This Standard is a service management system (SMS) standard.

It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS.

The requirements include the design, transition, delivery and improvement of services to fulfil service requirements.

This Standard can be used by:

a) an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled;

b) an organization that requires a consistent approach by all its service providers, including those in a supply chain;

c) a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements;

d) a service provider to monitor, measure and review its service management processes and services;

e) a service provider to improve the design, transition and delivery of services through effective implementation and operation of an SMS;

f) an assessor or auditor as the criteria for a conformity assessment of a service providers SMS to the requirements in this Standard.

The intended users of this document are:

a) organizations that require support on how to implement an SMS;

b) consultants and advisors who support an organization during SMS implementation.

This document can be used together with the other parts of ISO/IEC 20000 series.

a) an organization that has claimed or demonstrated or intends to claim or demonstrate conformity to the requirements specified in ISO/IEC 20000–1 and is seeking guidance on the use of ITIL to establish and improve an SMS and the services;

b) an organization that already uses ITIL and is seeking guidance on how ITIL can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000–1;

c) an assessor or auditor who wishes to understand the use of ITIL as a support in achieving the requirements specified in ISO/IEC 20000–1.

Clause 4 describes how ITIL can support the demonstration of conformity to ISO/IEC 20000–1. Clause 5 correlates the ITIL documents to requirements in ISO/IEC 20000–1. The tables in Annex A correlate terms and clauses in ISO/IEC 20000–1 to ITIL and vice versa; the tables in Annex B correlate clauses in ISO/IEC 20000-1 to the ITIL 4 publications and vice versa.

This process ensures successful deployment and service performance criteria fulfilment.

This process is based on a predictive performance evaluation method and a related repository.

ISO/IEC TR 22446:2017 is not intended to be used as a means of certification and does not add any requirements to those specified in ISO/IEC 20000-1.

ISO/IEC TR 22446:2017 does not provide specific criteria for identifying the need for risk analysis, nor does it specify the types of risk analysis techniques that are used to support a particular technology.

ISO/IEC TR 22446:2017 does not offer techniques for implementing the continual performance improvement process.

a) infrastructure as a service (IaaS);

b) platform as a service (PaaS);

c) software as a service (SaaS).

It is also applicable to public, private, community, and hybrid cloud deployment models.

The applicability of ISO/IEC 20000-1 is independent of the type of technology or service model used to deliver the services. All requirements in ISO/IEC 20000-1 can be applicable to cloud service providers.

The structure of ISO/IEC TR 20000-9:2015 does not follow the structure of ISO/IEC 20000-1. The guidance is presented as a set of scenarios that can address many of the typical activities of a cloud service provider. The guidance in ISO/IEC TR 20000-9:2015 can also be useful for customers of cloud service providers.

This part of ISO/IEC TR 20000-9:2015 can be used as guidance for a cloud service provider in designing, managing, or improving an SMS to support cloud services.

ISO/IEC TR 20000-9:2015 does not add any requirements to those stated in ISO/IEC 20000-1 and does not state explicitly how evidence can be provided to an assessor or auditor. The scope of ISO/IEC TR 20000-9:2015 excludes any specifications for products or tools.

a) implement ISO 9001 when ISO/IEC 20000-1 is already implemented, or vice versa;

b) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa;

c) implement both ISO 9001 and ISO/IEC 20000-1 together, or implement both ISO/IEC 27001 and ISO/IEC 20000-1 together;

d) implement ISO/IEC 20000-1, ISO 9001 and ISO/IEC 27001 together; or

e) integrate existing management systems based on ISO/IEC 20000-1, ISO 9001 and ISO/IEC 27001.

In practice, an SMS, QMS or ISMS can also be integrated with other management system standards (MSS), such as ISO 22301 or ISO 55001.

Clause 4 provides an introduction to ISO/IEC 20000-1, the HLS of MSS specified in ISO/IEC Directives Part 1 and considerations for the integration of an MSS.

Clause 5 provides an introduction to ISO 9001, commonalities and differences with ISO/IEC 20000-1 and considerations for the integration of an SMS with a QMS.

Clause 6 provides an introduction to ISO/IEC 27001, commonalities and differences with ISO/IEC 20000-1 and considerations for the integration of an SMS with an ISMS.

Clause 7 looks at considerations for the integration of an SMS, a QMS, and an ISMS.

This document also provides correlation information for the terms and definitions of ISO/IEC 20000-1 with ISO 9001 and ISO/IEC 27001 in Annex A. Correlation of the clauses of ISO/IEC 20000-1 with ISO 9001 is shown in Annex B. Correlation of the clauses of ISO/IEC 20000-1 with ISO/IEC 27001 is shown in Annex C.

ISO/IEC TR 20000-5:2013 includes advice for service providers on a suitable order in which to plan, implement and improve an SMS using, as an example, a generic three-phased approach to manage the implementation. The service provider can choose their own sequence to implement the SMS. Also included is advice on the development of a business case, the project initiation and other activities that are recommended for the implementation to be successful.

The phases described in ISO/IEC TR 20000-5:2013 do not include changes to the intended scope of the service provider's SMS. The scope itself is not subject to phased changes as a result of adopting the advice in ISO/IEC TR 20000-5:2013. Instead, each phase should improve the SMS in alignment with the service provider's agreed scope, building on the results of the previous phase.

The main activities for the development of the business case and initiation of the implementation project are shown. The main activities to implement the SMS based on ISO/IEC 20000-1:2011, in three phases, are listed. Many of the activities described in ISO/IEC TR 20000-5:2013 are intended to be met by actions over more than one phase, with each phase building upon the achievements of the earlier phase. Once the final phase is completed, the service provider's organization can achieve the benefits of an SMS that meets the requirements in ISO/IEC 20000-1:2011. Supporting information for the SMS implementation project is also provided.

Examples of policies to illustrate what a service provider can want to put in place are provided. Because policies depend on the organization and the strategy of the service provider, these example policies can be tailored to suit the organizational requirement.

Guidance on documentation management is provided, and templates are included for some of the documents specified in ISO/IEC 20000-1:2011 that can be amended to suit individual circumstances.

ISO/IEC TR 20000-5:2010 includes advice for service providers on a suitable order in which to plan and implement improvements. It is suggested that a generic three-phase approach is used to implement a service management system. The phased approach provides a structured framework to prioritize and manage the implementation activities.

ISO/IEC TR 20000-5:2010 includes advice on development of a business case, the start up project, and a list of the main activities required to implement ISO/IEC 20000-1 successfully for each phase. It also provides supporting information, advice and guidance that may be useful for the implementation project, including developing objectives, developing policies, document and record management and sample process documentation.

ISO/IEC TR 20000-5:2010 is for guidance only. The service provider has the option of choosing their own implementation sequence to implement a service management system.