ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Standardization of IT Service Management and IT Governance. Develop standards, tools, frameworks, best practices and related documents for IT Service Management and IT Governance, including areas of IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance, but excluding subject matter covered under the scope and existing work programs of JTC 1/SC 27 and JTC 1/SC 38. The work will initially cover: Governance of IT, including the development of the ISO/IEC 38500 series standards and related documents. Operational aspects of Governance of IT, including ISO/IEC 30121 Information Technology — Governance of digital forensic risk framework, and interfaces with the management of IT as well as the role of governance in the area of business innovation. All aspects relating to IT service management, including the development of the ISO/IEC 20000 series standards and related documents. All aspects relating to IT-Enabled Services — Business Process Outsourcing, including the development of the ISO/IEC 30105 series standards and related documents.
Gestion des services IT et gouvernance IT
Normalisation dans le domaine de la gestion des services IT et de la gouvernance IT. Elaborer des normes, outils, structures, meilleures pratiques et documents connexes afférant à la gestion des services IT et à la gouvernance IT, y compris les domaines d'activité IT tels que les audits, les investigations judiciaires numériques, la gouvernance, le management du risque, l'externalisation, la livraison et la maintenance du service, à l'exception des sujets relevant du domaine d'application et des programmes de travail du JTC 1/SC 27 et du JTC 1/SC 38. Au départ, les travaux couvriront: La gouvernance IT, y compris l'élaboration de la série de normes ISO/IEC 38500 et des documents connexes. Les aspects opérationnels de la gouvernance IT, y compris l'ISO/IEC 30121 Technologies de l'information — Gouvernance organisationnelle du risque lié aux investigations judiciaires numériques, et les interfaces avec la gestion des IT ainsi que le rôle de la gouvernance dans le domaine de l'innovation. Tous les aspects relatifs à la gestion des services IT, y compris l'élaboration des normes de la série ISO/IEC 20000 et des documents connexes. Tous les aspects relatifs aux services à base d'IT — Externalisation des processus métier, y compris l'élaboration des normes de la série ISO/IEC 30105 et des documents connexes.
General Information
This document provides guidance for members of the governing body of an organization to enable and govern the use of Artificial Intelligence (AI), in order to ensure its effective, efficient and acceptable use within the organization. This document also provides guidance to a wider community, including: — executive managers; — external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; — public authorities and policymakers; — internal and external service providers (including consultants); — assessors and auditors. This document is applicable to the governance of current and future uses of AI as well as the implications of such use for the organization itself. This document is applicable to any organization, including public and private companies, government entities and not-for-profit organizations. This document is applicable to an organization of any size irrespective of their dependence on data or information technologies.
- Standard28 pagesEnglish languagesale 15% off
This document provides guidance on the assessment of governance of information technology (IT) based on the principles, definitions and model for the governance of IT outlined in ISO/IEC 38500 and ISO/IEC TR 38502 and the implementation considerations outlined in ISO/IEC TS 38501. This document includes approaches for conducting the assessment, the criteria against which the assessment can be made, guidance on the evidence that can be used for the assessment, as well as a method for determining the maturity of the organization’s governance of IT. This document is applicable to organizations of all sizes, regardless of the extent of their use of IT.
- Standard24 pagesEnglish languagesale 15% off
- Draft24 pagesEnglish languagesale 15% off
This document provides guidance for organizations on how to implement a service management system (SMS). Organizations can use this document to implement the entire SMS in order to conform to the requirements specified in ISO/IEC 20000-1, or parts of an SMS for a selected subset of requirements. This document illustrates a generic plan to manage implementation activities for an SMS. The intended users of this document are: a) organizations that require support on how to implement an SMS; b) consultants and advisors who support an organization during SMS implementation. This document can be used together with the other parts of ISO/IEC 20000 series.
- Technical specification33 pagesEnglish languagesale 15% off
- Draft33 pagesEnglish languagesale 15% off
This document provides essential guidance for members of governing bodies of organizations and management on the use of data classification as a means to support the organization’s overall data governance policy and associated systems. It sets out important factors to be considered in developing and deploying a data classification system.
- Draft17 pagesEnglish languagesale 15% off
This document provides guidance on risk management practices for the IT enabled services-business process outsourcing (ITES-BPO) service provider for the outsourced business processes. It provides guidance for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and improving the risk management framework for the ITES-BPO services. This document: — covers IT enabled business processes that are outsourced; — is applicable to the service provider; — is applicable to all lifecycle processes of ITES-BPO; — is not intended to cover IT services. The guidelines in this document align to ISO 31000, elaborating the risk principles, risk management framework and risk management process from an ITES-BPO perspective.
- Technical specification18 pagesEnglish languagesale 15% off
This document provides guidance on the relationship between ISO/IEC 20000–1 and a commonly used service management framework, ITIL 4. It can be used by any organization or person wishing to understand how ITIL can be used with ISO/IEC 20000–1, including: a) an organization that has claimed or demonstrated or intends to claim or demonstrate conformity to the requirements specified in ISO/IEC 20000–1 and is seeking guidance on the use of ITIL to establish and improve an SMS and the services; b) an organization that already uses ITIL and is seeking guidance on how ITIL can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000–1; c) an assessor or auditor who wishes to understand the use of ITIL as a support in achieving the requirements specified in ISO/IEC 20000–1. Clause 4 describes how ITIL can support the demonstration of conformity to ISO/IEC 20000–1. Clause 5 correlates the ITIL documents to requirements in ISO/IEC 20000–1. The tables in Annex A correlate terms and clauses in ISO/IEC 20000–1 to ITIL and vice versa; the tables in Annex B correlate clauses in ISO/IEC 20000-1 to the ITIL 4 publications and vice versa.
- Technical specification53 pagesEnglish languagesale 15% off
- Draft53 pagesEnglish languagesale 15% off
- Standard1 pageEnglish languagesale 15% off
- Standard1 pageFrench languagesale 15% off
This document provides guidance on governance of IT enabled investments to the governing body of all forms of organizations, whether private, public or government entities, and will equally apply regardless of the size of the organization or its industry or sector. The terms business and business outcome throughout this document include all forms of organization covered by this document. The document also provides guidance to other parties interacting with governing bodies such as project personnel, accountants, management consultants, investment portfolio managers and governance support staff. IT enabled investments within the scope of this document could be investments of any scale from acquiring businesses to any business change incorporating IT, building new business services or addressing effectiveness and efficiency gains in IT operational services to gain competitive edge, whether those services are internal or provided by external parties. Resource allocation for strategic innovation is addressed by providing guidance to the governing body's decision for investment resource allocation between short-, medium- and long-term innovation projects. This document also provides guidance that can be applied in the due diligence process related to business acquisitions. This document may provide guidance on the application of the principles documented in ISO/IEC 38500 for ranking IT enabled investments including assessing the value and risks of IT elements in the context of investment banking or as performed by investment companies. This document does not prescribe or define specific management practices required for IT enabled investments. ISO/IEC TS 38501 contains guidance on the implementation arrangement for the effective governance of IT in general. The constructs in ISO/IEC TS 38501 can help to identify internal and external factors relating to the governance of IT and to define beneficial outcomes and identify evidence of success. ISO/IEC TR 38502 contains guidance on the integration between the governing body and management of an organization in general. This document is written in accordance with the principles of ISO/IEC TR 38504:2016.
- Standard14 pagesEnglish languagesale 15% off
This document presents an exemplar for maturity assessment, following the framework for assessment of process capability levels and measurement of an organization's maturity level for an ITES-BPO service provider. This document: — uses the set of indicators for process performance and process capability; — helps to collect the objective evidence that enables an assessor to determine the process ratings; — helps to assess the result of the process capability level; — serves as a measurement framework for processes and provides an organization maturity model for ITES-BPO organizations delivering the services; — is useful for all users of the ISO/IEC 30105 series, including but not limited to internal assessors, external assessors, ITES-BPO service providers and ITES-BPO service customers; — supports the performance assessment by providing a framework to measure and derive capability and organization maturity levels.
- Technical report22 pagesEnglish languagesale 15% off
This document includes guidance on the scope definition and applicability to the requirements specified in ISO/IEC 20000-1. This document can assist in establishing whether ISO/IEC 20000-1 is applicable to an organization's circumstances. It illustrates how the scope of an SMS can be defined, irrespective of whether the organization has experience of defining the scope of other management systems. The guidance in this document can assist an organization in planning and preparing for a conformity assessment against ISO/IEC 20000-1. Annex A contains examples of possible scope statements for an SMS. The examples given use a series of scenarios for organizations ranging from very simple to complex service supply chains. This document can be used by personnel responsible for planning the implementation of an SMS, as well as assessors and consultants. It supplements the guidance on the application of an SMS given in ISO/IEC 20000-2. Requirements for bodies providing audit and certification of an SMS can be found in ISO/IEC 20000-6 which recommends the use of this document.
- Standard28 pagesEnglish languagesale 15% off
- Standard29 pagesFrench languagesale 15% off
This document provides guidance on the application of a service management system (SMS) based on ISO/IEC 20000-1. It provides examples and recommendations to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards.
- Standard63 pagesEnglish languagesale 15% off
- Standard70 pagesFrench languagesale 15% off
This document provides guidance on the integrated implementation of a service management system (SMS) as specified in ISO/IEC 20000-1 with a quality management system (QMS) as specified in ISO 9001 and an information security management system (ISMS) as specified in ISO/IEC 27001. It is aimed at those organizations that are intending to either: a) implement ISO 9001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa; c) implement both ISO 9001 and ISO/IEC 20000-1 together, or implement both ISO/IEC 27001 and ISO/IEC 20000-1 together; d) implement ISO/IEC 20000-1, ISO 9001 and ISO/IEC 27001 together; or e) integrate existing management systems based on ISO/IEC 20000-1, ISO 9001 and ISO/IEC 27001. In practice, an SMS, QMS or ISMS can also be integrated with other management system standards (MSS), such as ISO 22301 or ISO 55001. Clause 4 provides an introduction to ISO/IEC 20000-1, the HLS of MSS specified in ISO/IEC Directives Part 1 and considerations for the integration of an MSS. Clause 5 provides an introduction to ISO 9001, commonalities and differences with ISO/IEC 20000-1 and considerations for the integration of an SMS with a QMS. Clause 6 provides an introduction to ISO/IEC 27001, commonalities and differences with ISO/IEC 20000-1 and considerations for the integration of an SMS with an ISMS. Clause 7 looks at considerations for the integration of an SMS, a QMS, and an ISMS. This document also provides correlation information for the terms and definitions of ISO/IEC 20000-1 with ISO 9001 and ISO/IEC 27001 in Annex A. Correlation of the clauses of ISO/IEC 20000-1 with ISO 9001 is shown in Annex B. Correlation of the clauses of ISO/IEC 20000-1 with ISO/IEC 27001 is shown in Annex C.
- Technical report57 pagesEnglish languagesale 15% off
This document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by: a) a customer seeking services and requiring assurance regarding the quality of those services; b) a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain; c) an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services; d) an organization to monitor, measure and review its SMS and the services; e) an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS; f) an organization or other party performing conformity assessments against the requirements specified in this document; g) a provider of training or advice in service management. The term "service" as used in this document refers to the service or services in the scope of the SMS. The term "organization" as used in this document refers to the organization in the scope of the SMS that manages and delivers services to customers. The organization in the scope of the SMS can be part of a larger organization, for example, a department of a large corporation. An organization or part of an organization that manages and delivers a service or services to internal or external customers can also be known as a service provider. Any use of the terms "service" or "organization" with a different intent is distinguished clearly in this document.
- Standard31 pagesEnglish languagesale 15% off
- Standard31 pagesEnglish languagesale 15% off
- Standard32 pagesFrench languagesale 15% off
This document describes the core concepts of ISO/IEC 20000 (all parts), identifying how the different parts support ISO/IEC 20000‑1:2018 as well as the relationships between ISO/IEC 20000-1 and other International Standards and Technical Reports. This document also includes the terminology used in all parts of ISO/IEC 20000, so that organizations and individuals can interpret the concepts correctly. This document can be used by: a) organizations seeking to understand the terms and definitions to support the use of ISO/IEC 20000 (all parts); b) organizations looking for guidance on how to use the different parts of ISO/IEC 20000 to achieve their goal; c) organizations that wish to understand how ISO/IEC 20000 (all parts) can be used in combination with other International Standards; d) practitioners, auditors and other parties who wish to gain an understanding of ISO/IEC 20000 (all parts).
- Standard28 pagesEnglish languagesale 15% off
- Standard29 pagesFrench languagesale 15% off
This document provides guidance to the members of governing bodies of organizations and their executive managers on the implications of ISO/IEC 38505-1 for data management. It assumes understanding of the principles of ISO/IEC 38500 and familiarization with the data accountability map and associated matrix of considerations, as presented in ISO/IEC 38505-1. This document enables an informed dialogue between the governing body and the senior/executive management team of an organization to ensure that the data use throughout the organization aligns with the strategic direction set by the governing body. This document covers the following: — identifying the information that a governing body requires in order to evaluate and direct the strategies and policies relating to a data-driven business; — identifying the capabilities and potential of measurement systems that can be used to monitor the performance of data and its uses.
- Technical report36 pagesEnglish languagesale 15% off
ISO/IEC TR 38502:2017 provides guidance on the nature and mechanisms of governance and management together with the relationships between them, in the context of IT within an organization. The purpose of this document is to provide information on a framework and model that can be used to establish the boundaries and relationships between governance and management of an organization's current and future use of IT. ISO/IEC TR 38502:2017 provides guidance for: - governing bodies; - managers who work within the authority and accountability established by governance; - advisors or those assisting in the governance of organizations of all sizes and types; and - developers of standards in the areas of governance of IT and management of IT.
- Technical report11 pagesEnglish languagesale 15% off
ISO/IEC 20000-6:2017 specifies requirements and provides guidance for certification bodies providing audit and certification of an SMS in accordance with ISO/IEC 20000‑1. It does not change the requirements specified in ISO/IEC 20000‑1. ISO/IEC 20000-6:2017 can also be used by accreditation bodies for accreditation of certification bodies. A certification body providing SMS certification is expected to be able to demonstrate fulfilment of the requirements specified in ISO/IEC 20000-6:2017, in addition to the requirements in ISO/IEC 17021‑1.
- Standard13 pagesEnglish languagesale 15% off
ISO/IEC 38505-1:2017 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of data within their organizations by - applying the governance principles and model of ISO/IEC 38500 to the governance of data, - assuring stakeholders that, if the principles and practices proposed by this document are followed, they can have confidence in the organization's governance of data, - informing and guiding governing bodies in the use and protection of data in their organization, and - establishing a vocabulary for the governance of data. ISO/IEC 38505-1:2017 can also provide guidance to a wider community, including: - executive managers, - external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies, - internal and external service providers (including consultants), and - auditors. While this document looks at the governance of data and its use within an organization, guidance on the implementation arrangement for the effective governance of IT in general is found in ISO/IEC/TS 38501. The constructs in ISO/IEC/TS 38501 can help to identify internal and external factors relating to the governance of IT and help to define beneficial outcomes and identify evidence of success. ISO/IEC 38505-1:2017 applies to the governance of the current and future use of data that is created, collected, stored or controlled by IT systems, and impacts the management processes and decisions relating to data. ISO/IEC 38505-1:2017 defines the governance of data as a subset or domain of the governance of IT, which itself is a subset or domain of organizational, or in the case of a corporation, corporate governance. ISO/IEC 38505-1:2017 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. This document is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their dependence on data.
- Standard20 pagesEnglish languagesale 15% off
ISO/IEC 30105-5:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - provides guidance on application of the process assessment model, how to strategically leverage the assessment and to use it in the context of an improvement programme or risk assessment for an ITES-BPO service provider organization.
- Standard37 pagesEnglish languagesale 15% off
ISO/IEC 30105-3:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a measurement framework for processes and provide an organization maturity model for organizations providing ITES-BPO services that: - conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004; - supports the performance assessment by providing a framework to measure and derive capability and organization maturity levels.
- Standard24 pagesEnglish languagesale 15% off
ISO/IEC 30105-4:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - defines terms and concepts used in ISO/IEC 30105.
- Standard24 pagesEnglish languagesale 15% off
ISO/IEC 30105-2:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a process assessment model for organizations providing ITES-BPO services that: - conforms to the requirements of ISO/IEC 33004; - supports the performance assessment by providing indicators for the interpretation of the process purposes and outcomes, as defined in ISO/IEC 24774, and the process attributes, as defined in ISO/IEC 33020. A process assessment model consists of a set of indicators for process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to determine ratings. The set of indicators included in this document is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. Supersets and subsets that are appropriate to the context and scope of the assessment should be selected. The process assessment model in this document is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented assessment process, for the ITES-BPO lifecycle processes, for risk determination or process improvement.
- Standard115 pagesEnglish languagesale 15% off
ISO/IEC 30105-1:2016 specifies the lifecycle process requirements performed by the IT-enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT-enabled business processes that are outsourced; - is not intended to address IT processes but includes references to them at key touchpoints for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a process reference model for organizations providing ITES-BPO services.
- Standard24 pagesEnglish languagesale 15% off
ISO/IEC TR 38504:2016 provides guidance on the information required to support principles-based standards in the area of governance and management of information technology. Guidance includes general recommendations, identification of elements and advice for their formulation. It does not describe the detail of specific principles or how they are aggregated into specific guidance to fulfil business objectives and achieve business outcomes from the use of IT.
- Technical report8 pagesEnglish languagesale 15% off
- Technical report8 pagesEnglish languagesale 15% off
ISO/IEC TS 38501:2015 provides guidance on how to implement arrangements for effective governance of IT within an organization.
- Technical specification15 pagesEnglish languagesale 15% off
ISO/IEC 30121:2015 provides a framework for Governing bodies of organizations (including owners, board members, directors, partners, senior executives, or similar) on the best way to prepare an organization for digital investigations before they occur. This International Standard applies to the development of strategic processes (and decisions) relating to the retention, availability, access, and cost effectiveness of digital evidence disclosure. This International Standard is applicable to all types and sizes of organizations.
- Standard6 pagesEnglish languagesale 15% off
- Standard6 pagesFrench languagesale 15% off
ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations. It also provides guidance to those advising, informing, or assisting governing bodies. They include the following: executive managers; members of groups monitoring the resources within the organization; external business or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; internal and external service providers (including consultants); auditors. ISO/IEC 38500:2015 applies to the governance of the organization's current and future use of IT including management processes and decisions related to the current and future use of IT. These processes can be controlled by IT specialists within the organization, external service providers, or business units within the organization. ISO/IEC 38500:2015 defines the governance of IT as a subset or domain of organizational governance, or in the case of a corporation, corporate governance. ISO/IEC 38500:2015 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. ISO/IEC 38500:2015 is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT. The purpose of ISO/IEC 38500:20015 is to promote effective, efficient, and acceptable use of IT in all organizations by: assuring stakeholders that, if the principles and practices proposed by the standard are followed, they can have confidence in the organization's governance of IT, informing and guiding governing bodies in governing the use of IT in their organization, and establishing a vocabulary for the governance of IT.
- Standard12 pagesEnglish languagesale 15% off
- Technical report28 pagesEnglish languagesale 15% off
ISO/IEC TR 22446:2017 establishes a continual performance improvement (CPI) process that supports service management system (SMS) as defined in the ISO/IEC 20000 series. This process ensures successful deployment and service performance criteria fulfilment. This process is based on a predictive performance evaluation method and a related repository. ISO/IEC TR 22446:2017 is not intended to be used as a means of certification and does not add any requirements to those specified in ISO/IEC 20000-1. ISO/IEC TR 22446:2017 does not provide specific criteria for identifying the need for risk analysis, nor does it specify the types of risk analysis techniques that are used to support a particular technology. ISO/IEC TR 22446:2017 does not offer techniques for implementing the continual performance improvement process.
- Technical report22 pagesEnglish languagesale 15% off
- Technical report23 pagesFrench languagesale 15% off
ISO/IEC TR 20000-12:2016 provides guidance on the relationship between ISO/IEC 20000‑1:2011 and CMMI-SVC V1.3 (through Maturity Level 3). Service providers can refer to this guidance as a cross-reference between the two documents to help them to plan and implement an SMS. An organization employing the practices in the indicated CMMI-SVC process areas can conform to many of the associated ISO/IEC 20000‑1 requirements. The guidance in Clause 4 describes how CMMI-SVC can support the demonstration of conformity to ISO/IEC 20000‑1:2011. A description of the purpose and content of both publications in 4.1 and 4.2 is followed by Clause 5, which relates process areas in CMMI-SVC to clauses in ISO/IEC 20000‑1:2011. The tables in Annexes A and B relate terms, clauses, and paragraphs in ISO/IEC 20000‑1:2011 to CMMI-SVC. Table B.1 is a simplified summary of the correlation seen in Table 3 for those readers who want an overview. The tables indicate those aspects of ISO/IEC 20000‑1:2011 and CMMI-SVC that represent the greatest link between the two sets of documents, from the perspective of a service provider. ISO/IEC TR 20000-12:2016 can be used by any organization or person who wishes to understand how CMMI-SVC can be used with ISO/IEC 20000‑1:2011, including the following: a) a service provider that intends to demonstrate conformity to the requirements of ISO/IEC 20000‑1:2011 and is seeking guidance on the use of CMMI-SVC to establish and maintain the SMS and the services; b) a service provider that has demonstrated conformity to the requirements of ISO/IEC 20000‑1:2011 and is seeking guidance on ways to use CMMI-SVC to improve the SMS and the services; c) a service provider that already uses CMMI-SVC and is seeking guidance on how CMMI-SVC can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000‑1:2011; d) an appraiser or assessor who wishes to understand the use of CMMI-SVC as support for the requirements specified in ISO/IEC 20000‑1:2011. ISO/IEC TR 20000-12:2016 can also be used with the other parts of the ISO/IEC 20000 series.
- Technical report32 pagesEnglish languagesale 15% off
- Technical report32 pagesEnglish languagesale 15% off
ISO/IEC TR 20000-11:2015 is a Technical Report that provides guidance on the relationship between ISO/IEC 20000?1:2011 and a commonly used service management framework, ITIL. It can be used by any organization or person wishing to understand how ITIL can be used with ISO/IEC 20000?1:2011, including: a) a service provider that has demonstrated or intends to demonstrate conformity to the requirements specified in ISO/IEC 20000?1:2011 and is seeking guidance on the use of ITIL to establish and improve an SMS and the services; c) a service provider that already uses ITIL and is seeking guidance on how ITIL can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000?1:2011; d) an assessor or auditor who wishes to understand the use of ITIL as support to achieve the requirements specified in ISO/IEC 20000?1:2011. The correlations provided in this part of ISO/IEC 20000 are for ISO/IEC 20000?1:2011 and ITIL?2011. Clause 4 describes how ITIL can support the demonstration of conformity to ISO/IEC 20000?1:2011. Clause 5 relates chapters in ITIL to clauses in ISO/IEC 20000?1:2011. The tables in Annex A and Annex B relate terms, clauses and processes in ISO/IEC 20000?1:2011 to ITIL.
- Technical report47 pagesEnglish languagesale 15% off
ISO/IEC TR 20000-10:2015 describes the core concepts of ISO/IEC 20000, identifying how the different parts support ISO/IEC 20000‑1:2011 as well as the relationships between ISO/IEC 20000 and other International Standards and Technical Reports. This part of ISO/IEC 20000 also explains the terminology used in ISO/IEC 20000, so that organisations and individuals can interpret the concepts correctly. ISO/IEC TR 20000-10:2015 is for a) service providers considering using any part of ISO/IEC 20000 and looking for guidance on how to use the different parts of ISO/IEC 20000 to achieve their goal, b) service providers that wish to understand how ISO/IEC 20000 can be used in combination with other International Standards, and c) practitioners, auditors, and other parties who wish to gain an understanding of ISO/IEC 20000.
- Technical report26 pagesEnglish languagesale 15% off
- Technical report27 pagesFrench languagesale 15% off
ISO/IEC TR 20000-9:2015 provides guidance on the use of ISO/IEC 20000‑1:2011 for service providers delivering cloud services. It is applicable to different categories of cloud service, such as those defined in ISO/IEC 17788/ITU-T Y.3500 and ISO/IEC 17789/ITU-T Y.3502, including, but not limited to, the following: a) infrastructure as a service (IaaS); b) platform as a service (PaaS); c) software as a service (SaaS). It is also applicable to public, private, community, and hybrid cloud deployment models. The applicability of ISO/IEC 20000‑1 is independent of the type of technology or service model used to deliver the services. All requirements in ISO/IEC 20000‑1 can be applicable to cloud service providers. The structure of ISO/IEC TR 20000-9:2015 does not follow the structure of ISO/IEC 20000‑1. The guidance is presented as a set of scenarios that can address many of the typical activities of a cloud service provider. The guidance in ISO/IEC TR 20000-9:2015 can also be useful for customers of cloud service providers. This part of ISO/IEC TR 20000-9:2015 can be used as guidance for a cloud service provider in designing, managing, or improving an SMS to support cloud services. ISO/IEC TR 20000-9:2015 does not add any requirements to those stated in ISO/IEC 20000‑1 and does not state explicitly how evidence can be provided to an assessor or auditor. The scope of ISO/IEC TR 20000-9:2015 excludes any specifications for products or tools.
- Technical report30 pagesEnglish languagesale 15% off
ISO/IEC TR 38502:2014 provides guidance on the nature and mechanisms of governance and management together with the relationships between them, in the context of IT within an organization. The purpose of ISO/IEC TR 38502:2014 is to provide information on a framework and model that can be used to establish the boundaries and relationships between governance and management of an organization's current and future use of IT. It provides guidance for: governing bodies; managers who have to work within the authority and accountability established by governance; advisors or those assisting in the governance of organizations of all sizes and types; and developers of standards in the areas of governance of IT and management of IT.
- Technical report14 pagesEnglish languagesale 15% off
ISO/IEC TR 20000-5:2013 is an exemplar implementation plan providing guidance on how to implement a service management system (SMS) to fulfil the requirements of ISO/IEC 20000-1:2011. The intended users of ISO/IEC TR 20000-5:2013 are service providers, but it can also be useful for those advising service providers on how to implement an SMS. ISO/IEC TR 20000-5:2013 includes advice for service providers on a suitable order in which to plan, implement and improve an SMS using, as an example, a generic three-phased approach to manage the implementation. The service provider can choose their own sequence to implement the SMS. Also included is advice on the development of a business case, the project initiation and other activities that are recommended for the implementation to be successful. The phases described in ISO/IEC TR 20000-5:2013 do not include changes to the intended scope of the service provider's SMS. The scope itself is not subject to phased changes as a result of adopting the advice in ISO/IEC TR 20000-5:2013. Instead, each phase should improve the SMS in alignment with the service provider's agreed scope, building on the results of the previous phase. The main activities for the development of the business case and initiation of the implementation project are shown. The main activities to implement the SMS based on ISO/IEC 20000-1:2011, in three phases, are listed. Many of the activities described in ISO/IEC TR 20000-5:2013 are intended to be met by actions over more than one phase, with each phase building upon the achievements of the earlier phase. Once the final phase is completed, the service provider's organization can achieve the benefits of an SMS that meets the requirements in ISO/IEC 20000-1:2011. Supporting information for the SMS implementation project is also provided. Examples of policies to illustrate what a service provider can want to put in place are provided. Because policies depend on the organization and the strategy of the service provider, these example policies can be tailored to suit the organizational requirement. Guidance on documentation management is provided, and templates are included for some of the documents specified in ISO/IEC 20000-1:2011 that can be amended to suit individual circumstances.
- Technical report41 pagesEnglish languagesale 15% off
ISO/IEC TR 20000-10:2013 provides an overview of the concepts and the terminology of ISO/IEC 20000. It establishes a common framework for helping organizations to understand the purpose of all the parts of ISO/IEC 20000 and the relationships between the parts. ISO/IEC TR 20000-10:2013 is intended to become the authoritative source for definitions used in all the parts of ISO/IEC 20000. Terms defined in ISO/IEC TR 20000-10:2013 will be removed from other published parts of ISO/IEC 20000 as they are updated. ISO/IEC TR 20000-10:2013 identifies other documents that have relationships with ISO/IEC 20000-1:2011 and identifies common areas with related International Standards to aid the use and integration of multiple International Standards in organizations. ISO/IEC TR 20000-10:2013 can be used by any organization or individual involved in the planning, design, transition, delivery and improvement of services using ISO/IEC 20000. More specifically, it: defines the terms used in ISO/IEC 20000; promotes cohesion between the parts of ISO/IEC 20000 by explaining the concepts and terminology used across all parts; contributes to the understanding of ISO/IEC 20000 by clarifying the relationships between all the parts; clarifies the possible interfaces and integration between the service provider's SMS and other management systems; provides an overview of other International Standards which can be used in combination with ISO/IEC 20000; identifies common areas between ISO/IEC 20000-1 and other International Standards. ISO/IEC TR 20000-10:2013 describes the core concepts of ISO/IEC 20000, identifying how the different parts interact to support ISO/IEC 20000-1:2011. It also describes the relationships between ISO/IEC 20000 and other International Standards and Technical Reports. ISO/IEC TR 20000-10:2013 also explains the terminology used in ISO/IEC 20000, so that organizations and individuals can interpret the concepts correctly.
- Technical report20 pagesEnglish languagesale 15% off
- Technical report22 pagesFrench languagesale 15% off
ISO/IEC TR 90006:2013 provides guidelines for the application of ISO 9001:2008 to service management for IT services. Examples provided in the guidelines are for service management of IT services. Additionally, ISO/IEC TR 90006:2013 provides guidelines for the alignment and integration of a QMS and SMS in organizations where services are being delivered to internal or external customers. The guidelines about integration provided can be applicable to a scope including IT services and other non-IT services as required. ISO/IEC TR 90006:2013 provides a comparison of the requirements of ISO 9001:2008 and ISO/IEC 20000-1:2011. It highlights those areas where there is the greatest similarity between the two management systems, and where there are differences between the two. ISO/IEC TR 90006:2013 cites and explains the requirements of ISO 9001:2008 in its application to service management and its integration with ISO/IEC 20000-1:2011, but does not add to or otherwise change the requirements of ISO 9001 or ISO/IEC 20000-1. The guidelines provided in ISO/IEC TR 90006:2013 are not intended to be used as criteria for conformity assessments or audits. ISO/IEC TR 90006:2013 can apply to organizations of all sizes, sectors, and types with different organizational forms or business models. ISO/IEC TR 90006:2013 can be used by: auditors and assessors looking for guidelines on audits for ISO 9001:2008 with a scope that includes services and service management; auditors and assessors looking for guidelines on integrated audits for ISO 9001:2008 and ISO/IEC 20000-1:2011 with a scope that includes services and service management; organizations implementing a QMS with a scope that includes services and service management; organizations implementing an integrated management system using the requirements of ISO 9001:2008 and ISO/IEC 20000-1:2011.
- Technical report80 pagesEnglish languagesale 15% off
- Technical report92 pagesFrench languagesale 15% off
ISO/IEC 20000-3:2012 is useful for service providers, consultants and assessors. It includes practical guidance on scope definition, applicability and demonstration of conformity to the requirements in ISO/IEC 20000-1. Guidance on the different types of conformity assessment and assessment standards is included. Although the requirements in ISO/IEC 20000-1 do not change with organizational structure, technology or service, operating the processes in a particular service environment will result in specific skill, tool and information requirements. Service management processes can cross many organizational, legal and national boundaries as well as different time zones. Service providers can provide a range of services to several different types of customers, both internal and external. Service providers can also depend on a complex supply chain for the delivery of services. This dependency can make the agreement and application of scope a complex stage in the service provider's use of ISO/IEC 20000-1. ISO/IEC 20000-3:2012 will assist in establishing if ISO/IEC 20000-1 is applicable to a service provider's circumstances. It illustrates how the scope of an SMS can be defined, irrespective of whether the reader has experience of defining the scope of other management systems. The guidance takes the form of practical examples, typical scenarios and recommendations. ISO/IEC 20000-3:2012 also assists in planning service improvements and in preparation for a conformity assessment against ISO/IEC 20000-1. It supplements the guidance on the application of ISO/IEC 20000-1 given in ISO/IEC 20000-2.
- Standard27 pagesEnglish languagesale 15% off
- Standard27 pagesFrench languagesale 15% off
ISO/IEC 20000-2:2012 provides guidance on the application of service management systems (SMS) based on the requirements in ISO/IEC 20000-1. ISO/IEC 20000-2:2012 enables organizations and individuals to interpret ISO/IEC 20000-1 more accurately, and therefore to use it more effectively. The guidance includes examples and suggestions to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards. This includes guidance on the use of an SMS for the planning, design, transition, delivery and improvement of the SMS and services. At a minimum this includes service management policies, objectives, plans, service management processes, process interfaces, documentation and resources. The SMS provides ongoing control, greater effectiveness, efficiency and opportunities for continual improvement of service management and of services. It enables an organization to work effectively with a shared vision.
- Standard85 pagesEnglish languagesale 15% off
- Standard85 pagesFrench languagesale 15% off
ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements. ISO/IEC 20000-1:2011 can be used by: an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled; an organization that requires a consistent approach by all its service providers, including those in a supply chain; a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements; a service provider to monitor, measure and review its service management processes and services; a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS; an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011.
- Standard26 pagesEnglish languagesale 15% off
- Standard26 pagesEnglish languagesale 15% off
- Standard28 pagesFrench languagesale 15% off
ISO/IEC TR 20000-5:2010 is an exemplar implementation plan providing guidance to service providers on how to implement a service management system to fulfil the requirements of ISO/IEC 20000-1 or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It could also be useful for those advising service providers on how to best achieve the requirements of ISO/IEC 20000-1. ISO/IEC TR 20000-5:2010 includes advice for service providers on a suitable order in which to plan and implement improvements. It is suggested that a generic three-phase approach is used to implement a service management system. The phased approach provides a structured framework to prioritize and manage the implementation activities. ISO/IEC TR 20000-5:2010 includes advice on development of a business case, the start up project, and a list of the main activities required to implement ISO/IEC 20000-1 successfully for each phase. It also provides supporting information, advice and guidance that may be useful for the implementation project, including developing objectives, developing policies, document and record management and sample process documentation. ISO/IEC TR 20000-5:2010 is for guidance only. The service provider has the option of choosing their own implementation sequence to implement a service management system.
- Technical report31 pagesEnglish languagesale 15% off