ISO/IEC 30105-1:2016

INTERNATIONAL ISO/IEC
STANDARD 30105-1
First edition
2016-11-15
Information technology — IT
Enabled Services-Business Process
Outsourcing (ITES-BPO) lifecycle
processes —
Part 1:
Process reference model (PRM)
Technologies de l’information — Processus du cycle de vie de la
délocalisation du processus d’affaires des services activés par IT —
Partie 1: Modèle de référence du processus (PRM)
Reference number
ISO/IEC 30105-1:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC 30105-1:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 30105-1:2016(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview of process reference model . 1
5 Process reference model . 4
5.1 Strategic enablement processes . 4
5.2 Relationship processes . 5
5.3 Solution processes . 6
5.4 Transition in processes . 7
5.5 Service delivery processes .11
5.6 Transition out process .13
5.7 Tactical enablement processes.13
5.8 Operational enablement processes .17
Annex A (informative) Statement of conformity to ISO/IEC 33004 .22
Bibliography .24
© ISO/IEC 2016 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 30105-1:2016(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 40, IT Service Management and IT Governance.
A list of parts in the ISO/IEC 30105- series can be found on the ISO website.
iv © ISO/IEC 2016 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 30105-1:2016(E)

Introduction
ITES-BPO services encompass the delegation of one or more IT-enabled business processes to a
service provider who uses appropriate technology to deliver service. Such a service provider manages,
delivers, improves and administers the outsourced business processes in accordance with predefined
and measurable performance metrics. This covers diverse business process areas such as finance,
human resource management, administration, health care, banking and financial services, supply
chain management, travel and hospitality, media, market research, analytics, telecommunication,
manufacturing, etc. These services provide business solutions to customers across the globe and form
part of the core service delivery chain for customers.
ISO/IEC 30105 (all parts) specifies the lifecycle processes requirements involved in the ITES-BPO
industry.
— It provides an overarching standard for all aspects of ITES-BPO industry from the view of the
service provider that performs the outsourced business processes. This is applicable for any ITES-
BPO service provider providing services to customers through contracts and in industry verticals.
— It covers the entire outsourcing lifecycle and defines the processes that are considered to be good
practices.
— It is an improvement standard that enables risk determination and improvement for service
providers performing outsourced business processes. It also serves as a process reference model
for service providers.
— It focuses on IT-enabled business processes which are outsourced.
— It is generic and can be applied to all IT-enabled business process outsourced services, regardless of
type, size and the nature of the services delivered.
— Process improvement implemented using ISO/IEC 30105 (all parts) can lead to clear return on
investment for customers and service providers.
— Alignment to ISO/IEC 30105 (all parts) can improve consistency, delivery quality and predictability
in delivery of services.
Figure 1 illustrates the key entities and relationships involved in ITES-BPO service. It includes the
customer, the ITES-BPO service provider and various levels of suppliers. This is as per the supply chain
relationship depicted in ISO/IEC 20000-1:2011, 7.2.
Figure 1 — ITES-BPO key entities
This document details the PRM. It contains process definitions across the lifecycle described in terms
of process context, purpose and outcomes, together with a framework defining relationships between
the processes.
© ISO/IEC 2016 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 30105-1:2016(E)

The process purpose details the high level objective of performing the process such that implementation
of the process leads to tangible benefits for stakeholders. The process outcomes are clearly defined by
observable results and aligned to the business benefits derived by the customer and service provider.
vi © ISO/IEC 2016 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO/IEC 30105-1:2016(E)
Information technology — IT Enabled Services-Business
Process Outsourcing (ITES-BPO) lifecycle processes —
Part 1:
Process reference model (PRM)
1 Scope
ISO/IEC 30105 specifies the lifecycle process requirements performed by the IT-enabled business
process outsourcing service provider for the outsourced business processes. It defines the processes to
plan, establish, implement, operate, monitor, review, maintain and improve its services. This document:
— covers IT-enabled business processes that are outsourced;
— is not intended to address IT processes but includes references to them at key touchpoints for
completeness;
— is applicable to the service provider, not to the customer;
— is applicable to all lifecycle processes of ITES-BPO;
— serves as a process reference model for organizations providing ITES-BPO services.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33004:2015, Information technology — Process assessment — Requirements for process reference,
process assessment and maturity models.
3 Terms and definitions
For the purposes of this document, the terms and definition given in ISO/IEC TR 20000-10,
ISO/IEC 30105-4, and ISO/IEC 33001 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
4 Overview of process reference model
ISO/IEC 33004 requires that processes included in a process reference model satisfy the following.
Annex A provides detailed requirements as per ISO/IEC 33004.
© ISO/IEC 2016 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC 30105-1:2016(E)

A process description shall meet the following requirements:
a) a process shall be described in terms of its purpose and outcomes;
b) the set of process outcomes shall be necessary and sufficient to achieve the purpose of the process;
c) process descriptions shall not contain or imply aspects of the process quality characteristic beyond the
basic level of any relevant process measurement framework conformant with ISO/IEC 33003.
Each process in the PRM has the following descriptive elements.
a) Name: the name of a process is a short noun phrase that summarizes the scope of the process,
identifying the principal concern of the process, and distinguishes it from other processes within
scope of the process reference model.
b) Context: for each process, a brief overview describes the intended context of the application of the
process.
c) Purpose: the purpose of the process is a high level and overall goal for performing the process.
d) Outcomes: an outcome is an observable result of the successful achievement of the process
purpose. Outcomes are measurable, tangible technical or business results that are achieved by a
process. They are observable and assessable.
Figure 2 lists the processes from this document that are included in the process dimension of the
process assessment model for ITES-BPO. It includes all aspects of an ITES-BPO outsourced service,
from developing an ITES-BPO solution through service delivery and to transitioning out. It includes the
leadership, relationship management and enabling processes which support the outsourced business
across its lifecycle.
Figure 2 — ITES-BPO lifecycle process categories
The ITES-BPO process categories are as follows.
— Strategic enablement processes: include strategic direction and review of the business
performance against plan for the service provider organization and Innovation process to bring in
breakthrough changes.
2 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC 30105-1:2016(E)

— Relationship processes: cover the relationship of the service provider with the customer and the
suppliers.
— Solution processes: include details on how the ITES-BPO solution is envisaged and the contract
developed and managed.
— Transition in processes: cover the movement of business process delivery from the customer to
the service provider, establishing the required management, people and infrastructure capability,
and concluding with piloting the transitioned service.
— Service delivery processes: include all the processes that are required for the day-to-day
management and delivery of ITES-BPO services.
— Transition out process: covers the movement of the business process delivery back to the customer
or to a different service provider.
— Tactical enablement processes: involve a set of processes that enables achievement of the objective
of the core service delivery processes. These are tactical in nature.
— Operational enablement processes: involve a set of processes that ensures day–to-day operations
of service delivery are supported and are performed alongside the service delivery processes.
Figure 3 shows process categories and processes in the ITES-BPO lifecycle.
Figure 3 — ITES-BPO lifecycle process categories and processes
© ISO/IEC 2016 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/IEC 30105-1:2016(E)

The ITES-BPO processes and the categories described in Figure 3 are not based on any particular
service provider and it is not mandated to implement them.
The purpose of a process reference model is to define a set of processes that collectively can support
the primary aims of a community of interest. A process reference model can provide the basis for one
or more process assessment models. Process assessment models use the same process descriptions
provided in the process reference model. Figure 4 shows the relationship with the assessment process,
measurement framework, and organization maturity model that enable process capability assessment
and organization maturity determination.
Figure 4 — Interrelationship across the parts of ISO/IEC 30105
5 Process reference model
5.1 Strategic enablement processes
There are two processes under this category:
a) SEN1: Strategic planning and direction setting;
b) SEN2: Innovation management.
4 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC 30105-1:2016(E)

SEN1: Strategic planning and direction setting
Name Strategic planning and direction setting
This process covers establishing business objectives and strategies for the service provid-
er. This involves analysing the external environment and finalizing the strategic goals. It
Context includes defining the market, developing the offerings, building the strategic assets and
preparing the organization for service delivery in line with the business objectives of the
service provider.
The purpose of the SEN1 process is to define and share business objectives, strategies and
Purpose
the organizational road map to achieve these business objectives.
As a result of the successful implementation of this process:
a) business objectives, direction and strategies are defined and shared to the organization
and relevant stakeholders;
b) business objectives, direction and strategies are defined for service offerings of the ser-
Outcomes
vice provider;
c) implementation plans are defined to achieve business objectives, direction and strategies;
d) strategic roadmaps are developed within the constraints of the service provider re-
sources.
SEN2: Innovation management
Name Innovation management
This process covers the new or different ways of delivering improved and enhanced services
for the benefit of the customer and service provider. Innovation differs from improvement
Context
in that innovation refers to an organization performing differently rather than doing the
same thing better.
The purpose of the SEN2 process is to plan and implement programmes to make major
Purpose
changes to business processes leading to significant benefits by deploying innovation.
As a result of the successful implementation of this process:
a) an innovation framework is created at an organization level;
b) a measurement framework is established;
c) a deployment strategy is defined at an organization and process level;
d) the major change (innovation) is executed and progress is monitored and reviewed
Outcomes
against expected outcomes;
e) the customer organization is involved as appropriate;
f) progress is communicated to stakeholders;
g) the impact of changes, issues and improvements on innovation management policy and
measures is analysed and reported.
5.2 Relationship processes
There are two processes under this category:
a) RLS1: Customer relations management;
b) RLS2: Supplier management.
© ISO/IEC 2016 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO/IEC 30105-1:2016(E)

RLS1: Customer relations management
Name Customer relations management
This process covers the management of customer relations and it includes the definition, un-
derstanding, and management of agreed customer requirements, measurement of customer
satisfaction, management of customer complaints and/or escalations and overall manage-
Context
ment of the well-being of the relationship.
NOTE  Similar to ISO/IEC TR 20000-4, but aligned to requirements of ITES-BPO.
The purpose of the RLS1 process is to identify and manage customer relations, including the
Purpose management of customer requirements and customer expectations, to improve the level of
customer satisfaction.
As a result of successful implementation of this process:
a) all customers, users and stakeholders are identified and defined;
b) customer requirements and expectations are identified, reviewed and agreed;
c) customer satisfaction is measured, analysed and communicated to relevant stakeholders;
Outcomes
d) customer escalations and complaints are recorded, tracked and resolved;
e) updates, escalations, complaints, and actions taken are communicated to relevant stake-
holders;
f) actions to improve customer satisfaction are identified, recorded and tracked until closure.
RLS2: Supplier management
Name Supplier management
This process covers the engagement between the service provider and their suppliers. It
ensures that commitments are in line with customer requirements. It enables the service
Context
provider to manage suppliers to meet their contractual obligations and commitments.
NOTE  Similar to ISO/IEC TR 20000-4, but aligned to requirements of ITES-BPO.
The purpose of the RLS2 process is to select and manage suppliers to provide the required
Purpose
service as per the requirements.
As a result of the successful implementation of this process:
a) suppliers are selected for specific products or services;
b) relationships between the service provider and suppliers are managed;
c) services to be provided are negotiated with each supplier;
d) roles and relationships between suppliers are determined;
Outcomes e) supplier obligations to meet service requirements, including security and privacy
standards, are monitored and managed;
f) supplier performance against agreed criteria is monitored and managed;
g) corrective and preventive actions are identified and tracked to closure for performance
deviations;
h) service level requirements remain in line with overall committed customer needs or
are actively managed where not.
5.3 Solution processes
There are two processes under this category:
a) SLN1: Solution development;
b) SLN2: Contract lifecycle management.
6 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 12 ----------------------
ISO/IEC 30105-1:2016(E)

SLN1: Solution development
Name Solution development
Context This process covers the development of a solution to meet customer requirements.
The purpose of the SLN1 process is to develop solutions that meet the identified
Purpose
customer requirements within known constraints.
As a result of the successful implementation of this process:
a) customer requirements and known constraints are defined;
b) a project plan is developed for transition and delivery of the required out-
sourced business processes;
Outcomes
c) solutions are identified for the transition and the delivery of services that meet
agreed current and future business needs;
e) customer success criteria are clearly defined;
f) solutions are formally accepted by the customer.
SLN2: Contract lifecycle management
Name Contract lifecycle management
This process covers the negotiation, renegotiation, agreement and ongoing man-
Context
agement of contractual requirements between the customer and service provider.
The purpose of the SLN2 process is to develop, agree and manage a contract includ-
Purpose ing mutually agreed terms and conditions against which the contracting parties
perform their obligations.
As a result of the successful implementation of this process:
a) goals and objectives of the contracting parties are aligned;
b) obligations of the contracting parties are agreed;
c) risks are clarified and agreed between the contracting parties;
d) mutually satisfactory due diligence is achieved;
Outcomes
e) service level and customer satisfaction targets are agreed;
f) contracts are accepted and signed by contracting parties;
g) contract changes are assessed, recorded, tracked and actioned;
h) expirations and renewals are assessed, recorded, tracked and actioned;
i) metrics are measured, alignment to all contracted targets assessed and correc-
tive action put in place to address any deviations.
5.4 Transition in processes
There are six processes under this category:
a) TRN1: People mobilization;
b) TRN2: Infrastructure set up — technology;
c) TRN3: Infrastructure set up — non-technology;
d) TRN4: Knowledge transfer;
e) TRN5: Service delivery planning;
f) TRN6: Pilot implementation.
© ISO/IEC 2016 – All rights reserved 7

---------------------- Page: 13 ----------------------
ISO/IEC 30105-1:2016(E)

TRN1: People mobilization
Name People mobilization
This process covers provision of sufficient experienced human resources capacity and
capability to meet the service delivery requirements. It involves identification, sourcing, se-
lection, recruitment, training and ongoing development of people with the skills, experience
Context and capabilities in the right numbers to meet the contracted service delivery requirements.
Sourcing may include recruitment or the transfer of employees from any existing pool of
resources. Where this transfer is between organizations, this will be in line with relevant
laws and regulations.
The purpose of the TRN1 process is to mobilize the required number of people with the
Purpose required skills and experience to meet the identified service delivery requirements and the
transition timescales.
As a result of the successful implementation of this process:
a) required human resource levels and skill sets are determined based on agreed solutions;
b) human resources are identified and recruited to meet requirements;
c) human resources requirements mandated by the customer are verified;
d) induction activities are completed within the transition timescales;
e) skill sets of transferring resources are verified;
Outcomes f) skill sets are enhanced to meet service delivery requirements;
g) continual professional development requirements are identified and assessed, recorded,
tracked and met;
h) transfer of employees is managed in line with relevant regulatory requirements;
i) delivery organization structures, roles and responsibilities and competencies are defined
and communicated;
j) people mobilization activities are accepted by the customer in accordance with the ac-
ceptance criteria.
TRN2: Infrastructure set up — technology
Name Infrastructure set up — technology
Context This process covers the planning, design, validation, testing and implementation of tech-
nology infrastructure requirements for customer service delivery in line with contractual
obligations. Technology infrastructure requirements include connectivity, access to service
delivery applications, provision of hardware and software for service delivery, and informa-
tion technology-related controls, as required by the customer organization.
Purpose The purpose of the TRN2 process is to set up the technology infrastructure to meet the
service delivery requirements.
As a result of the successful implementation of this process:
a) technology infrastructure requirements, as appropriate, are identified, planned, validated,
tested and implemented in line with the service delivery requirements and transition plan;
b) technology infrastructure requirements are implemented and configured in line with
security and compliance requirements, limiting access to authorized persons based on role
Outcomes
provisioning and authorization;
c) performance relating to the technology infrastructure are defined, measured, reviewed,
improved and reported;
d) technology infrastructure is agreed by the customer in accordance with the acceptance
criteria.
8 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 14 ----------------------
ISO/IEC 30105-1:2016(E)

TRN3: Infrastructure set up — non-technology
Name Infrastructure set up — non-technology
This process covers the planning, design, validation, testing and implementation of the
non-technology infrastructure requirements for service delivery in line with contractual
obligations. Non-technology infrastructure requirements include but may not be limited
Context to: office space, furniture, transportation, cafeteria, health and safety and Corporate Social
Responsibility requirements to meet the customer service delivery requirements. This also
includes requirements for special working arrangements such as: transport, cafeteria, med-
ical and other support services during non-standard working hours.
The purpose of the TRN3 process is to set up the non-technology infrastructure to meet the
Purpose
service delivery requirements.
As a result of the successful implementation of this process:
a) non-technology infrastructure requirements are identified in line with service delivery
requirements and transition plan;
b) non-technology infrastructure is planned, selected and implemented in line with service
delivery requirements;
Outcomes
c) non-technology infrastructure is tested and validated in line with service delivery re-
quirements;
d) non-technology facilities for special working arrangements are established;
e) non-technology infrastructure is agreed by the customer in accordance with the accept-
ance criteria.
TRN4: Knowledge transfer
Name Knowledge transfer
This process covers the assessment, documentation and transfer of knowledge of the cus-
Context tomer’s business processes, operating model and data to the service delivery organization to
meet the service delivery requirements.
The purpose of the TRN4 process is to ensure the knowledge of business process, operations
Purpose and information gets transferred between the customer’s organization or current service
provider and the new service provider.
As a result of the successful implementation of this process:
a) scope of required knowledge is identified;
b) knowledge transfer plan is defined;
Outcomes
c) required knowledge assets are created or collected;
d) human resources attain required knowledge to deliver the service;
e) knowledge transfer completion is agreed by the customer and the service provider in
accordance with the acceptance
...