ISO/IEC TR 20000-12:2016

TECHNICAL ISO/IEC TR
REPORT 20000-12
First edition
Information technology — IT Service
management —
Part 12:
Guidance on the relationship between
ISO/IEC 20000-1:2011 and service
management frameworks: CMMI-SVC
Technologies de l’information — Gestion des services —
Partie 12: Directives sur la relation entre l’ISO/IEC 20000-1:2011 et
les cadres de management du service: CMMI-SVC
PROOF/ÉPREUVE
Reference number
ISO/IEC TR 20000-12:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC TR 20000-12:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 20000-12:2016(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Use of ISO/IEC 20000-1:2011 and CMMI-SVC . 2
4.1 Introduction to ISO/IEC 20000-1:2011 . 2
4.2 Introduction to CMMI-SVC . 4
4.3 Relationships between ISO/IEC 20000-1:2011 and CMMI-SVC . 6
5 Correlation of CMMI-SVC to ISO/IEC 20000-1:2011 . 6
Annex A (informative) Correlation of ISO/IEC 20000-1:2011 to CMMI-SVC — Terms
and definitions .15
Annex B (informative) Summary correlation of ISO/IEC 20000-1:2011 to CMMI-SVC .28
Bibliography .31
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE iii

---------------------- Page: 3 ----------------------
ISO/IEC TR 20000-12:2016(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 40, IT Service
Management and IT Governance.
A list of all parts in the ISO/IEC 20000 series can be found on the ISO website.
iv PROOF/ÉPREUVE © ISO/IEC 2016 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TR 20000-12:2016(E)

Introduction
This document can assist readers in relating the requirements specified in ISO/IEC 20000-1:2011 to
supporting text in one of the most commonly used service management frameworks, CMMI-SVC.
Service providers can refer to this guidance as a cross-reference between the two documents to help
them to plan and implement a service management system (SMS).
ISO/IEC 20000-1:2011 is the International Standard for service management and specifies requirements
that can be used as the basis of a conformity assessment. ISO/IEC 20000-1:2011 can be used in different
ways, including:
a) as a source of requirements for service providers on the design, transition, delivery and
improvement of services and service management capabilities;
b) to establish a consistent approach for an organization to use with all of its service providers,
including those in its supply chain;
c) as an unbiased basis to assess, measure and report service delivery and management capabilities
including performance of specific service management processes;
d) as a set of criteria for audit and assessment of a service provider’s SMS, including service
management processes.
ISO/IEC 20000-1:2011 specifies an integrated process approach when the service provider plans,
establishes, implements, operates, monitors, reviews, maintains and improves an SMS. The services can
be delivered to internal or external customers.
In ISO/IEC 20000-1:2011, a service is defined as a means of delivering value for the customer by
facilitating results that the customer wants to achieve. The definition further notes that a service is
generally intangible and that a service can also be delivered to the service provider by a supplier, an
internal group or a customer acting as a supplier.
The Capability Maturity Model Integration for Services (CMMI-SVC) draws on concepts and practices
from other CMMI models and other service-focused frameworks and models. The CMMI-SVC model
covers the activities required to establish, deliver, and manage services. As defined in the CMMI
context, a service is an intangible, non-storable product. The CMMI-SVC model has been developed to be
compatible with this broad definition.
Service providers can implement and improve the SMS using the requirements specified in
ISO/IEC 20000-1, the guidance in the other parts of the ISO/IEC 20000 series and CMMI-SVC. Both the
ISO/IEC 20000 series and CMMI-SVC provide guidance to identify, plan, design, deliver, and improve
services that deliver value to the business and its customers.
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE v

---------------------- Page: 5 ----------------------
TECHNICAL REPORT ISO/IEC TR 20000-12:2016(E)
Information technology — IT Service management —
Part 12:
Guidance on the relationship between ISO/IEC 20000-
1:2011 and service management frameworks: CMMI-SVC
1 Scope
This document provides guidance on the relationship between ISO/IEC 20000-1:2011 and CMMI-SVC
V1.3 (through Maturity Level 3). Service providers can refer to this guidance as a cross-reference
between the two documents to help them to plan and implement an SMS. An organization employing
the practices in the indicated CMMI-SVC process areas can conform to many of the associated
ISO/IEC 20000-1 requirements.
The guidance in Clause 4 describes how CMMI-SVC can support the demonstration of conformity to
ISO/IEC 20000-1:2011. A description of the purpose and content of both publications in 4.1 and 4.2 is
followed by Clause 5, which relates process areas in CMMI-SVC to clauses in ISO/IEC 20000-1:2011. The
tables in Annexes A and B relate terms, clauses, and paragraphs in ISO/IEC 20000-1:2011 to CMMI-
SVC. Table B.1 is a simplified summary of the correlation seen in Table 3 for those readers who want an
overview. The tables indicate those aspects of ISO/IEC 20000-1:2011 and CMMI-SVC that represent the
greatest link between the two sets of documents, from the perspective of a service provider.
This document can be used by any organization or person who wishes to understand how CMMI-SVC
can be used with ISO/IEC 20000-1:2011, including the following:
a) a service provider that intends to demonstrate conformity to the requirements of ISO/IEC 20000-
1:2011 and is seeking guidance on the use of CMMI-SVC to establish and maintain the SMS and the
services;
b) a service provider that has demonstrated conformity to the requirements of ISO/IEC 20000-1:2011
and is seeking guidance on ways to use CMMI-SVC to improve the SMS and the services;
c) a service provider that already uses CMMI-SVC and is seeking guidance on how CMMI-SVC
can be used to support efforts to demonstrate conformity to the requirements specified in
ISO/IEC 20000-1:2011;
d) an appraiser or assessor who wishes to understand the use of CMMI-SVC as support for the
requirements specified in ISO/IEC 20000-1:2011.
This document can also be used with the other parts of the ISO/IEC 20000 series.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management
system requirements
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE 1

---------------------- Page: 6 ----------------------
ISO/IEC TR 20000-12:2016(E)

3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 20000-1:2011 and
ISO/IEC/TR 20000-10:2015 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
4 Use of ISO/IEC 20000-1:2011 and CMMI-SVC
4.1 Introduction to ISO/IEC 20000-1:2011
ISO/IEC 20000-1:2011 specifies the general requirements for an SMS in Clause 4. In
ISO/IEC 20000-1:2011, Clauses 5 to 9, it specifies the service management processes, as shown in
Table 1.
Table 1 — Service management processes in ISO/IEC 20000-1:2011
Process group Clause Process
— 5 Design and transition of new or changed services
Service level management
Service reporting
Service continuity and availability management
Service delivery processes 6
Budgeting and accounting for services
Capacity management
Information security management
Business relationship management
Relationship processes 7
Supplier management
Incident and service request management
Resolution processes 8
Problem management
Configuration management
Control processes 9 Change management
Release and deployment management
ISO/IEC 20000-1:2011 requires the application of the methodology known as “Plan–Do–Check–Act”
(PDCA) to all parts of the SMS and the services. Figure 1 illustrates how the PDCA methodology can
be applied to the SMS, including the service management processes specified in ISO/IEC 20000-1:2011,
Clauses 5 to 9 and the services. The PDCA methodology can be briefly described as follows:
Plan: establishing, documenting and agreeing the SMS. The SMS includes the policies, objectives, plans
and processes to fulfil the service requirements.
Do: implementing and operating the SMS for the design, transition, delivery and improvement of the
services.
Check: monitoring, measuring and reviewing the SMS and the services against the policies, objectives,
plans and service requirements and reporting the results.
Act: taking actions to continually improve performance of the SMS and the services.
2 PROOF/ÉPREUVE © ISO/IEC 2016 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC TR 20000-12:2016(E)

Plan
Service
management
system
Service
management
processes
Do Act
Services
Check
Figure 1 — PDCA methodology applied to service management
Figure 2 illustrates an SMS, including the service management processes. The service management
processes and the interfaces between the processes can be implemented in different ways by different
service providers. The nature of the relationship between a service provider and the customer, the
service management objectives, and the scope of the SMS will influence how the service management
processes are implemented.
Figure 2 — Service management system
ISO/IEC 20000-1:2011 supports the integration of an SMS with other management systems in the service
provider’s organization. The adoption of an integrated process approach and the PDCA methodology
enables the service provider to align or fully integrate multiple management system standards.
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE 3

---------------------- Page: 8 ----------------------
ISO/IEC TR 20000-12:2016(E)

For example, an SMS can be integrated with a quality management system based on ISO 9001 or an
information security management system based on ISO/IEC 27001.
For the service provider, the benefits of the SMS are in its application towards fulfilling service
requirements and providing services with value both to customers and the service provider.
The ISO/IEC 20000 series contains requirements in ISO/IEC 20000-1:2011 and guidance in other parts.
ISO/IEC 20000-2:2012 is an important reference for a service provider implementing the requirements
of ISO/IEC 20000-1:2011. Guidance on the way an organization can implement ISO/IEC 20000-1:2011 in
phases is provided in ISO/IEC/TR 20000-5:2013. Extensive guidance is also provided in the other parts
of the ISO/IEC 20000 series. The service provider can also use a combination of other guidance and its
own experience. One example of other guidance is CMMI-SVC.
4.2 Introduction to CMMI-SVC
CMMI-SVC is one of three CMMI models, referred to collectively as “CMMI.” CMMI-SVC is a model of
practices and goals for service organizations of all types. These practices are grouped into process
areas (PAs), which are collections of goals and practices on a single topic, such as risk, capacity, or
continuity. A PA is the major organizing component of every CMMI model, and in CMMI-SVC, these PAs
are used for defining and delivering services, improving processes, evaluating organizational capability
or maturity, and benchmarking.
All CMMI models include core PAs (for example, Risk Management) that are common to all CMMI models,
and specific PAs (for example, Service Continuity) that are related to one of the three disciplines that
CMMI covers: acquisition, development, and services. In addition, CMMI models have generic practices
(for example, “Train the people performing or supporting the process as needed.”). These generic
practices can be used to foster improvement by using them alone or with PAs and applying them to any
work or part of an organization. Generic goals (for example, “Institutionalize a Managed Process”) and
practices are also applied during CMMI appraisals to make judgments about organizational capability.
CMMI PAs have goals, practices, and guidance to use as references when developing and improving
processes, but they are not processes or process descriptions. Further, a CMMI appraisal is not an
assessment of processes. The guidance (also called “informative content” by CMMI users) for using
goals and practices accompanies the expression of goals and practices (CMMI experts refer to these as
normative content) and this guidance appears throughout the CMMI document. Guidance or informative
CMMI material is integrated rather than separated from normative material.
Because CMMI is used to improve practices and evaluate organizational capability, the CMMI has
multiple ways to use PAs. All CMMI documents organize the PAs in alphabetical order by acronym for
ease of reference. Organizations can use PAs in prescribed maturity levels, allowing organizations
to benchmark by using the CMMI appraisal method. This grouping of PAs is called the “staged
representation” in CMMI. Organizations can also choose PAs relevant to their business and use the
generic practices to improve and evaluate their capability on the topics most important to them. This
way of using PAs is called the continuous representation in CMMI. In addition, Table 2 groups the 24 PAs
in CMMI-SVC according to business activities (Doing the Work); this grouping is used in training and
overviews.
4 PROOF/ÉPREUVE © ISO/IEC 2016 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC TR 20000-12:2016(E)

Table 2 — CMMI-SVC Process Areas
Doing the Work Process Area
Service Delivery (SD)
Requirements Management (REQM)
Define, Establish, and Deliver Services
Work Planning (WP)
Service System Development (SSD)
Capacity and Availability Management (CAM)
Monitor and Control Service and Work Products Work Monitoring and Control (WMC)
Configuration Management (CM)
Incident Resolution and Prevention (IRP)
Risk Management (RSKM)
Ensure Service Mission Success
Service Continuity (SCON)
Service System Transition (SST)
Measurement and Analysis (MA)
Organizational Process Performance (OPP)
Quantitative Work Management (QWM)
Make Work Explicit and Measureable
Causal Analysis and Resolution (CAR)
Organizational Performance Management
(OPM)
Supplier Agreement Management (SAM)
Manage Decisions, Suppliers, and Standard
Decision Analysis and Resolution (DAR)
Services
Strategic Service Management (STSM)
Process and Product Quality Assurance (PPQA)
Organizational Process Definition (OPD)
Create a Culture to Sustain Service Excellence Integrated Work Management (IWM)
Organizational Training (OT)
Organizational Process Focus (OPF)
Service providers choosing to use CMMI-SVC as their guide to implementing service management
processes can support the demonstration of conformity against the requirements specified in
ISO/IEC 20000-1:2011. To demonstrate conformity to the requirements specified in ISO/IEC 20000-
1:2011, the service provider should implement an SMS that encompasses the following requirements of
ISO/IEC 20000-1:2011, Clauses 4 to 9.
a) The SMS general requirements, specified in ISO/IEC 20000-1:2011, Clause 4, demonstrating
management commitment, governance of processes operated by other parties, control and
management of service management documentation and management of resources. These
requirements include the operation of continual improvement of the SMS using the PDCA
methodology.
b) Management of the service lifecycle including the design, development, and transition of new
services, changing services, closure of services or transfer of services to others in a controlled
manner, as specified in ISO/IEC 20000-1:2011, Clauses 5 to 9.
c) For the service management processes specified in ISO/IEC 20000-1:2011, Clauses 5 to 9
all processes should be in place and their documented and measurable performance should
demonstrate conformance with the requirements specified in these clauses.
The ISO/IEC 20000 series can be used by an organization looking for guidance on how to improve
service management, whether or not it is interested in seeking certification. Regardless of the intended
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE 5

---------------------- Page: 10 ----------------------
ISO/IEC TR 20000-12:2016(E)

application of ISO/IEC 20000-1:2011, CMMI-SVC can support a service provider to design, transition,
deliver and improve the SMS and services.
4.3 Relationships between ISO/IEC 20000-1:2011 and CMMI-SVC
ISO/IEC 20000-1:2011 and CMMI-SVC through Maturity Level 3 demonstrate similarities in their
structure and content. Both can be used to demonstrate conformity. In the case of ISO/IEC 20000-
1:2011, it is the SMS that is assessed. In the case of CMMI-SVC, it is the capability or maturity of the
organization that is assessed.
ISO/IEC 20000-1:2011 and CMMI-SVC rely on system concepts. The ISO/IEC 20000 series has the SMS
and CMMI-SVC has the service system. The components of these systems have a strong similarity. Both
systems have requirements and guidance regarding continuity, incidents, service requests, capacity,
and availability, as demonstrated in the correlation Tables A.1 and B.1.
ISO/IEC 20000-1:2011 is a management system standard that specifies requirements for an SMS. CMMI-
SVC is a model of organizational capability. As a model, it presents a framework for developing and
delivering services and for improving processes. CMMI-SVC is interpreted by the user to determine what
is needed to successfully enable the service system. ISO/IEC 20000-1:2011 specifies the requirements
for the SMS; CMMI-SVC users derive their organizational requirements from goals and practices. This
difference carries with it architecture, scope, and purpose differences in each document. CMMI-SVC
provides detailed guidance on organization-level activities, measurement of services and processes,
decision making and risk management. These are core properties of CMMI that could also be useful in
the implementation of an SMS that is based on ISO/IEC 20000-1:2011.
While the content of ISO/IEC 20000-1:2011 and CMMI-SVC is largely consistent, topics are organized
into different groups, and the detail in accompanying explanations and guidance varies. ISO/IEC 20000-
1:2011 specifies requirements for the SMS and other parts of the ISO/IEC 20000 series, including
ISO/IEC 20000-2, contain guidance on many aspects of service management. In contrast, CMMI models
have guidance integrated throughout a single document.
Many organizations use both the ISO/IEC 20000 series and CMMI-SVC and find value in using them
together.
5 Correlation of CMMI-SVC to ISO/IEC 20000-1:2011
The correlation of ISO/IEC 20000-1:2011 clauses to process areas and associated goals and practices
in CMMI-SVC is intended to provide a view of the relationships between the two references. Although
this correlation cites normative clauses of ISO/IEC 20000-1:2011 and aligns them with CMMI-SVC goals
and practices, the correlation itself is informative, not normative. The user should consult the source
documents to determine the applicability of requirements and informative guidance. Not all CMMI-
SVC goals and practices referenced in this annex are necessary to fulfil the requirements specified
in ISO/IEC 20000-1:2011. Not all the requirements specified in ISO/IEC 20000-1:2011 are covered
completely in each of the associated CMMI-SVC process areas.
ISO/IEC 20000-1:2011 specifies requirements for an SMS. ISO/IEC 20000-1:2011 is the International
Standard for service management and specifies requirements that can be used as the basis of a
conformity assessment. It can be used for improvement, benchmarking and for demonstrating
conformity to an SMS.
CMMI-SVC enumerates practices and activities specific to process areas within the process area, similar
to the ISO/IEC 20000-1:2015 consideration of processes within the SMS. In ISO/IEC 20000-1:2015,
activities that enable the service organization to establish central processes, practices, tasks, and
procedures are expressed in clauses. This similar content in CMMI is expressed as institutionalization
in the generic practices and organizational PAs such as OPD and OPF.
Table 3 shows the correlation to CMMI-SVC through Maturity Level 3 (by process area, with specific
goals and practices when relevant) for ISO/IEC 20000-1:2011, Clauses 4 to 9, respectively. For clarity of
correlation, the connections are made at the level of subclauses.
6 PROOF/ÉPREUVE © ISO/IEC 2016 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC TR 20000-12:2016(E)

To aid users in finding the correlations, whenever possible, CMMI-SVC correlations are listed in order of
greatest correlation or in generally the same order as the information in the clauses. If this ordering is
not obvious, then service-specific PAs are listed first and are followed by core PAs.
When an entire PA applies to the sub clause, only the PA abbreviation, or abbreviation and goal, appears
(for example, SD SG2; SD is the abbreviation for Service Delivery, and SG2 indicates Specific Goal 2 of
Service Delivery). If it is best to look at a specific practice for the correlation rather than at the entire
PA or goal, the specific practice (SP) will be indicated along with the PA (for example, SD SP2.1, which
indicates Service Delivery Specific Practice 2.1, the first practice under Specific Goal 2). When a Generic
Goal or Generic Practice is the correlated CMMI content, this is indicated as GG 2, for example, if the
entire Generic Goal applies, and as GP 2.1, for example, if the Generic Practice is the clearest correlation.
Grey shading identifies labels that are included for title only. The capitalization of ISO/IEC 20000-1:2011
text is based on normal ISO editorial rules. The capitalization of CMMI-SVC text is that used in CMMI-
SVC. When text is directly quoted from CMMI-SVC, style guidelines for CMMI are maintained, such as
spelling, use of punctuation, and italics.
Table 3 — Correlation of ISO/IEC 20000-1:2011, Clauses 4 to 9 to CMMI-SVC
ISO/IEC
CMMI-SVC
20000-1: ISO/IEC 20000-1:2011 CMMI-SVC goal and practice
PA/Goal/
2011 paragraph summary description
Practice
clause
Service management
4 system general
requirements
4.1 Management responsibility
Practices associated with Generic Goals 2 and 3
GG 2
describe management commitments to institutional-
4.1.1 Management commitment
izing managed and defined processes used in deliver-
GG 3
ing service.
Establish and maintain an organizational policy for
planning and performing the process.
4.1.2 Service management policy GP 2.1
For additional information, see the elaborations for
service-specific PAs.
Assign responsibility and authority for performing
GP 2.4 the process, developing the work products, and pro-
viding the services of the process.
Authority, responsibility Identify and involve the relevant stakeholders as the
4.1.3 GP 2.7
and communication process is planned.
Review the activities, status, and results of the pro-
GP 2.10
cess with higher level management and resolve issues.
Collect process related experiences derived from
planning and performing the process to support the
GP 3.2
future use and improvement of the organization’s
processes and process assets.
Assign responsibility and authority for performing
the process, developing the work products, and pro-
viding the services of the process.
GP 2.4
Note that SD and SSD PAs could also include manage-
4.1.4 Management representative
ment representatives in definitions of service and
service system.
Establish and maintain process action plans including
OPF SG2 resources to address performance improvements and
implementation of process actions.
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE 7

---------------------- Page: 12 ----------------------
ISO/IEC TR 20000-12:2016(E)

Table 3 (continued)
ISO/IEC
CMMI-SVC
20000-1: ISO/IEC 20000-1:2011 CMMI-SVC goal and practice
PA/Goal/
2011 paragraph summary description
Practice
clause
SAM SP 1.3 Establish and maintain supplier agreements.
Perform activities with the supplier as specified in
SAM SP 2.1
the supplier agreement.
Governance of processes
Collect and transform stakeholder needs, expecta-
4.2
operated by other parties
tions, constraints, and interfaces into prioritized
stakeholder requirements.
SSD SP 1.1
This includes identifying standards and procedures
to be followed.
Documentation
4.3
management
SD S
...