ISO/IEC TR 20000-12:2016

TECHNICAL ISO/IEC TR
REPORT 20000-12
First edition
Information technology — IT Service
management —
Part 12:
Guidance on the relationship between
ISO/IEC 20000-1:2011 and service
management frameworks: CMMI-SVC
Technologies de l’information — Gestion des services —
Partie 12: Directives sur la relation entre l’ISO/IEC 20000-1:2011 et
les cadres de management du service: CMMI-SVC
PROOF/ÉPREUVE
Reference number
©
ISO/IEC 2016
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Use of ISO/IEC 20000-1:2011 and CMMI-SVC . 2
4.1 Introduction to ISO/IEC 20000-1:2011 . 2
4.2 Introduction to CMMI-SVC . 4
4.3 Relationships between ISO/IEC 20000-1:2011 and CMMI-SVC . 6
5 Correlation of CMMI-SVC to ISO/IEC 20000-1:2011 . 6
Annex A (informative) Correlation of ISO/IEC 20000-1:2011 to CMMI-SVC — Terms
and definitions .15
Annex B (informative) Summary correlation of ISO/IEC 20000-1:2011 to CMMI-SVC .28
Bibliography .31
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 40, IT Service
Management and IT Governance.
A list of all parts in the ISO/IEC 20000 series can be found on the ISO website.
iv PROOF/ÉPREUVE © ISO/IEC 2016 – All rights reserved

Introduction
This document can assist readers in relating the requirements specified in ISO/IEC 20000-1:2011 to
supporting text in one of the most commonly used service management frameworks, CMMI-SVC.
Service providers can refer to this guidance as a cross-reference between the two documents to help
them to plan and implement a service management system (SMS).
ISO/IEC 20000-1:2011 is the International Standard for service management and specifies requirements
that can be used as the basis of a conformity assessment. ISO/IEC 20000-1:2011 can be used in different
ways, including:
a) as a source of requirements for service providers on the design, transition, delivery and
improvement of services and service management capabilities;
b) to establish a consistent approach for an organization to use with all of its service providers,
including those in its supply chain;
c) as an unbiased basis to assess, measure and report service delivery and management capabilities
including performance of specific service management processes;
d) as a set of criteria for audit and assessment of a service provider’s SMS, including service
management processes.
ISO/IEC 20000-1:2011 specifies an integrated process approach when the service provider plans,
establishes, implements, operates, monitors, reviews, maintains and improves an SMS. The services can
be delivered to internal or external customers.
In ISO/IEC 20000-1:2011, a service is defined as a means of delivering value for the customer by
facilitating results that the customer wants to achieve. The definition further notes that a service is
generally intangible and that a service can also be delivered to the service provider by a supplier, an
internal group or a customer acting as a supplier.
The Capability Maturity Model Integration for Services (CMMI-SVC) draws on concepts and practices
from other CMMI models and other service-focused frameworks and models. The CMMI-SVC model
covers the activities required to establish, deliver, and manage services. As defined in the CMMI
context, a service is an intangible, non-storable product. The CMMI-SVC model has been developed to be
compatible with this broad definition.
Service providers can implement and improve the SMS using the requirements specified in
ISO/IEC 20000-1, the guidance in the other parts of the ISO/IEC 20000 series and CMMI-SVC. Both the
ISO/IEC 20000 series and CMMI-SVC provide guidance to identify, plan, design, deliver, and improve
services that deliver value to the business and its customers.
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE v

TECHNICAL REPORT ISO/IEC TR 20000-12:2016(E)
Information technology — IT Service management —
Part 12:
Guidance on the relationship between ISO/IEC 20000-
1:2011 and service management frameworks: CMMI-SVC
1 Scope
This document provides guidance on the relationship between ISO/IEC 20000-1:2011 and CMMI-SVC
V1.3 (through Maturity Level 3). Service providers can refer to this guidance as a cross-reference
between the two documents to help them to plan and implement an SMS. An organization employing
the practices in the indicated CMMI-SVC process areas can conform to many of the associated
ISO/IEC 20000-1 requirements.
The guidance in Clause 4 describes how CMMI-SVC can support the demonstration of conformity to
ISO/IEC 20000-1:2011. A description of the purpose and content of both publications in 4.1 and 4.2 is
followed by Clause 5, which relates process areas in CMMI-SVC to clauses in ISO/IEC 20000-1:2011. The
tables in Annexes A and B relate terms, clauses, and paragraphs in ISO/IEC 20000-1:2011 to CMMI-
SVC. Table B.1 is a simplified summary of the correlation seen in Table 3 for those readers who want an
overview. The tables indicate those aspects of ISO/IEC 20000-1:2011 and CMMI-SVC that represent the
greatest link between the two sets of documents, from the perspective of a service provider.
This document can be used by any organization or person who wishes to understand how CMMI-SVC
can be used with ISO/IEC 20000-1:2011, including the following:
a) a service provider that intends to demonstrate conformity to the requirements of ISO/IEC 20000-
1:2011 and is seeking guidance on the use of CMMI-SVC to establish and maintain the SMS and the
services;
b) a service provider that has demonstrated conformity to the requirements of ISO/IEC 20000-1:2011
and is seeking guidance on ways to use CMMI-SVC to improve the SMS and the services;
c) a service provider that already uses CMMI-SVC and is seeking guidance on how CMMI-SVC
can be used to support efforts to demonstrate conformity to the requirements specified in
ISO/IEC 20000-1:2011;
d) an appraiser or assessor who wishes to understand the use of CMMI-SVC as support for the
requirements specified in ISO/IEC 20000-1:2011.
This document can also be used with the other parts of the ISO/IEC 20000 series.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management
system requirements
© ISO/IEC 2016 – All rights reserved PROOF/ÉPREUVE 1

3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 20000-1:2011 and
ISO/IEC/TR 20000-10:2015 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
4 Use of ISO/IEC 20000-1:2011 and CMMI-SVC
4.1 Introduction to ISO/IEC 20000-1:2011
ISO/IEC 20000-1:2011 specifies the general requirements for an SMS in Clause 4. In
ISO/IEC 20000-1:2011, Clauses 5 to 9, it specifies the service management processes, as shown in
Table 1.
Table 1 — Service management processes in ISO/IEC 20000-1:2011
Process group Clause Process
— 5 Design and transition of new or changed services
Service level management
Service reporting
Service continuity and availability management
Service delivery processes 6
Budgeting and accounting for services
Capacity management
Information security management
Business relationship management
Relationship processes 7
Supplier management
Incident and service request management
Resolution processes 8
Problem management
Configuration management
Control processes 9 Change management
Release and deployment management
ISO/IEC 20000-1:2011 requires the application of the methodology known as “Plan–Do–Check–Act”
(PDCA) to all parts of the SMS and the services. Figure 1 illustrates how the PDCA methodology can
be applied to the SMS, including the service management processes specified in ISO/IEC 20000-1:2011,
Clauses 5 to 9 and the services. The PDCA methodology can be briefly described as follows:
Plan: establishing, documenting and agreeing the SMS. The SMS includes the policies, objectives, plans
and processes to fulfil the service requirements.
Do: implementing and operating the SMS for the design, transition, delivery and improvement of the
services.
Check: monitoring, measuring and reviewing the SMS and the services against the policies, objectives,
plans and service requirements and reporting the results.
Act: taking actions to continually improve performance of the SMS and the services.
2 PROOF/ÉPREUVE © ISO/IEC 2016 – All rights reserved

Plan
Service
management
system
Service
management
processes
Do Act
Services
Check
Figure 1 — PDCA methodology applied to service management
Figure 2 illustrates an SMS, including the service management processes. The service management
processes and the interfaces between the processes can be implemented in different ways by different
service providers. The nature of the relationship between a service provider and the customer, the
service management objectives, and the scope of the SMS will influence how the service management
processes are implemented.
Figure 2 — Service management system
ISO/IEC 20000-1:2011 supports the integration of an SMS with other management systems in the service
provider’s organization. The adoption of an integrated process approach
...