ISO/IEC 30105-2:2016

INTERNATIONAL ISO/IEC
STANDARD 30105-2
First edition
2016-11-15
Information technology — IT
Enabled Services-Business Process
Outsourcing (ITES-BPO) lifecycle
processes —
Part 2:
Process assessment model (PAM)
Technologies de l’information — Processus du cycle de vie de la
délocalisation du processus d’affaires des services activés par IT —
Partie 2: Modèle d’évaluation du processus (PAM)
Reference number
ISO/IEC 30105-2:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC 30105-2:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 30105-2:2016(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 General . 2
3.2 Structure of the ITES-BPO process assessment model . 2
3.2.1 Relationship to process reference model . 2
3.2.2 Process categories and processes . 2
3.2.3 Process dimension . 4
3.2.4 Capability dimension . 4
3.3 Assessment indicators . 6
3.3.1 Overview . 6
3.3.2 Process capability indicators (PCI) . 7
3.3.3 Process performance indicators (PPI) . 9
3.4 Measuring process capability . 9
4 Processes and process performance indicators (level 1) .11
4.1 General .11
4.2 Base practices (BPs) and work products (WPs) for ITES-BPO lifecycle processes .11
4.2.1 Strategic enablement processes .11
4.2.2 Relationship processes .14
4.2.3 Solution processes .17
4.2.4 Transition in processes .19
4.2.5 Service delivery processes .28
4.2.6 Transition out process .33
4.2.7 Tactical enablement processes .35
4.2.8 Operational enablement processes .44
5 Process capability indicators (levels 1 to 5) .54
5.1 General .54
5.2 Process capability levels and process attributes .54
5.2.1 Process capability level 0: Incomplete process .55
5.2.2 Process capability level 1: Performed process .55
5.2.3 Process capability level 2: Managed process .55
5.2.4 Process capability level 3: Established process .60
5.2.5 Process capability level 4: Predictable process .64
5.2.6 Process capability level 5: Innovating process .68
Annex A (informative) Conformity of the process assessment model .73
Annex B (informative) Work product characteristics .77
Annex C (informative) Correlation between ISO/IEC 20000 and ISO/IEC 30105 .111
Bibliography .115
© ISO/IEC 2016 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 30105-2:2016(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 40, IT Service
Management and IT Governance.
A list of all parts in the ISO/IEC 30105 series can be found on the ISO website.
iv © ISO/IEC 2016 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 30105-2:2016(E)

Introduction
ITES-BPO services encompass the delegation of one or more IT enabled business processes to a service
provider who uses an appropriate technology to deliver a service. Such a service provider manages,
delivers, improves and administers the outsourced business processes in accordance with predefined
and measurable performance metrics. This covers diverse business process areas such as finance,
human resource management, administration, health care, banking and financial services, supply
chain management, travel and hospitality, media, market research, analytics, telecommunications,
manufacturing, etc. These services provide business solutions to customers across the globe and form
the part of the core service delivery chain for customers.
ISO/IEC 30105 (all parts) specifies the lifecycle processes requirements involved in the ITES-BPO
industry.
— It provides an overarching standard for all aspects of ITES-BPO industry from the view of the
service provider that performs the outsourced business processes. This is applicable for any ITES-
BPO service provider providing services to customers through contracts and in industry verticals.
— It covers the entire outsourcing lifecycle and defines the processes that are considered to be good
practices.
— It is an improvement standard that enables risk determination and improvement for service
providers performing outsourced business processes. It also serves as a process reference model
for service providers.
— It focuses on IT enabled business processes which are outsourced.
— It is generic and can be applied to all IT enabled business process outsourced services, regardless of
type, size and the nature of the services delivered.
— Process improvement implemented using ISO/IEC 30105 (all parts) can lead to a clear return on
investment for customers and service providers.
— Alignment to ISO/IEC 30105 (all parts) can improve consistency, delivery quality and predictability
in delivery of services.
Figure 1 illustrates the key entities and relationships involved in an ITES-BPO service. It includes the
customer, the ITES-BPO service provider and various levels of suppliers. This is in line with the supply
chain relationship depicted in ISO/IEC 20000-1:2011, 7.2.
Figure 1 — ITES-BPO key entities
This document details the process assessment model (PAM). This PAM contains process definitions of
ITES-BPO lifecycle defined in ISO/IEC 30105-1 and a model suitable for assessing a specified process
quality characteristic. The outcomes in the PAM are clearly defined observable results, aligned to the
business benefits derived by the customer and service provider.
© ISO/IEC 2016 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 30105-2:2016(E)

This document defines a process assessment model that is an improvement standard that enables
risk determination and improvement for ITES-BPO service providers. ISO/IEC 20000-1 is a service
management system standard which defines the criteria for a conformity assessment. Whilst there
is potential for overlaps between this document and ISO/IEC 20000-1, in fact, they complement each
other. Annex C describes the potential overlaps and differences, and their complementary nature.
vi © ISO/IEC 2016 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO/IEC 30105-2:2016(E)
Information technology — IT Enabled Services-Business
Process Outsourcing (ITES-BPO) lifecycle processes —
Part 2:
Process assessment model (PAM)
1 Scope
ISO/IEC 30105 specifies the lifecycle process requirements performed by the IT enabled business
process outsourcing service provider for the outsourced business processes. It defines the processes to
plan, establish, implement, operate, monitor, review, maintain and improve its services. This document:
— covers IT enabled business processes that are outsourced;
— is not intended to cover IT services but includes similar, relevant process for completeness;
— is applicable to the service provider, not to the customer;
— is applicable to all lifecycle processes of ITES-BPO;
— serves as a process assessment model for organizations providing ITES-BPO services that:
— conforms to the requirements of ISO/IEC 33004;
— supports the performance assessment by providing indicators for the interpretation of the
process purposes and outcomes, as defined in ISO/IEC 24774, and the process attributes, as
defined in ISO/IEC 33020.
A process assessment model consists of a set of indicators for process performance and process
capability. The indicators are used as a basis for collecting the objective evidence that enables an
assessor to determine ratings. The set of indicators included in this document is not intended to be
an all-inclusive set nor is it intended to be applicable in its entirety. Supersets and subsets that are
appropriate to the context and scope of the assessment should be selected.
The process assessment model in this document is directed at assessment sponsors and competent
assessors who wish to select a model, and associated documented assessment process, for the ITES-
BPO lifecycle processes, for risk determination or process improvement.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33004:2015, Information technology — Process assessment — Requirements for process reference,
process assessment and maturity models
ISO/IEC 30105-3, Information Technology — IT enabled services-business process outsourcing (ITES-BPO)
lifecycle processes — Part 3: Measurement framework (MF) and organization maturity model (OMM)
3 Terms and definitions
For the purpose of this document, the terms and definitions given in ISO/IEC 30105-4, ISO/IEC 33001
and ISO/IEC TR 20000-10 apply.
© ISO/IEC 2016 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC 30105-2:2016(E)

For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
—  IEC Electropedia: available at http://www.electropedia.org/
—  ISO Online browsing platform: available at http://www.iso.org/obp
3.1 General
In ISO/IEC 33001, the process assessment model is described as a model suitable for the purpose of
assessing a specified process quality characteristic, based on one or more process reference models.
The process reference model defined in ISO/IEC 30105-1, associated with the process attributes defined
in this document, establishes a process assessment model that provides a common basis for performing
assessments on ITES-BPO lifecycle processes, enabling the results to be reported using a common
rating scale. A.2 in Annex A provides the requirements for process assessment models.
The process assessment model defines a two-dimensional model of process capability.
— Process dimension: Processes are defined and classified into process categories.
— Capability dimension: A set of process attributes grouped into capability levels is defined.
The process attributes provide the measurable characteristics of process capability.
The ITES-BPO process reference model defined in ISO/IEC 30105-1 and the capability dimension defined
in ISO/IEC 33020 cannot be used alone as the basis for conducting reliable and consistent assessments
of process capability, since the level of detail available is not sufficient. The process assessment model
defined in this document has been derived from the measurement framework defined in ISO/IEC 30105-
3, adapted to be suitable for ITES-BPO service providers.
3.2 Structure of the ITES-BPO process assessment model
3.2.1 Relationship to process reference model
The ITES-BPO process assessment model extends the process reference model provided in
ISO/IEC 30105-1 with the definition of the ITES-BPO assessment indicators and their use. Assessment
indicators are indicators of process performance and process capability. They are defined to objectively
support an assessor’s objective judgment of the performance and capability of an implemented process.
The ITES-BPO process descriptions meet the following requirements:
— a process is described in terms of its purpose and process outcomes;
— the set of process outcomes will be necessary and sufficient to achieve the purpose of the process;
— process descriptions shall not contain or imply aspects of the process quality characteristic beyond
the lowest level of its intended measurement scale.
3.2.2 Process categories and processes
Figure 2 lists the processes from ISO/IEC 30105-1 that are included in the process dimension of the
process assessment model for ITES-BPO. It includes all aspects of an ITES-BPO outsourced service,
from developing an ITES-BPO solution through service delivery and to transitioning out. It includes the
leadership, relationship management and enabling processes which support the outsourced business
across its lifecycle.
2 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC 30105-2:2016(E)

Figure 2 — ITES-BPO lifecycle process categories
The ITES-BPO process categories are:
— Strategic enablement processes: include strategic direction and review of the business
performance against plan for the service provider organization and innovation process to bring in
breakthrough changes;
— Relationship processes: cover the relationship of the service provider with the customer and the
suppliers;
— Solution processes: include details on how the ITES-BPO solution is envisaged and the contract
developed and managed;
— Transition in processes: cover the movement of business process delivery from the customer to
the service provider, establishing the required management, people and infrastructure capability,
and concluding with piloting the transitioned service;
— Service delivery processes: include all the processes that are required for the day to day
management and delivery of ITES-BPO services;
— Transition out process: covers the movement of the business process delivery back to the customer
or to a different service provider;
— Tactical enablement processes: involve a set of processes that enables achievement of the objective
of the core service delivery processes; these are tactical in nature;
— Operational enablement processes: involve a set of processes that ensures day-to-day operations
of service delivery are supported and are performed alongside the service delivery processes.
The process categories and processes in the ITES-BPO process reference model which underpin the
process dimension of the ITES-BPO process assessment model are shown in Figure 3.
© ISO/IEC 2016 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/IEC 30105-2:2016(E)

Figure 3 — ITES-BPO lifecycle process categories and processes
3.2.3 Process dimension
All processes in Figure 3 are included within the process dimension of the process assessment model.
Each process in the PAM is described by a purpose statement which contains objectives of the process
and a set of specific expected outcomes. The outcomes are associated with the process purpose
statements, and indicate the expected positive result of the process performance.
Satisfying the purpose statements of a process represents the only step in achieving a level 1 process
capability where the expected outcomes are observable.
3.2.4 Capability dimension
Process capability levels are defined in ISO/IEC 30105-3 and detailed definitions of the process
capability levels and process attributes are set out in Clause 6 together with the relevant process
capability indicators. Process capability is expressed in the PAM by grouping process assessment
indicators into capability levels.
Process attributes are process features which can be evaluated on a scale of achievement to provide
a process capability measure. Each process attribute describes a feature of the overall capability in
managing and improving process effectiveness in achieving its process purpose and contributing to the
organization’s business goals.
4 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC 30105-2:2016(E)

A capability level is a set of process assessment indicators that together describe an ability to operate
and perform a process at a given capability level. The existence or not of evidence to meet these process
assessment indicators helps determine the capability levels. The levels constitute a rational path for
improving capability for any process and are defined in ISO/IEC 30105-3.
There are six capability levels incorporating nine process attributes.
Level 0: Incomplete process
The process is not implemented or fails to achieve the process purpose.
At this level, there is little or no evidence of any systematic achievement of the process purpose.
Level 1: Performed process
The implemented process achieves its process purpose.
Level 2: Managed process
The previously described “Performed” process is implemented in a managed fashion (planned,
monitored and adjusted) and its work products are appropriately established, controlled and
maintained.
Level 3: Established process
The previously described “Managed” process is implemented using a defined process that is capable of
achieving the process outcomes.
Level 4: Predictable process
The previously described “Established” process now operates within defined limits to achieve the
process outcomes. Quantitative management needs are identified, measurement data are collected and
analysed to identify causes of variation.
Level 5: Innovating process
The previously described “Predictable” process is continually improved to respond to organizational
change.
Within the process assessment model, the measure of capability is based upon the nine process
attributes (PA) defined in ISO/IEC 30105-3. Process attributes are used to determine whether a process
has reached a given capability. Each attribute measures a particular aspect of the process capability.
At each level there is no ordering between the process attributes; each attribute addresses a specific
aspect of the capability level. The list of process attributes is shown in Table 1.
Table 1 — Capability levels and process attributes
Process attribute ID Capability levels and process attributes
Level 0: Incomplete process
Level 1: Performed process
PA 1.1 Process performance
Level 2: Managed process
PA 2.1 Performance management
PA 2.2 Work product management
Level 3: Established process
PA 3.1 Process definition
PA 3.2 Process deployment
Level 4: Predictable process
© ISO/IEC 2016 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO/IEC 30105-2:2016(E)

Table 1 (continued)
Process attribute ID Capability levels and process attributes
PA 4.1 Quantitative analysis
PA 4.2 Quantitative control
Level 5: Innovating process
PA 5.1 Process innovation
PA 5.2 Process innovation implementation
The process attributes are evaluated on a six-point ordinal scale of achievement, as defined in
ISO/IEC 30105-3. They provide insights into the specific aspects of process capability required to
support process improvement and risk determination.
Within the process assessment model, the measure of capability is based upon the nine process
attributes (PA) defined in ISO/IEC 30105-3 and listed in 6.2.
3.3 Assessment indicators
3.3.1 Overview
The process assessment model is based on the principle that the capability of a process can be assessed
by demonstrating the achievement of process attributes on the basis of evidences related to assessment
indicators.
There are two types of assessment indicators: process capability indicators (PCI), which apply to
capability levels 1 to 5 and process performance indicators (PPI), which apply exclusively to capability
level 1. These indicators are defined in 4.3.2.
Process capability indicators enable assessment of the extent of achievement of a process attribute
in the implemented process. These indicators concern significant activities, resources or results
associated with the achievement of the attribute purpose by a process.
Types of process capability indicators are:
— generic practice (GP);
— generic resource (GR);
— generic work product (GWP).
As additional indicators for supporting the assessment of a process at level 1, each process has a set
of process performance indicators in the process dimension. These are used to measure the degree of
achievement of the process performance attribute for the process assessed.
Types of process performance indicators are:
— base practice (BP);
— work product (WP).
The performance of base practices indicates the extent of achievement of the process purpose and
process outcomes. Work products are either used or produced (or both) when performing the process.
The process performance and process capability indicators defined in the ITES-BPO process assessment
model represent types of objective evidence that can be found in an implementation of an ITES-BPO
process. Therefore, these can be used to judge achievement of capability.
Figure 4 shows how the assessment indicators are related to process performance and process
capability.
6 © ISO/IEC 2016 – All rights reserved

---------------------- Page: 12 ----------------------
ISO/IEC 30105-2:2016(E)

Figure 4 — Process attributes and process assessment indicators
3.3.2 Process capability indicators (PCI)
The three types of process capability indicators related to levels 1 to 5 are identified in Figure 5. They are
intended to be applicable to all processes and are defined for ITES-BPO lifecycle processes in Clause 6.
© ISO/IEC 2016 – All rights reserved 7

---------------------- Page: 13 ----------------------
ISO/IEC 30105-2:2016(E)

Figure 5 — Process assessment indicators
All the process capability indicators relate to the process attributes defined in the capability dimension
of the process assessment model. They represent the type of evidence that supports judgments of
the extent to which the attributes are achieved. Evidence of their effective performance or existence
supports the judgment of the degree of achievement of the attribute. The generic practices are the
principal indicators of process capability.
The generic practice (GP) indicators are activities of a generic type and provide guidance on the
implementation of the attribute’s characteristics. They support the achievement of the process attribute
and many of them concern management practices, i.e. practices that are established to support the
process performance as it is characterized at level 1. Table A.1 lists the mappings of the GPs to the
achievements associated with each process attribute.
During the evaluation of process capability, the primary focus is on the performance of the generic
practices. In general, performances of all generic practices are expected for full achievement of the
process attribute.
The generic resource (G
...