ISO/IEC TR 20000-5:2010

TECHNICAL ISO/IEC
REPORT TR
20000-5
First edition
2010-05-01


Information technology — Service
management —
Part 5:
Exemplar implementation plan for
ISO/IEC 20000-1
Technologies de l'information — Gestion des services —
Partie 5: Exemple de plan de mise en application pour l'ISO/CEI 20000-1




Reference number
ISO/IEC TR 20000-5:2010(E)
©
ISO/IEC 2010

---------------------- Page: 1 ----------------------
ISO/IEC TR 20000-5:2010(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2010
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2010 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 20000-5:2010(E)
Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Normative references.1
3 Terms and definitions .1
4 Benefits of a phased approach .1
5 Approach.2
5.1 Overview.2
5.2 Key considerations .2
5.3 Understanding ISO/IEC 20000-1.3
5.4 Scope and applicability.3
5.5 Changes to scope.3
5.6 Developing the business case .3
5.7 Project support and commitment .4
5.8 Gap analysis .4
5.9 Implementation governance.5
5.10 Project readiness.5
5.11 Project team .5
6 Overview of phases.7
7 Taxonomy of each phase.8
7.1 Objectives of each phase .8
7.2 Key characteristics of each phase .9
8 Post-implementation .11
8.1 Continuing governance of the SMS and improving service .11
8.2 Plan-Do-Check-Act .11
8.3 Interfaces to projects for new and changed services .11
Annex A (informative) Start up and business case development.12
Annex B (informative) Three phases of the implementation project .13
Annex C (informative) Developing policies .25
Annex D (informative) Document and record management .28
Bibliography.31
Figures
Figure 1 — Important components within each of the three phases.7
Tables
Table 1 — Objectives of each phase .8
Table 2 — Key characteristics of each phase .9
Table A.1 — Basis for three phases .12
Table B.1 — Activities in three phases .13
© ISO/IEC 2010 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC TR 20000-5:2010(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The
main task of the joint technical committee is to prepare International Standards. Draft International Standards
adopted by the joint technical committee are circulated to national bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the national bodies casting a vote.
In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report
of one of the following types:
— type 1, when the required support cannot be obtained for the publication of an International Standard,
despite repeated efforts;
— type 2, when the subject is still under technical development or where for any other reason there is the
future but not immediate possibility of an agreement on an International Standard;
— type 3, when the joint technical committee has collected data of a different kind from that which is
normally published as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether
they can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to
be reviewed until the data they provide are considered to be no longer valid or useful.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 20000-5, which is a Technical Report of type 2, was prepared by Joint Technical Committee
ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering.
ISO/IEC 20000 consists of the following parts, under the general title Information technology — Service
management:
― Part 1: Specification
― Part 2: Code of practice
― Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 [Technical Report]
― Part 4: Process reference model [Technical Report]
― Part 5: Exemplar implementation plan for ISO/IEC 20000-1 [Technical Report]
Process assessment model for service management will form the subject of a future Part 8.
iv © ISO/IEC 2010 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TR 20000-5:2010(E)
Introduction
ISO/IEC 20000-1 specifies the requirements for a service management system (SMS) to deliver IT services
and applies to organizations of all sizes, sectors, types and many different organizational forms or business
models.
This part of ISO/IEC 20000 is an exemplar implementation plan providing guidance on how to implement an
SMS to fulfil the requirements of ISO/IEC 20000-1. The intended users of this part of ISO/IEC 20000 are
service providers, but it could also be useful for those advising service providers on how to best fulfil the
requirements of ISO/IEC 20000-1.
Included in this part of ISO/IEC 20000 is advice for service providers on a suitable order in which to plan and
implement improvements and other necessary changes. It suggests, as an example, a generic three-
phase approach to managing the implementation and gives guidance on a sequence of activities and phases
for implementing the SMS to fulfil the requirements of ISO/IEC 20000-1, including the integration of processes.
The service provider may choose their own sequence to implement the SMS. Also included is advice on the
development of a business case, the start up project and other activities necessary for the implementation to
be successful.
The phasing described in this part of ISO/IEC 20000 does not change the intended scope of the service
provider’s SMS, i.e. the scope itself is not subject to phased changes as a result of adopting the advice in this
part of ISO/IEC 20000. Instead, each phase improves the SMS needed for the service provider’s agreed
scope, building on the results of the previous phase.
The main activities for the development of the business case and start up of the implementation project are
shown in Annex A. A list of the main activities to implement the SMS based on ISO/IEC 20000-1, in three
phases, is shown in Annex B. Many of the requirements of ISO/IEC 20000-1 need to be met by actions over
more than one phase, with each phase building upon the achievements of the earlier phase. Once the final
phase is completed, the service provider’s organization will have an SMS that meets the requirements of
ISO/IEC 20000-1. Supporting information for the implementation project is provided.

© ISO/IEC 2010 – All rights reserved v

---------------------- Page: 5 ----------------------
TECHNICAL REPORT ISO/IEC TR 20000-5:2010(E)

Information technology — Service management —
Part 5:
Exemplar implementation plan for ISO/IEC 20000-1
1 Scope
This part of ISO/IEC 20000 gives guidance on a phased approach to implement an SMS that fulfils the
requirements specified in ISO/IEC 20000-1. The phased approach provides a structured framework to agree
priorities and manage the implementation activities.
This part of ISO/IEC 20000 illustrates a generic, three-phase approach to manage the implementation. The
service provider can tailor the phases to suit its needs and its constraints.
This part of ISO/IEC 20000 can also be used with ISO/IEC 20000-2, ISO/IEC TR 20000-3 and
ISO/IEC TR 20000-4.
2 Normative references
The following referenced document is indispensable for the application of this part of ISO/IEC 20000. For
dated references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 20000-1:2005, Information technology — Service management — Part 1: Specification
3 Terms and definitions
For the purposes of this document, the terms and definitions in ISO/IEC 20000-1 apply.
4 Benefits of a phased approach
Conformity to ISO/IEC 20000-1 is only possible if all requirements of the standard are fulfilled by the SMS.
There are many reasons for a phased approach. Phasing is based on identification of a suitable sequence of
improvements, each designed to assist in fulfilling one or more of the requirements of ISO/IEC 20000-1. This
allows better and more efficient risk management than attempting to make all the improvements and other
changes in one single phase.
A phased approach allows costs to be incurred over a longer period of time, is more easily funded using
revenue budgets instead of all the activities being funded from capital budgets and can generate benefits as
early as Phase 1. Early benefits can assist in encouraging involvement and funding of later phases.
Additional benefits can include:
a) illustrating each phase in a way that can be understood easily by all parties involved or affected by the
changes;
b) allowing the service provider to gain experience with a smaller set of implementation project activities,
rather than attempting everything in one big phase;
© ISO/IEC 2010 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC TR 20000-5:2010(E)
c) involving phased use of resources that can be scarce, expensive or already committed to other projects;
d) increasing customers’ confidence in the delivered services;
e) increasing mutual and long-term trust between the service provider and customers and the service
provider and suppliers;
f) encouraging key achievements being met in a planned sequence.
5 Approach
5.1 Overview
To identify a suitable approach to fulfilling the requirements of ISO/IEC 20000-1 the following should be
considered:
a) understanding ISO/IEC 20000-1 principles, objectives and requirements;
b) the objectives and the needs of the business using the IT services;
c) the experience of the current use of IT from the users' point of view;
d) the current risks and management of risks;
e) the service provider’s business model and objectives;
f) scope and applicability of ISO/IEC 20000-1;
g) the current status of the service management system;
h) current effectiveness of service management processes;
i) the clarity and suitability of current accountabilities, authorities, roles and responsibilities;
j) the responsiveness and flexibility of the service provider when changes are necessary;
k) expected major changes made by or made to the service provider;
l) other conflicting priorities within the service provider;
m) the financial and human resources available for each phase or any constraints that will affect the project;
n) statutory and regulatory requirements and contractual obligations.
5.2 Key considerations
When implementing the SMS a key consideration is that the system is implemented with the appropriate
design to meet the service requirements, based on a statement of the business needs, customer requirements,
the needs and limitations of the business and the needs of the service provider, including service levels,
statutory and regulatory requirements and contractual obligations.
To get support and goodwill from the customer it can be a good idea to start by establishing and implementing
those processes where the customer experiences issues.
In addition, service providers should consider the change process concerning the people working with the
SMS. For example the service provider should ensure that there is sufficient time allocated for communication
and training and for people to understand how their day to day activities are to change and the long term
benefits. This cannot be achieved if the implementation of ISO/IEC 20000-1 relies mainly on document
production and procedure descriptions. However documents and descriptions remain important to successful
implementation.
2 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC TR 20000-5:2010(E)
One of the risks during implementation of ISO/IEC 20000-1 is that the production of documents can be
considered more important than changing how people work. It is important to focus on understanding and
changing practices when implementing ISO/IEC 20000-1. Required documents should be viewed as a tool to
support the change and should be appropriate to the size and complexity of the organization.
The generic approach is divided into 3 phases, each one building on the achievements of its predecessor. The
structuring of each phase allows important and measurable evidence of achievements against the
requirements of ISO/IEC 20000-1. The phases described below are recommended but can differ from
organization to organization.
5.3 Understanding ISO/IEC 20000-1
The success of an ISO/IEC 20000-1 implementation relies on the people involved understanding the
requirements and supporting guidance in the ISO/IEC 20000 series, the service requirements and the
changes to practices that will be necessary.
5.4 Scope and applicability
In the planning activity, the service provider should ensure that ISO/IEC 20000-1 is applicable to the services
being delivered. This should take into account the scope of the services, activities and the contribution of
suppliers.
The service provider should perform an initial analysis to identify and agree a suitable scope for their service
management system, using the guidance on scope definition and applicability in ISO/IEC 20000-3.
5.5 Changes to scope
It can happen that a service provider initially plans to implement an SMS based on the requirements of
ISO/IEC 20000-1 for only part of their total activities. The service provider then generalizes the implementation
to a larger proportion of their activities. The guidance in this part of ISO/IEC 20000 is based on the defined
scope being unchanged during all three phases, not on a phased increase in scope of the SMS.
When a service provider decides to increase the scope of the SMS, it can be useful to follow the guidance in
this part of ISO/IEC 20000. This is also normally faster as the service provider by this time has gained
practical experience and may extend what has already been done to the larger scope.
5.6 Developing the business case
The implementation of ISO/IEC 20000-1 requires management commitment and ownership through all phases.
Based on initial analysis, a business case will help establish understanding and commitment. Establishing
management support and commitment should also be done as soon as possible when developing the
business case. It will also help sustain commitment and support for each phase and therefore minimize the
risks to the success of the planned changes.
The business case should include:
a) clear objectives for implementing an SMS based on the requirements of ISO/IEC 20000-1;
b) recommendation on formal, independent conformity assessment;
c) proposed scope of the SMS;
d) predicted service levels (or changes to service levels) from improved service management processes;
e) changes to workloads, changes to processes, increased use of the service or proactive reduction in
support needs;
f) potential cost savings, overall and as unit costs;
g) direct or indirect benefits such as customer satisfaction, employee satisfaction, reduced business risks;
© ISO/IEC 2010 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC TR 20000-5:2010(E)
h) timescales;
i) estimated resources, including the people directly involved in the project;
j) interested parties affected by or who will be involved in the implementation;
k) risks assessment and recommendations for risk management;
l) costs and use of external resources;
m) proposed terms of reference, project support and commitment and project governance.
5.7 Project support and commitment
To ensure the successful implementation of the SMS based on the requirements of ISO/IEC 20000-1, the
project should have the support and commitment of the top management. This will ensure a focus on service
requirements and constraints, including statutory and regulatory requirements and contractual obligations, and
will ensure appropriate priorities are allocated. The understanding and the involvement of all interested parties
is necessary during all phases, not just during the first phase.
5.8 Gap analysis
The service provider should perform a detailed analysis to evaluate the gap between the current operations
and the requirements of ISO/IEC 20000-1 for the activities in scope. This should quantify the status of:
a) management system(s) that have already been established and implemented, including the scope of
each;
b) existence and quality of both documents and records, including:
1) policies;
2) process documentation;
3) procedures;
4) service level agreements;
5) supplier contracts;
6) records of actual achievements by the service provider and suppliers;
c) actual working practices;
d) service reviews, internal audits, conformity assessments that can contribute useful information;
e) workload characteristics and actual service levels;
f) recent or current service improvement plans;
g) accuracy of definitions of roles, responsibilities and authorities, skill and competence of available staff;
h) assessment of the service provider’s culture;
i) any major changes planned to the structure, service and/or technology;
j) relevant statutory and regulatory requirements and contractual obligations.
The detail in which the gap analysis is conducted should be tailored to the needs of the service provider and
of the service provider’s customer base.
4 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC TR 20000-5:2010(E)
5.9 Implementation governance
The organization’s governance principles and policies, culture and structure should be understood. In addition
any other standards, contractual obligations, statutory and regulatory requirements that could impact the
delivered service should be considered.
The establishment of clear governance for the project within the service provider’s overall governance is a
critical aspect of a successful implementation. To assist with governance a group of people should be
identified, including management representation, which have the responsibility of managing the project. The
roles, authorities, responsibilities and accountabilities of this group should be agreed before the project starts.
This can be done as a terms of reference. Although this part of ISO/IEC 20000 refers throughout to ‘the
project’, in practice there may be several projects working closely together during each phase of the
implementation. Coordination and governance of multiple projects is part of this group’s responsibilities.
During the project this group is responsible for the governance of the service and for the development of the
SMS. After the last phase is completed it is important to ensure the continual improvement of the SMS. The
group that had responsibility for the governance of the service may become responsible for the continual
improvement or a new group should be created to take responsibility.
Part of the implementation governance should be the appointment of a project leader who should have
appropriate project management and service management skills.
5.10 Project readiness
Based on the business case and gap analysis, the project leader should take into account the following
considerations when developing the project plan:
a) timeframe;
b) resources concerns such as:
1) skills and competence of the implementation project team;
2) accommodation, travel, facilities and tools required/available for the implementation;
c) finances including any known constraints on funding the implementation, e.g. capital expenditure not yet
in the budget;
d) risks such as any issues that can cause conflicting priorities;
e) identify individuals that will receive the outputs of the project and involve them early in the project;
f) the service management maturity of the organisation;
g) receptiveness of the organization to change i.e. the aptitude to change within the organization and the
ability of the organization to absorb and manage the change successfully;
h) communication;
i) procurement;
j) review procedures.
5.11 Project team
To ensure a smooth change during the three phases described in Clause 6, the project team should have
strong leadership and expertise in establishing and implementing service management processes and
continual improvement principles.
© ISO/IEC 2010 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC TR 20000-5:2010(E)
The project leader should balance the two following factors when selecting members to the project team:
a) making use of the experience of staff involved in the existing day-to-day activities;
b) avoiding conflicting priorities for a person involved in both the project and in day-to-day activities.
This is particularly important when day-to-day workloads are unpredictable.
The project team should have expertise in and be responsible for:
a) designing and implementing management systems;
b) process definition for new or changed processes;
c) process establishment, implementation and integration;
d) minimizing impact on day-to-day activities;
e) testing and measuring the effectiveness of processes, including the continual improvement process;
f) organizational change and communication.
The effectiveness of the SMS depends on the overall integration of service management processes. Defining
the processes and how they are integrated at the beginning of the project will help in implementing the SMS
based on the requirements of ISO/IEC 20000-1 in a coherent manner.
Service owners, process owners and operational managers play an important role in identify and encouraging
changes to improve processes and services. As process owners and service owners are identified they should
contribute and support the group managing the project.
For small service providers, several processes may be owned by a single individual, who may also be an
operational manager. For larger service providers, there can be benefits from having people involved with
more specialist interests and responsibilities. Service providers should give consideration to coordinating this
larger group of people, especially if they are based at different locations.
Operational managers should also be represented on the project team. This is to ensure that plans are
realistic and that staff managers involved in day to day operations are kept aware of any changes that can
affect the way they are expected to work.
6 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC TR 20000-5:2010(E)
6 Overview of phases
Figure 1 presents a high level view of the most important ISO/IEC 20000-1 components within each phase, as
defined in Annex B.
Management responsibility
Documentation requirements
Planning service management
Implement service management & provide the services
Monitoring, measuring and reviewing
Continual improvement
Planning & implementing
new or changed services
Service level management
Service reporting
Service continuity & availability management
Budgeting & accounting for IT services
Capacity management
Information security management
Business relationship management
Supplier management
Incident management
Problem management
Configuration management
Change management
Release management
Phase 1 Phase 2 Phase 3

Figure 1 — Important components within each of the three phases
The plan represents a gene
...