You are on page 1of 24

Required ISO 20000 Documents

Document Type

General
requirement

Plans and
Procedures
(System level)

Service Level
Management

Service Reporting

Business
Continuity

Budgeting &
Accounting

Capacity and
Availability

Information
Security

Business
Relationship

Supplier
Management
Incident
Management
Problem
Management

Configuration
Management

Change

Release

misc.

System Roles

System Roles

not at draft stage


approximately 50% (rough draft only)
60 - 80 % (developed draft, with limited records)
90 % + (limited revisions required)

Required ISO 20000 Documents


Documentation ISO 20000

ITSM Risk Management (included in Service


Management Plan)
Risk Assessment
Service Management and Improvement Policy

ISO 20000
clause

3.1
3.1
3.1 a, 4.4.1

Document Control Procedure

3.2

Competence, Awareness, Training

3.3

Service Management Plan

4.1

Management Review Plan

4.3

Audit Program

4.3

Audit Procedure

4.3

Corrective and Preventative Action Procedure

4.3

Corrective and Preventative Action Record

4.4

Service Improvement Procedure

4.4.2

Service Improvement Record

4.4.2

New and Changed Services Implementation Plan

Service Level Management Procedure

6.1

Service Level Agreements

6.1

Standard Service Support Reference


Customer Handbook

6.1
6.1

Service Reporting Procedure


Service Report Summary Record
Business plan
Business Continuity Policy

6.2

Business Continuity Framework Document (ISD)

6.3

Business Continuity Plans

6.3

Business Impact Analysis

6.3

Business Continuity Risk Assessment

6.3

Business Continuity Test Procedure

6.3

Business Continuity Test Record


Budgeting & Accounting Policy

6.3

Budgeting & Acccounting Procedure

6.4

Budget Approval Form and Records

6.4

Summary Performance Reporting

6.4

Capacity / Availability Management Procedure

6.4

Capacity Plan
Capacity / Availability Records
Capacity / Availability Reporting

6.5

Information Security Policy

6.6

Information Security Management System (27001)

6.5

Security Incident Investigation Procedure

6.6

Security Control Records


Security Risk Assessment
Security Incident Reporting

6.6

Complaints process

7.2

Customer Feedback process (QMS elements)

7.2

Business Relationship Management Procedure

7.2

Customer Service Review Records

7.2

6.2
6.3
6.3

6.4

6.5
6.3

6.6
6.6

Supplier Management Procedure


Legal Procedure
Supplier Contracts and SLA's
Supplier Review Records
Incident Management Procedure
Incident Report Record
Incident Records
Incident Reporting
Problem Management Procedure
Problem Records (functions as known error
database)
Configuration Policy
Configuration Management Plan

7.3

Configuration Management Procedure

9.1

Configuration Audit Procedure

9.1

Configuration Management Database

9.1

Configuration Audit Results


Change Policy

9.1

9.2

Change Management Procedure

9.2

Change Records
List of Routine Changes
CAB Meeting Minutes
Change Schedule
Release Policy
Release Plan Record

9.2

7.3
7.3
7.3
8.2
8.2
8.2
8.2
8.3
8.3
9.1
9.1

9.2
9.2
9.2

10.1
10.1

Release Management Procedure

10.1

Release Detail Records

10.1

Management System Integration

N/A

Senior system owner


Management representative
Business relationship manager
Supplier process manager
Service level process manager
Security manager

3.1
3.1
7.2
7.3

Finance manager
Business Continuity manager
Capacity manager
Change process owner
Service Reporting process mgr.
Configuration process manager
Release process owner
Incident process manager
Problem process manager

ISO 20000 System Map


ISO System Mapping and Ownership
ISO 9001 or ISO 27001 clause

ISO 27001 Establish the ISMS 4.2.1

ISO 9001 Control of Documents and


Records 4.2.2, 4.2.3; ISO 27001 4.3.2 and
4.3.3
ISO 9001 (same) 6.2.2; ISO 27001 (same)
5.2.2
ISO 9001 Management Review 9.6; ISO
27001 Review 7
ISO 9001 Audit Requirements 8.2.2; ISO
27001 Audit Controls control 15.3.1
ISO 9001 Internal Audit 8.2.2; ISO 27001 6

ISO 9001 8.5.1 Continual Improvement;


ISO 27001 (same) 8.1
ISO 9001 8.5.1 Continual Improvement;
ISO 27001 (same) 8.1

Department Ownership

ISO 27001 Business Continuity controls A


14.1.1 - 14.1.5
ISO 27001 Business Continuity Planning
controls 14.1.3, 14.1.4

ISO 27001 Capacity Management control A


10.3.1

ISO 27001 4.2.1 Establish the ISMS; control


A 5.1.1

ISO 27001 Incident Responsibilities and


Procedures control A 13.2.1

ISO 9001 Customer Communication 7.2.3


ISO 9001 Customer Satisfaction 8.2.1

ISO 27001 Change Management control A


10.1.2; Change Control Procedure A 12.5.1

ISO 27001 System acceptance control A


10.3.2
ISO 9001 Compatability with other
management systems 0.4; ISO 27001
(same) 0.3

stem Map
Company Reference Document

Department Fu

(records relate to primary content coverag

drafted by:
record date:

Department Functional Scope

primary content coverage; other docs to responsibility to generate)

Remarks