ISO/IEC 30105-5:2016

INTERNATIONAL ISO/IEC
STANDARD 30105-5
First edition
2016-11-15
Information technology — IT
Enabled Services-Business Process
Outsourcing (ITES-BPO) lifecycle
processes —
Part 5:
Guidelines
Technologies de l’information — Processus du cycle de vie de la
délocalisation du processus d’affaires des services activés par IT —
Partie 5: Lignes directrices
Reference number
ISO/IEC 30105-5:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC 30105-5:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 30105-5:2016(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Purpose . 2
5 ITES-BPO process context . 3
6 ITES-BPO process structure . 4
7 Stakeholders and stakeholder value definition . 8
8 Process reference model .10
9 Process assessment model .11
10 Framework for assessment of process capability .15
10.1 Components of assessment .15
10.2 Measurement framework .17
11 Organization maturity model .19
12 Process capability assessment .22
12.1 Process capability initiation .22
12.2 Process assessment output .22
13 Process risk determination .24
13.1 Process risk determination — Introduction .24
13.2 Process risk determination — Steps.25
13.2.1 Step 1 — Initiate process risk determination .25
13.2.2 Step 2 — Set target capability .26
13.2.3 Step 3 — Assess current capability .26
13.2.4 Step 4 — Determine proposed capability .26
13.2.5 Step 5 — Verify proposed capability .27
13.2.6 Step 6 — Analyse process related risks and act on results .27
14 Process improvement .28
14.1 Process improvement — purpose and outcomes .28
14.2 Types of process improvement .28
14.3 Process improvement programme .30
14.3.1 Examine organization’s business goals to set improvement objectives .30
14.3.2 Initiate process improvement cycle .31
14.3.3 Identify improvement areas . .32
14.3.4 Analyse assessment strengths and weaknesses .32
14.3.5 Review organizational improvement objectives .33
14.3.6 Generate and identify improvement areas .33
14.3.7 Derive action plan .33
14.3.8 Implement improvements .34
14.3.9 Monitoring implementation .35
14.3.10 Confirm improvements .35
14.3.11 Sustain and monitor improvements .35
Bibliography .37
© ISO/IEC 2016 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 30105-5:2016(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 40, IT Service Management and IT Governance.
A list of all parts in the ISO/IEC 30105 series can be found on the ISO website.
iv © ISO/IEC 2016 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 30105-5:2016(E)

Introduction
ITES-BPO services encompass the delegation of one or more IT enabled business processes to a
service provider who uses appropriate technology to deliver service. Such a service provider manages,
delivers, improves and administers the outsourced business processes in accordance with predefined
and measurable performance metrics. This covers diverse business process areas such as finance,
human resource management, administration, health care, banking and financial services, supply
chain management, travel and hospitality, media, market research, analytics, telecommunication,
manufacturing, etc. These services provide business solutions to customers across the globe and form
part of the core service delivery chain for customers.
ISO/IEC 30105 (all parts) specifies the lifecycle processes requirements involved in the ITES-BPO
industry.
— It provides an overarching standard for all aspects of ITES-BPO industry from the view of the
service provider that performs the outsourced business processes. This is applicable for any ITES-
BPO service provider providing services to customers through contracts and in industry verticals.
— It covers the entire outsourcing lifecycle and defines the processes that are considered to be good
practices.
— It is an improvement standard that enables risk determination and improvement for service
providers performing outsourced business processes. It also serves as a process reference model
for service providers.
— It focuses on IT enabled business processes which are outsourced.
— It is generic and can be applied to all IT enabled business process outsourced services, regardless of
type, size and the nature of the services delivered.
— Process improvement implemented using ISO/IEC 30105 (all parts) can lead to clear return on
investment for customers and service providers.
— Alignment to ISO/IEC 30105 (all parts) can improve consistency, delivery quality and predictability
in delivery of services.
Figure 1 illustrates the key entities and relationships involved in an ITES-BPO service. It includes the
customer, the ITES-BPO service provider and various levels of suppliers. This is in line with the supply
chain relationship depicted in ISO/IEC 20000-1:2011, 7.2.
Figure 1 — ITES-BPO key entities
This document provides guidance to the other parts of ISO/IEC 30105 and the requirements for
assessing processes. This document, in such a context, provides guidance on the application of the
process assessment model, how to strategically leverage the assessment and then how to use it in the
context of an improvement programme for an ITES-BPO organization.
© ISO/IEC 2016 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 30105-5:2016(E)
Information technology — IT Enabled Services-Business
Process Outsourcing (ITES-BPO) lifecycle processes —
Part 5:
Guidelines
1 Scope
ISO/IEC 30105 specifies the lifecycle process requirements performed by the IT enabled business
process outsourcing service provider for the outsourced business processes. It defines the processes to
plan, establish, implement, operate, monitor, review, maintain and improve its services. This document:
— covers IT enabled business processes that are outsourced;
— is not intended to cover IT services but includes similar, relevant process for completeness;
— is applicable to the service provider, not to the customer;
— is applicable to all lifecycle processes of ITES-BPO;
— provides guidance on application of the process assessment model, how to strategically leverage
the assessment and to use it in the context of an improvement programme or risk assessment for an
ITES-BPO service provider organization.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 30105-2:2016, Information technology — IT Enabled Services-Business Process Outsourcing
(ITES-BPO) lifecycle processes — Part 2: Process assessment model (PAM)
ISO/IEC 30105-3:2016, Information technology — IT Enabled Services-Business Process Outsourcing (ITES-
BPO) lifecycle processes — Part 3: Measurement framework (MF) and organization maturity model (OMM)
ISO/IEC 33020, Information technology — Process assessment — Process measurement framework for
assessment of process capability
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 30105-4, ISO/IEC 33001
and ISO/IEC 33020 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
© ISO/IEC 2016 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC 30105-5:2016(E)

4 Purpose
This document aims to provide guidance on the following:
a) the key parts of ISO/IEC 30105 (all parts), including the process assessment model, measurement
framework and the organization maturity model;
b) how to undertake process assessment and determine organization maturity through assessment of
process risk;
c) the approach to the organization maturity model (OMM), including the organization maturity
rating scale. This scale represents the extent to which an organization is able to demonstrate its
maturity through process quality. Process quality is demonstrated through assessment of the
organization’s ability to establish, manage and execute its processes with high capability;
d) use of the assessment and outcomes as part of a framework for performing process improvement
(PI) in a continual cycle.
Assessment of process capability is concerned with analysing the output of conformant process
assessments to identify the strengths, weaknesses and risks associated with deploying the processes
to meet a specific requirement.
Assessment of process risk is applicable across all ITES-BPO domains and to any ITES-BPO service
provider organization wanting to determine the process risks of its own processes.
PI uses the results of a current state assessment for an ITES-BPO service provider organization to
formulate and prioritize improvement plans. These plans improve the processes, thus creating the
inherent ability to support continual improvement.
Analysis of the output from a process assessment and process risk determination findings against
an organizational unit’s business goals and the joint business goals of a customer-service provider
engagement will lead to identification of the strengths, weaknesses and risks related to the processes,
operations, structure, etc. This can help to determine whether the processes are effective in achieving
business goals and provide the critical triggers for making improvements.
The guidance on assessment of process risk covers the following:
— overview of process capability: target capability, process oriented risk analysis;
— guidance for conducting an assessment of process capability: core and extended.
The guidance on PI provides the following:
a) overview of PI: the factors which drive ITES-BPO process improvement and the underlying general
principles;
b) methodology for PI: improving ITES-BPO processes within a continual improvement cycle;
c) measurement framework and management: ITES-BPO process improvement from a management
perspective, including an overall framework for process measurement.
The PAM is designed to provide organizations with an integrated approach to organizational
performance management that results in the following:
— delivery of increased effectiveness in driving outcomes to customers and stakeholders, contributing
to organizational sustainability;
— improvement of overall organizational effectiveness and capabilities;
— organizational and personal learning.
These service provider improvements can be marketed to outsourcing companies (customers) and can
provide increased value to customers and stakeholders.
2 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 30105-5:2016(E)

For all practical purposes, “value” can be considered as business outcomes achieved in line with the
requirements of the customer contract or customer requirements.
The adoption and implementation of ISO/IEC 30105 (all parts) can lead to the following benefits:
a) a greater degree of standardization of base practices in this important industry segment;
b) benchmarking for useful comparisons across adopting service provider organizations;
c) improved process efficiency and productivity, improved asset utilization and reduced
internal/external failures or potential failures, thereby improving the quality of output and
services;
d) improved customer focus and customer satisfaction, leading to a clear return on investment from
the maturity assessment journey. This also creates an ability to achieve and communicate the
business benefits to the customers and all direct stakeholders;
e) reduced time to maturity for new start-up service providers and new services for existing service
providers through the adoption of the ITES-BPO process reference model;
f) for customers (who use the ITES-BPO services), a mechanism to understand the capabilities of
service providers through a common standard, leading to increased levels of transparency and
trust. It also provides a mechanism to jointly solve issues proactively and to work on the strategic
programmes;
g) over a period of time, improved processes, shorter transition lead time for new processes, reduced
defect rates, improved cycle time, improved time to market, better risk determination, improved
productivity, etc. This can then lead to direct/indirect benefits to outsourcing companies due to
greater maturity and value from service providers, which can be further leveraged.
5 ITES-BPO process context
The processes in an ITES-BPO service provider organization have two distinct characteristics. Firstly,
operational service delivery, i.e. process execution, happens in real time. Secondly, the processes are
driven by service level agreements (SLAs) and key performance indicators (KPIs), which measure the
performance and quality of delivery and the quality of experience.
ITES-BPO services are based on delivery of business process transactions, which are of varied
complexity and have direct impact on the customer organization’s business delivery. Typically, an
outsourcing approach is adopted by a customer to gain overall process efficiency, economies of scale
and transformation savings through an expert service provider.
This allows the outsourcing customer organization to stay focused on its core strategic goals, end-
customer management and business growth, while the service provider organization takes full
ownership of process delivery.
One of the key requirements in outsourcing is business continuity management (BCM) for the
outsourced operations so that the overall system works at the desired level of assurance.
Figure 2 shows the service provider view for a typical customer engagement lifecycle.
© ISO/IEC 2016 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC 30105-5:2016(E)

Figure 2 — End-to-end view of ITES-BPO engagement lifecycle
ISO/IEC 30105 (all parts) addresses the following key questions for an ITES-BPO organization.
— How to manage performance across the framework of people, process and technology?
— How to best stabilize and improve the processes?
— How to optimize and sustain the processes?
— How to align improvement and process efforts to desired results?
— How to ensure process improvement benefits and quality results?
— How to achieve a differentiated approach for maturity?
6 ITES-BPO process structure
Figure 3 lists the processes from ISO/IEC 30105-1 that are included in the process dimension of the
process assessment model for ITES-BPO. It includes all aspects of an ITES-BPO outsourced service,
from developing an ITES-BPO solution through service delivery and to transitioning out. It includes the
leadership, relationship management and enabling processes which support the outsourced business
across its lifecycle.
4 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 30105-5:2016(E)

Figure 3 — ITES-BPO lifecycle process categories
The ITES-BPO process categories are as follows.
— Strategic enablement processes: include strategic direction and review of the business
performance against plan for the service provider organization and Innovation process to bring in
breakthrough changes.
— Relationship processes: cover the relationship of the service provider with the customer and the
suppliers.
— Solution processes: include details on how the ITES-BPO solution is envisaged and the contract
developed and managed.
— Transition in processes: cover the movement of business process delivery from the customer to
the service provider, establishing the required management, people and infrastructure capability,
and concluding with piloting the transitioned service.
— Service delivery processes: include all the processes that are required for the day to day
management and delivery of ITES-BPO services.
— Transition out process: covers the movement of the business process delivery back to the customer
or to a different service provider.
— Tactical enablement processes: involve a set of processes that enables achievement of the objective
of the core service delivery processes. These are tactical in nature.
— Operational enablement processes: involve a set of processes that ensures day to day operations
of service delivery are supported and are performed alongside the service delivery processes.
The process reference model, as shown in Figure 3, categorizes the ITES-BPO lifecycle processes:
— strategic enablement;
— relationship;
— solution;
— transition in;
© ISO/IEC 2016 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC 30105-5:2016(E)

— service delivery;
— transition out;
— tactical enablement;
— operational enablement.
The purpose of the process categories is to give clarity on the ways of working, as a group of linked and
inter-dependant processes within the process framework, for ease of understanding for the reader.
The ITES-BPO lifecycle processes have been categorized as below.
a) Strategic enablement processes: include strategic direction and review of the business
performance against plan for the service provider organization and innovation process to bring in
breakthrough changes.
Senior leaders should set business objectives, create a customer focus, establish clear and visible
organizational values and set high expectations for the workforce. The directions, values and
expectations should balance the needs of all direct stakeholders. Leaders should ensure the creation
of strategies, systems, organizational roadmap and methods for achieving performance excellence,
stimulating innovation, building knowledge and capabilities and ensuring organizational
sustainability. Senior leaders need to inspire and encourage the entire workforce to contribute, to
develop and learn, to be innovative and to embrace meaningful change. Senior leaders need to be
responsible to the organization’s governance body for their actions, performance and conformance.
There are two processes under this category. These are strategic planning and direction setting
and innovation management.
b) Relationship processes: cover the relationship of the service provider with the customer and the
suppliers.
These processes are aimed at ensuring superior engagement with customers and suppliers for
seamless business delivery.
Performance and quality are judged by an organization’s customers. Thus, the service provider
organization should take into account all product features and characteristics, modes of customer
access and support that contribute value to customers. This can lead to customer acquisition,
satisfaction, preference and loyalty, to positive referrals and to business sustainability. Customer-
driven excellence has both current and future components: understanding today’s customer needs
and anticipating future customer requirements and market place potential.
This also includes managing any suppliers who are linked to the delivery and their performance.
Service providers can also outsource some areas (e.g. invoice scanning, creating content) to a sub-
contracting supplier if there is a further need for optimized value delivery.
c) Solution processes: detail how the ITES-BPO solution is envisaged and the contract developed and
managed.
This category covers the development of feasible solutions and proposals to transfer knowledge,
mobilize people and create the infrastructure. It plans for transition, service delivery risk
management, information security and business continuity.
It includes the drafting, negotiation and agreement of a formal contract, and defining and
monitoring obligations.
d) Transition in processes: cover the movement of business process delivery from the customer to
the service provider, establishing the required management, people and infrastructure capability,
and conclude with piloting the transitioned service.
This category covers the mobilization of sufficient people with the required skills, creating the
required infrastructure, transferring appropriate knowledge, planning for service delivery and
6 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 30105-5:2016(E)

piloting the service delivery on a limited scale. This should be achieved with minimal disruption
to the customer’s business performance during this activity. This establishes the operational
ITES-BPO service for delivery from the service provider organization in line with the contracted
commitments, including service performance and quality targets.
e) Service delivery processes: include all the processes that are required for the day to day
management and delivery of ITES-BPO services.
This category of processes focuses on seamless operational delivery of business processes to
achieve the required service levels and good customer experience. It aims to manage, operate and
control the ongoing service delivery to achieve the desired performance levels. Service de
...