UNE-ISO/IEC 20000-2:2023

1.1 General

This document provides guidance on the application of an SMS based on ISO/IEC 20000-1. It provides examples and recommendations with examples to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards.



Figure 1 illustrates an SMS with the clause content of ISO/IEC 20000-1. It does not represent a structural hierarchy, sequence, or authority levels. It shows that the guidance for Clause 8, Operation of the SMS, has been split into sub-clauses to reflect the service lifecycle.



The structure of clauses is intended to provide a coherent presentation of requirements, rather than a model for documenting an organization s policies, objectives, and processes. Each organization can choose how to combine the requirements into processes. The relationship between each organization and its customers, users, and other interested parties influences how the processes are implemented. However, an SMS as designed by an organization cannot exclude any of the requirements specified in ISO/IEC 20000-1.



The term service as used in this document refers to the services in the scope of the SMS. The term organization as used in this document refers to the organization in the scope of the SMS. The organization manages and delivers services to customers and can also be referred to as a service provider. Any use of the terms service or organization with a different intent is distinguished clearly in this document. It should be noted that the organization in the scope of the SMS can be part of a larger organization, for example an IT department of a large corporation. The term delivered , as used in this document, can be interpreted as all of the service lifecycle activities that are performed in addition to daily operational activities. Service lifecycle activities include planning, design, transition, and improvement.



1.2 Application

The guidance in this document is generic and is intended to be applicable to any organization applying an SMS, regardless of the organization's type or size, or the nature of the services delivered.



The service provider is accountable for the SMS and therefore cannot ask another party to fulfill the requirements of Clauses 4 and 5 of ISO/IEC 20000-1. For example, the organization cannot ask another party to provide the top management and demonstrate top management commitment or to demonstrate the control of parties involved in the service lifecycle.



Some activities in Clauses 4 and 5 may be performed by another party under the management of the organization. For example, organizations can engage other parties to conduct internal audits on their behalf. Another example is when an organization asks another party to create the initial service management plan. The plan, once created and agreed, is the direct responsibility of and is maintained by the organization. In these examples, the organization is using other parties for specific short-term activities. The organization has accountability, authorities, and responsibilities for the SMS. The organization can therefore demonstrate evidence of fulfilling all of the requirements of Clauses 4 and 5 of ISO/IEC 20000-1.



For clauses 6 10 of ISO/IEC 20000-1, an organization can show evidence of meeting all of the requirements itself. Alternatively, an organization can show evidence of retaining accountability for the requirements when other parties are involved in meeting the requirements in Clauses 6 to 10 of ISO/IEC 20000-1. Control of other parties involved in the service lifecycle should be demonstrated by the organization (see 8.2.3). For example, the organization can demonstrate evidence of controls for another party who is providing infrastructure service components or operating the service desk including the incident management process.



The organization cannot demonstrate conformity to the requirements in ISO/IEC 20000-1 if other parties are used to provide or operate all services, service components or processes within the scope of the SMS. However, if other parties provide or operate only some of the services, service components, or processes, the organization can normally demonstrate evidence of meeting the requirements specified in ISO/IEC 20000-1.



The scope of this document excludes the specification of products or tools. However, ISO/IEC 20000-1 and this document can be used to help with the development or acquisition of products or tools that support the operation of an SMS.