appropriate priorities are allocated. The service provider should aim to maintain the understanding
and the involvement of all interested parties during all phases, not just during the first phase.
5.7 Gap analysis
The service provider should perform a detailed analysis to evaluate the gap between the service
provider’s current organization and the requirements specified in ISO/IEC 20000-1:2011 for the defined
scope of the SMS. This should include the identification and review of:
a) management systems that have already been established and implemented, including the scope of each;
b) existence and quality of both documents and records, including:
1) policies;
2) service management plan;
3) service management processes;
4) procedures;
5) service level agreements (SLAs);
6) supplier contracts;
7) records of service improvement achievements by the service provider and suppliers;
c) actual working practices;
d) service reviews, internal audits, conformity assessments;
e) workload characteristics and actual achievement against service targets;
f) recent or current service improvement plans;
g) complexity of the organization structure;
h) accuracy of the definitions of roles, responsibilities and authorities of the staff;
i) skills and competencies of the staff;
j) service provider’s culture;
k) any major changes planned to the organizational structure, services and/or technology;
l) relevant statutory and regulatory requirements and contractual obligations.
The level of detail at which the gap analysis is conducted should be tailored to the needs of the service
provider and of the service provider’s customers.
4 © ISO/IEC 2013 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC TR 20000-5:2013(E)
The outcome of the gap analysis exercise should be an assessment of the readiness of the service provider
to implement ISO/IEC 20000-1:2011 in terms of financial readiness, people readiness, risk readiness, etc.
5.8 Developing the business case
The business case for the SMS should include:
a) description of the business need and objectives the SMS is intended to fulfil;
b) proposed scope of the SMS;
c) constraints and assumptions affecting the SMS or the implementation;
d) qualitative and quantitative benefits of the SMS, including:
1) improvement to services or achieved service targets as a result of improved service
management processes;
2) changes to workloads, changes to processes, increased use of the service or proactive reduction
in support needs;
3) the ability to visibly support the business strategy, with opportunities to improve the efficiency
of services in all areas, leading to improvements in cost, quality and agility;
4) the ability to manage suppliers and partners more efficiently and effectively and to better
understand the dependencies, risks and interfaces of the supply chain;
5) the ability to be more responsive to customers, with services that are aligned with business
needs and customer requirements;
6) increased customer satisfaction of the delivered services demonstrating incremental improvement;
7) helping build a long term relationship between the service provider and customers and also
between the service provider and suppliers through their involvement through each phase;
8) potential cost savings, overall and unit costs;
9) direct or indirect benefits such as customer satisfaction, personnel satisfaction, reduced
business risks;
10) return on investment;
e) costs, including:
1) estimation of resources, including technology and people requirements;
2) costs and use of external resources;
f) risk assessment and recommendations for risk management covering organizational change,
financial and technical risks;
g) description of how the costs and benefits of the implemented SMS should be evaluated;
h) recommendations on formal, independent conformity assessment;
i) timescales;
j) interested parties who should be involved in or affected by the implementation;
k) proposed terms of reference;
l) project support, commitment and management.
© ISO/IEC 2013 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO/IEC TR 20000-5:2013(E)
5.9 Implementation
In order to ensure a successful implementation of the SMS, the service provider’s objectives and policies,
culture and structure should be understood. In addition, any other relevant standards, contractual obligations,
statutory and regulatory requirements that can impact the delivered services should be considered.
The appointment of a qualified project manager to lead the implementation of the SMS should be treated
as a critical aspect of a successful implementation. This person should have both appropriate project
management and service management expertise.
In addition, a group of people should be identified, including management representation, which should
have the responsibility to oversee the project, e.g. a project steering committee. The roles, authorities
and responsibilities of this group should be agreed before the project starts. Although this part of
ISO/IEC 20000 refers throughout to ‘the project’, in practice there can be several projects working
closely together during each phase of the implementation. The coordination and management of multiple
projects can be a part of this group’s responsibilities.
During the project, this group should be accountable for the implementation of the SMS.
It is important to ensure that at the end of each phase, lessons learnt are captured and provided for
the continual improvement of the SMS. Lessons learnt should be used to improve the work in the next
phase. After the last phase is completed, it is important to ensure the continual improvement of the
SMS is maintained. The group that had responsibility for the implementation of the SMS can become
responsible for the continual improvement of the established SMS or a new group can be created.
5.10 Project readiness
Based on the business case and gap analysis, the project manager should take into account the following
when developing the project plan:
a) scope of the SMS;
b) timeframe;
c) resource concerns such as:
1) skills and competence of the implementation project team;
2) accommodation, travel, facilities and tools to support the implementation;
d) funding sources for the implementation project and estimates including any known assumptions
and constraints on funding the implementation, e.g. capital expenditure not yet approved;
e) risks and issues that can cause conflicting priorities;
f) identification and early engagement of project interested parties that are recipients of the project
deliverables;
g) the service management maturity of the organization;
h) the receptiveness to change within the organization and the ability of the organization to absorb
and manage the changes successfully;
i) communication;
j) procurement;
k) review procedures for:
1) organizational and project
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.