CAN/CSA-ISO/IEC 20000-2:13 (R2017)

1 Scope 1.1 General This part of ISO/IEC 20000 provides guidance on the application of an SMS based on ISO/IEC 20000-1. This part of ISO/IEC 20000 provides examples and suggestions to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards. This part of ISO/IEC 20000 is independent of specific best practice frameworks and the service provider can apply a combination of generally accepted guidance and their own techniques. Figure 2 shows the processes from Clauses 6 to 9 in the central box. The Clause 5 design and transition of new or changed services process surrounds the Clause 6 to 9 processes. This shows that the new or changed services are operated by the processes in the central box. When there are no new or changed services to which Clause 5 applies, all services can be delivered directly by Clauses 6 to 9. The interfaces between the service management processes and the relationships between different components of the SMS may be implemented differently by different service providers. The nature of the relationship between the service provider and the customer can also influence how the SMS is implemented to fulfil the requirements of ISO/IEC 20000-1. For these reasons the interfaces between processes are not represented in Figure 2. 1.2 Application The service provider is accountable for the SMS and therefore cannot ask another party to fulfil the requirements of Clause 4 of ISO/IEC 20000-1:2011. For example, the service provider cannot ask another party to provide the top management and demonstrate top management commitment or to demonstrate the governance of processes operated by other parties. Some activities in Clause 4 may be performed by another party under the management of the service provider. For example, service providers can engage other parties to conduct internal audits on their behalf. Another example is where a service provider asks another party to create the initial service management plan. The plan, once created and agreed, is the direct responsibility of and is maintained by the service provider. In these examples, the service provider is using other parties for specific short-term activities. The service provider has accountability, authorities and responsibilities for the SMS. The service provider can therefore demonstrate evidence of fulfilling all of the requirements of Clause 4 of ISO/IEC 20000-1:2011. The service provider can show evidence of fulfilling all requirements directly or can show evidence of fulfilling most of the requirements directly as well as the governance of processes operated by other parties. If the service provider relies on other parties for operation of the majority of the processes in Clauses 5 to 9, the service provider is unlikely to be able to demonstrate governance of the processes. However, if other parties operate only a minority of the processes, the service provider can normally fulfil the requirements specified in ISO/IEC 20000-1. The defined, agreed and documented accountability, authorities and responsibilities for the SMS are readily accessible to both the service provider and other relevant parties. To fulfil the requirements of ISO/IEC 20000-1 the service provider can agree changes to the terms of existing contracts or other documented agreements. ISO/IEC 20000 excludes the specification of, or specific guidance about, any product or tool. However, organizations can use this part of ISO/IEC 20000 to help them use or develop products or tools that support operation of the SMS.