ISO/IEC JTC 1/SC 40/WG 2 - Service management – Information technology

This document provides guidance for organizations on how to implement a service management system (SMS). Organizations can use this document to implement the entire SMS in order to conform to the requirements specified in ISO/IEC 20000-1, or parts of an SMS for a selected subset of requirements. This document illustrates a generic plan to manage implementation activities for an SMS. The intended users of this document are: a) organizations that require support on how to implement an SMS; b) consultants and advisors who support an organization during SMS implementation. This document can be used together with the other parts of ISO/IEC 20000 series.

This document provides guidance on the relationship between ISO/IEC 20000–1 and a commonly used service management framework, ITIL 4. It can be used by any organization or person wishing to understand how ITIL can be used with ISO/IEC 20000–1, including: a) an organization that has claimed or demonstrated or intends to claim or demonstrate conformity to the requirements specified in ISO/IEC 20000–1 and is seeking guidance on the use of ITIL to establish and improve an SMS and the services; b) an organization that already uses ITIL and is seeking guidance on how ITIL can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000–1; c) an assessor or auditor who wishes to understand the use of ITIL as a support in achieving the requirements specified in ISO/IEC 20000–1. Clause 4 describes how ITIL can support the demonstration of conformity to ISO/IEC 20000–1. Clause 5 correlates the ITIL documents to requirements in ISO/IEC 20000–1. The tables in Annex A correlate terms and clauses in ISO/IEC 20000–1 to ITIL and vice versa; the tables in Annex B correlate clauses in ISO/IEC 20000-1 to the ITIL 4 publications and vice versa.

This document includes guidance on the scope definition and applicability to the requirements specified in ISO/IEC 20000-1. This document can assist in establishing whether ISO/IEC 20000-1 is applicable to an organization's circumstances. It illustrates how the scope of an SMS can be defined, irrespective of whether the organization has experience of defining the scope of other management systems. The guidance in this document can assist an organization in planning and preparing for a conformity assessment against ISO/IEC 20000-1. Annex A contains examples of possible scope statements for an SMS. The examples given use a series of scenarios for organizations ranging from very simple to complex service supply chains. This document can be used by personnel responsible for planning the implementation of an SMS, as well as assessors and consultants. It supplements the guidance on the application of an SMS given in ISO/IEC 20000-2. Requirements for bodies providing audit and certification of an SMS can be found in ISO/IEC 20000-6 which recommends the use of this document.

This document provides guidance on the application of a service management system (SMS) based on ISO/IEC 20000-1. It provides examples and recommendations to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards.

This document describes the core concepts of ISO/IEC 20000 (all parts), identifying how the different parts support ISO/IEC 20000‑1:2018 as well as the relationships between ISO/IEC 20000-1 and other International Standards and Technical Reports. This document also includes the terminology used in all parts of ISO/IEC 20000, so that organizations and individuals can interpret the concepts correctly. This document can be used by: a) organizations seeking to understand the terms and definitions to support the use of ISO/IEC 20000 (all parts); b) organizations looking for guidance on how to use the different parts of ISO/IEC 20000 to achieve their goal; c) organizations that wish to understand how ISO/IEC 20000 (all parts) can be used in combination with other International Standards; d) practitioners, auditors and other parties who wish to gain an understanding of ISO/IEC 20000 (all parts).

This document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by: a) a customer seeking services and requiring assurance regarding the quality of those services; b) a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain; c) an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services; d) an organization to monitor, measure and review its SMS and the services; e) an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS; f) an organization or other party performing conformity assessments against the requirements specified in this document; g) a provider of training or advice in service management. The term "service" as used in this document refers to the service or services in the scope of the SMS. The term "organization" as used in this document refers to the organization in the scope of the SMS that manages and delivers services to customers. The organization in the scope of the SMS can be part of a larger organization, for example, a department of a large corporation. An organization or part of an organization that manages and delivers a service or services to internal or external customers can also be known as a service provider. Any use of the terms "service" or "organization" with a different intent is distinguished clearly in this document.

ISO/IEC 20000-6:2017 specifies requirements and provides guidance for certification bodies providing audit and certification of an SMS in accordance with ISO/IEC 20000‑1. It does not change the requirements specified in ISO/IEC 20000‑1. ISO/IEC 20000-6:2017 can also be used by accreditation bodies for accreditation of certification bodies. A certification body providing SMS certification is expected to be able to demonstrate fulfilment of the requirements specified in ISO/IEC 20000-6:2017, in addition to the requirements in ISO/IEC 17021‑1.

This document provides guidance on the integrated implementation of a service management system (SMS) as specified in ISO/IEC 20000-1 with a quality management system (QMS) as specified in ISO 9001 and an information security management system (ISMS) as specified in ISO/IEC 27001. It is aimed at those organizations that are intending to either: a) implement ISO 9001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa; c) implement both ISO 9001 and ISO/IEC 20000-1 together, or implement both ISO/IEC 27001 and ISO/IEC 20000-1 together; d) implement ISO/IEC 20000-1, ISO 9001 and ISO/IEC 27001 together; or e) integrate existing management systems based on ISO/IEC 20000-1, ISO 9001 and ISO/IEC 27001. In practice, an SMS, QMS or ISMS can also be integrated with other management system standards (MSS), such as ISO 22301 or ISO 55001. Clause 4 provides an introduction to ISO/IEC 20000-1, the HLS of MSS specified in ISO/IEC Directives Part 1 and considerations for the integration of an MSS. Clause 5 provides an introduction to ISO 9001, commonalities and differences with ISO/IEC 20000-1 and considerations for the integration of an SMS with a QMS. Clause 6 provides an introduction to ISO/IEC 27001, commonalities and differences with ISO/IEC 20000-1 and considerations for the integration of an SMS with an ISMS. Clause 7 looks at considerations for the integration of an SMS, a QMS, and an ISMS. This document also provides correlation information for the terms and definitions of ISO/IEC 20000-1 with ISO 9001 and ISO/IEC 27001 in Annex A. Correlation of the clauses of ISO/IEC 20000-1 with ISO 9001 is shown in Annex B. Correlation of the clauses of ISO/IEC 20000-1 with ISO/IEC 27001 is shown in Annex C.

ISO/IEC TR 20000-12:2016 provides guidance on the relationship between ISO/IEC 20000‑1:2011 and CMMI-SVC V1.3 (through Maturity Level 3). Service providers can refer to this guidance as a cross-reference between the two documents to help them to plan and implement an SMS. An organization employing the practices in the indicated CMMI-SVC process areas can conform to many of the associated ISO/IEC 20000‑1 requirements. The guidance in Clause 4 describes how CMMI-SVC can support the demonstration of conformity to ISO/IEC 20000‑1:2011. A description of the purpose and content of both publications in 4.1 and 4.2 is followed by Clause 5, which relates process areas in CMMI-SVC to clauses in ISO/IEC 20000‑1:2011. The tables in Annexes A and B relate terms, clauses, and paragraphs in ISO/IEC 20000‑1:2011 to CMMI-SVC. Table B.1 is a simplified summary of the correlation seen in Table 3 for those readers who want an overview. The tables indicate those aspects of ISO/IEC 20000‑1:2011 and CMMI-SVC that represent the greatest link between the two sets of documents, from the perspective of a service provider. ISO/IEC TR 20000-12:2016 can be used by any organization or person who wishes to understand how CMMI-SVC can be used with ISO/IEC 20000‑1:2011, including the following: a) a service provider that intends to demonstrate conformity to the requirements of ISO/IEC 20000‑1:2011 and is seeking guidance on the use of CMMI-SVC to establish and maintain the SMS and the services; b) a service provider that has demonstrated conformity to the requirements of ISO/IEC 20000‑1:2011 and is seeking guidance on ways to use CMMI-SVC to improve the SMS and the services; c) a service provider that already uses CMMI-SVC and is seeking guidance on how CMMI-SVC can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000‑1:2011; d) an appraiser or assessor who wishes to understand the use of CMMI-SVC as support for the requirements specified in ISO/IEC 20000‑1:2011. ISO/IEC TR 20000-12:2016 can also be used with the other parts of the ISO/IEC 20000 series.

ISO/IEC TR 20000-10:2015 describes the core concepts of ISO/IEC 20000, identifying how the different parts support ISO/IEC 20000‑1:2011 as well as the relationships between ISO/IEC 20000 and other International Standards and Technical Reports. This part of ISO/IEC 20000 also explains the terminology used in ISO/IEC 20000, so that organisations and individuals can interpret the concepts correctly. ISO/IEC TR 20000-10:2015 is for a) service providers considering using any part of ISO/IEC 20000 and looking for guidance on how to use the different parts of ISO/IEC 20000 to achieve their goal, b) service providers that wish to understand how ISO/IEC 20000 can be used in combination with other International Standards, and c) practitioners, auditors, and other parties who wish to gain an understanding of ISO/IEC 20000.