Table Of Contentइंटरनेट मानक
Disclosure to Promote the Right To Information
Whereas the Parliament of India has set out to provide a practical regime of right to
information for citizens to secure access to information under the control of public authorities,
in order to promote transparency and accountability in the working of every public authority,
and whereas the attached publication of the Bureau of Indian Standards is of particular interest
to the public, particularly disadvantaged communities and those engaged in the pursuit of
education and knowledge, the attached public safety standard is made available to promote the
timely dissemination of this information in an accurate manner to the public.
“जान1 का अ+धकार, जी1 का अ+धकार” “प0रा1 को छोड न’ 5 तरफ”
Mazdoor Kisan Shakti Sangathan Jawaharlal Nehru
“The Right to Information, The Right to Live” “Step Out From the Old to the New”
IS/ISO/IEC 20000-2 (2005): Information technology - Service
management, Part 2: Code of practice [LITD 14: Software and
System Engineering]
“!ान $ एक न’ भारत का +नम-ण”
Satyanarayan Gangaram Pitroda
““IInnvveenntt aa NNeeww IInnddiiaa UUssiinngg KKnnoowwlleeddggee””
“!ान एक ऐसा खजाना > जो कभी च0राया नहB जा सकता हहहहै””ै”
Bhartṛhari—Nītiśatakam
“Knowledge is such a treasure which cannot be stolen”
IS/ISO/lEe 20000-2 :2005
rfJ
'1-fN 2J JfFiCj)
~~-~~cq
~2m~
Indian Standard
INFORMATION TECHNOLOGY - SERVICE
MANAGEMENT
PART2 CODEOF PRACTICE
ICS 03.080.99;35.020
©BIS2007
BUREAU OF INDIAN STANDARDS
MANAK BHAVAN, 9 BAHADUR SHAH ZAFAR MARG
NEW DELHI 110002
October2007 Price Group 11
SoftwareandSystemEngineering SectionalCommittee,LITO14
NATIONALFOREWORD
ThisIndianStandard(Part 2) which is identicalwith ISOIIEC 20000-2 : 2005 'Information technology
- Service management - Part 2: Code of practice' issued by the International Electrotechnical
Commission (IEC) and International Organization for Standardization (ISO) was adopted by the
Bureau of Indian Standards on the recommendations of the Software and System Engineering
SectionalCommitteeandapprovalof the Electronicsand InformationTechnology Division Council.
The text of ISOIIEC Standard has been approved as suitable for publication as an Indian Standard
withoutdeviations. Certain conventions are,however,not identicalto those used in Indian Standards.
Attentionisparticularlydrawn tothefollowing:
a) Whereverthewords 'International Standard' appear referring to this standard, they should
bereadas'Indian Standard'
b) Comma (,) has been used as a decimal marker, while in Indian Standards, the current
practiceisto useapoint(.)asthedecimal marker.
Inthis adopted standard, reference appears to the following International Standard for which Indian
Standardalsoexists. The corresponding Indian Standard,which is to be substituted in its respective
place,islistedbelowalong withitsdegreeofequivalence for theedition indicated:
InternationalStandard CorrespondingIndian Standard Degree of
Equivalence
ISOIIEC 20000-1 : 2005 Information ISIISOIIEC 20000-1 : 2005 Information Identical
technology - Service management - technology- Service management: Part
Part1:Specification 1Specification
,
IS/ISOIIEC 20000-2: 2005
Indian Standard
INFORMATION TECHNOLOGY - SERVICE
MANAGEMENT
PART 2 CODEOF PRACTICE
1 Scope
ThispartofISOIIEC20000represents anindustryconsensusonquality standardsforITservicemanagemeRt
processes. These service management processes deliver the best possible service to meet a customer's
business needs within agreed resource levels, i.e. service that is professional, cost-effective and with risks
whichareunderstood andmanaged.
Thevarietyofterms usedforthe sameprocess,andbetweenprocesses andfunctionalgroups(andjobtitles)
can make the subject of service management confusing to the new manager. Failure to understand the
terminology can be a barrier to establishing effective processes.Understanding the terminology isa tangible
and significant benefit from ISOIIEC20000. This part of ISO/IEC20000 recommends that service providers
should adopt common terminology and a more consistent approach to service management. It gives a
common basis for improvements in services. It also provides a framework for use by suppliers of service
managementtools.
As a process based standard this code of practice is not intended for product assessment. However,
organizations developing service management tools, products and systems may use both the specification
andthecode of practice to help them develop tools,products andsystems that support bestpracticeservice
management.
Thispartof ISO/IEC20000 provides guidance toauditors andoffers assistance to serviceprovidersplannmg
serviceimprovements ortobeauditedagainstISOIIEC20000-1.
ISO/IEC20000-1 specifiesanumberofrelatedservicemanagementprocessesasshowninFigure1
ServiceDeliveryProcesses
Informationsecurity
CapacityManagement ServiceLevelManagement
Management
ServiceContinuityand ServiceReporting Budgetingand
Availability Accounting
Management forITservices
Control Processes
ConfigurationManagement
Release ~hangeManagem~ Relationship
Processes Resolution Processes
Processes BusinessRelationship
ReleaseManagement Management
IncidentManagement
SupplierManagement
ProblemManagement
Figure1- Servicemanagementprocesses
1
isnsonec 20000-2: 2005
2 Tennsanddefinitions
Forthepurposesofthisdocument,thetermsanddefinitionsgiveninISOIIEe20000-1 apply.
3 Themanagementsystem
Objective: To provide a management system, including policies and a framework to enable the effective
managementandimplementationofallITservices.
3.1 Management responsibility
The roleof managementin ensuring best practice processes are adopted and sustained is fundamental for
anyserviceprovidertomeettherequirements ofISOIIEe 20000-1.
To ensure commitment an owner at senior level should be identified as being responsible for service
management plans. This senior responsible owner should be accountable for the overall delivery of the
servicemanagementplan.
Theseniorresponsibleowner's role should encompass resourcing for any continual or project based service
improvementactivities.
The senior responsible owner should be supported by a decision-taking group with sufficient authority to
definepolicyandtoenforceitsdecisions.
3.2 Documentation requirements
The seniorresponsible owner should ensure that evidence is available for an audit of service management
policies,plansandprocedures,andanyactivitiesrelatedtothese.
Muchoftheevidenceofservice management planningand operations should exist inthe form ofdocuments,
whichmaybeanytype,formormediumsuitablefortheirpurpose.
Thefollowingdocumentsarenormally consideredsuitableasevidence ofservicemanagementplanning.
a) policiesandplans;
b) servicedocumentation;
c) procedures;
d) processes;
e) processcontrolrecords.
There should be a process for the creation and management of documents to help ensure that the
characteristicsdescribedaremet.
Documentation should be protected from damage due, for example. to poor environmental conditions and
computerdisasters.
2
ISIISOIIEC 20000-2: 2005
3.3 Competence, awarenessand training
3.3.1 General
Personnel performing work within service management should be competent on the basis of appropriate
education,training,skills,andexperience.
Theserviceprovidershould:
a) determinethenecessarycompetenceforeachroleinservicemanagement;
b) ensure that personnel are aware of the relevance and importance of their activities within the wider
businesscontextandhowtheycontributetotheachievementofqualityobjectives;
c) maintainappropriate recordsofeducation,training,skillsandexperience;
d) providetrainingortakeotheractiontosatisfytheseneeds;
e) evaluatetheeffectiveness oftheactionstaken.
3.3.2 Professionaldevelopment
Theserviceprovidershoulddevelop andenhancetheprofessionalcompetence oftheirworkforce.Amongthe
measurestakentoachievethis,theserviceprovidershouldaddressthefollowing:
a) recruitment: with the objective of checking the validity of job applicants' details (including their
professional qualifications) and identifying applicants' strengths, weaknesses and potential capabilities,
againstajobdescription/profile,servicemanagementtargetsandoverallservicequalityobjectives;
b) planning: with the objective of staffing of new or expanded services (also contracting services),using
newtechnology,assigning service managementstafftodevelopment projectteams,successionplanning
andfillingothergapsduetoanticipatedstaffturnover;
c) training and development: withtheobjective ofidentifyingtraining anddevelopment requirementsasa
traininganddevelopment planandprovidingfortimelyandeffectivedelivery.
Staff shouldbe trained in the relevant aspects of service management (e.g.via training courses, self study,
mentoring and on the job training) and their team-working and leadership skills should be developed. A
chronological training record should be maintained for each individual, together with descriptions of the
trainingprovided.
3.3.3 Approachesto beconsidered
Inorder to achieve teams of staff with appropriate levels of competence the service provider shoulddecide
on the optimum mix of short term and permanent recruits. The service provider should also decide on the
optimummixofnewstaffwiththe skillsrequiredandre-trainingofexisting staff.
NOTE Theoptimum balance ofshortterm andpermanentrecruits isparticularly importantwhen theservice provider is
planninghowtoprovideaserviceduringandaftermajorchangestothenumberandskillsofthesupportstaff.
Factorsthatshouldbeconsideredwhenestablishingthemostsuitablecombination ofapproachesinclude:
a) shortorlongterm natureofneworchangedcompetencies;
b) rateofchangeintheskillsandcompetencies;
c) expectedpeaks and troughs in theworkload and skills mixrequired, based on service managementand
serviceimprovement planning;
3
Isnsonec 20000-2: 2005
d) availabilityofsuitablycompetent staff;
e) staffturnoverrates;
f} trainingplans.
For all staff, the service provider should review each individual's performance at least annually and take
appropriateaction.
4 Planningandimplementing service management
4.1 Planservice management(Plan)
Objective:Toplantheimplementationanddelivery ofservice management.
4.1.1 Scopeofservicemanagement
Thescopeofservicemanagement shouldbedefinedaspartofthe service managementplan.
Forexample.itmaybedefined by
a} organization:
b) location;
c) service.
Managementshoulddefinethe scope as partoftheir management responsibilities (and as partofthe service
managementplan).Thescope shouldthenbe checkedforSUitabilityunder ISO/lEG20000-1.
NOTE Planningforoperational changes isdescribed in9.2.
4.1.2 Planningapproaches
Multipleservicemanagement plans may be used inplace ofone large plan or programme.VVhere this isthe
casethe underlying service management processes should be consistent with each other. Itshould also be
possibletodemonstrate how each planning requirement is managed by linking it to the corresponding roles,
responsibilitiesandprocedures.
Service management planning should form part of the process for translating customers' requirements and
seniormanagementintentionsinto services, andforproviding aroutemap fordirectingprogress.
Aservicemanagementplanshould encompass:
a) implementationofservicemanagement(orpartofservice management);
b) deliveryofservicemanagement processes;
c) changestoservicemanagementprocesses;
d) improvementsto servicemanagementprocesses;
e) newservices(totheextentthat they affectprocesseswithin theagreed scopeof service management).
4
isnsonec 20000-2: 2005
4.1.3 Eventstobe considered
T~e service management plan should caterfor servicemanagementprocess and servicechangestriggered
byeventssuchas:
a) serviceimprovement;
b) servicechanges;
c) infrastructurestandardization;
d) changestolegislation;
e) regulatorychanges,e.g.localtaxratechanges;
f) deregulationorregulationofindustries;
g) mergersandacquisitions.
4.1.4 Scope and contents ofthe plan
Aservicemanagementplanshoulddefine:
a) thescopeoftheserviceprovider'sservicemanagement;
b) theobjectivesandrequirementsthataretobeachievedbyservicemanagement;
c) theresources,facilitiesandbudqetsnecessarytoachievethedefinedobjectives;
d) theframework ofmanagementroles andresponsibilities,includingthe seniorresponsibleowner,process
ownersandmanagementofsuppliers;
e) the interfaces between service management processes and the manner in which the activities and/or
processesaretobeco-ordinated;
f) the approach to betaken in identifying, assessingand managingissues and risks tothe achievementof
thedefinedobjectives;
g) a resource schedule expressed in terms of the dates on which funds, skills, and resources should be
available;
h) theapproachtochangingtheplanandtheservicedefinedbytheplan;
i) howtheserviceproviderwilldemonstratecontinuingqualitycontrol(e.g.interimaudits);
j) theprocessesthataretobeexecuted;
k) toolsasappropriatetosupporttheprocesses.
5
