8/11/2019 Documents for ISO 20000

1/3

Policies

Service management policy (4.1.1, 4.1.2) Policy on continual improvement of the SMS and the services (4.5.5.1) Budgeting and accounting policies (6.4)

Information security policy (6.6) Change management policy (9.2) Release management policy (9.3)

Plans

Service management plan (4.1.1, 4.5.2) Service continuity plan (6.3.2) Availability plan (6.3.2) Capacity plan (6.5)

Objectives of internal audits and management reviews (4.5.4.1) Audit program (4.5.5.2 Plan to implement an improvement (4.5.5.2) New or changed service plan (5.2) [for removal of service, a removal plan] Release plan (9.3)

Procedures

Clause 4.3.1 requires documented service management processes. The required processes arethose in Clauses 5 to 9. There are also processes in clause 4 which require a documenteddescription e.g. resource management, documentation management.

Clause 4.3.1 also requires documented procedures required by this part of ISO/IEC 20000. Therequired procedures are:

Communication procedures Control of documents Control of records Internal audit procedure planning and conducting internal audits Management of improvements Procedures to be used for the delivery of new or changed services Procedures to support the budgeting and accounting for services process

Procedures to be implemented in the event of a major loss of service as part of the servicecontinuity plan

Procedures to enable predictive analysis of capacity Managing service complaints Managing contractual disputes Incident management procedure managing incidents from recording to closure, managing

major incidents

8/11/2019 Documents for ISO 20000

2/3

Managing the fulfillment of service requests from recording to closure Problem management procedure identifying problems and minimizing or avoiding the impact

of incidents and problems Configuration management procedure recording, controlling and tracking configuration items Change request procedure recording, classifying, assessing and approving requests for change Emergency change request procedure managing emergency changes Managing emergency release procedure

Definitions

There are a few documented definitions required. These are as follows: Service complaint (7.1), this is often defined in the SLA Major incident (8.1), this is often defined in the SLA Types of CI (9.1), this is usually defined in the configuration management process

Other Key Documents

Service requirements (4.1.4) Catalogue of services (4.3.1, 6.1) Service level agreements (4.3.2, 6.1) Documented agreements (6.1), This applies specifically to agreements between internal groups

or customers acting as suppliers that are providing some service components or operating aprocess or part of a process. These can be known as operational level agreements (OLAs)

Description of each service report, including its identity, purpose, audience, frequency anddetails of the data source(s) (6.2)

Risks to service continuity and availability of services (6.3.1) Opportunities for improvement, including corrective and preventive actions (4.5.5.1) Design of new or changed services (5.3) for each new or changed service Information security controls including the risks to which they relate (6.6.2) and those controls

for external organizations (6.6.3) Customers, users and interested parties of the services (7.1) Supplier contracts (7.2) Roles of, and relationships between, lead and sub-contracted suppliers (7.2)

Records

Records are required to enable control and provide evidence of conformity to the requirements of thestandard (4.3.1). Records can be paper based or kept on tools. Examples of records are minutes ofmanagement review meetings, incident records on a service desk tool and service reports.

Other possible documents

Clause 4.3.1 also refers to additional documents, including those of e xternal origin, determined by theservice provider as necessary to ensure effective operation of the SMS and delivery of the services.

8/11/2019 Documents for ISO 20000

3/3

Examples of such documents are user manuals from a software tool vendor or the ISO/IEC 20000standard itself.