You are on page 1of 15

The Foundation Examination

Rationale

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG). This document is not to be re-produced or re-sold without
express permission from The APM Group Ltd.
ITIL is a registered trade mark of AXELOS Limited.
Permission to reproduce extracts from BS ISO/IEC 20000 is granted by BSI.
ISO/IEC 200002012-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

OV01.1 - Overview of ISO 20000, related best practices, standards and schemes
D

a)

Part 1 is a standard that specifies requirements; it does not provide guidance because
all requirements are mandatory. Part 5 provides guidance on how to implement an SMS.
Ref. PG 1.1 (or APMG 20k supp.2)

b)

ISO/IEC 20000 Part 2 describes the best practices for service management processes
within the scope of Part 1. Ref. 2PG 1.1 (or APMG 20k supp.2)

c)

Part 1 is a standard that specifies requirements; it does not provide guidance because
all requirements are mandatory. Ref. PG 1.1 (or APMG 20k supp.2)

d)

This is the description provided in the scope section of ISO/IEC 20000 Part 1. ISO/IEC
20000-1, 1.1 para 1

OV02.3 - Overview of ISO 20000, related best practices, standards and schemes
B

a)

ITIL was first published in the late 80s and as such pre-existed ISO/IEC 20000 (and BS
15000) by many years and so could not be based on ISO/IEC 20000. Although they
are related, neither ITIL nor ISO/IEC 20000 was based on the other. Ref. PG 3.5 pap 2
(or APMG 20k supp 6.2 para 1)

b)

ITIL provides best practice advice for IT service management, whereas ISO/IEC 20000
specifies requirements for a service management system. Ref. PG 3.5 table row 1 (or
APMG 20k supp. 6.2)

c)

ITIL is independent of ISO/IEC 20000. Neither is contained in, or is a subset of, the
other. Ref. PG 3.5 para 2 (or APMG 20k supp 6.2 para 1)

d)

They are related however ITIL does not contain a service management system. Ref. PG
3.5 table row 7 (or APMG 20k supp. 6.2)

OV01.4 - Overview of ISO 20000, related best practices, standards and schemes
A
a)

The part 1 introduction explains how the use of PDCA and an integrated process
approach enables integrated management systems ISO/IEC 20000-1, Introduction

b)

Although a service provider could be certified against all three, it is not necessary in
ensuring an effective IT service management system. The certification scheme does not
demand this. APMG 15/015

c)

ISO 9001 applies to quality management and ISO/IEC 27001 applies to information
security management. They could be used in some parts of an IT service provider
organization. There is nothing in the standard to tell us this is true. ISO/IEC 20000-1,
Introduction

d)

ISO 9001 is not mainly concerned with customer complaints, it is a general quality
management system standard. There is nothing in the standard to tell us this is true.
ISO/IEC 20000-1, Introduction

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

OV02.5 - Overview of ISO 20000, related best practices, standards and schemes
C

a)

RCBs must not give advice and guidance to a service provider as it would compromise
their independence during an audit. Ref. PG 2.3 (or APMG 20k supp. 4.2)

b)

Although the RCB would assess staff competence, it is not their main role, neither is it a
requirement for staff to be certified in ITIL. Ref. PG 2.3 (or APMG 20k supp. 4.2)

c)

RCBs assess the IT service provider against Part 1 of the standard to determine
conformance. Ref. PG 2.3 (or APMG 20k supp. 4.2)

d)

The administrator of the Certification Scheme does not engage RCBs and the RCB role
is to assess conformity. The administrator of the Certification Scheme is not told of any
non-conformities. Ref. PG 2.3 (or APMG 20k supp. 4.2)

OV02.4 - Overview of ISO 20000, related best practices, standards and schemes
D

a)

Information is held in the form of documents and records. Documents give evidence of
intentions, whereas records are evidence of activities. The service continuity plan is an
example of a document, not a record. ISO/IEC 20000-1, 3.8 and 3.22

b)

Information is held in the form of documents and records. Documents give evidence of
intentions, whereas records are evidence of activities. The capacity plan is an example
of document, not a record. ISO/IEC 20000-1, 3.8 and 3.22

c)

Information is held in the form of documents and records. Documents give evidence of
intentions, whereas records are evidence of activities. A service level agreement is an
example of a document, not a record. ISO/IEC 20000-1, 3.8 and 3.22

d)

Information is held in the form of documents and records. Documents give evidence of
intentions, whereas records are evidence of activities. A service report is an example of
a record. ISO/IEC 20000-1, 3.8 and 3.22

OV01.5 - Overview of ISO 20000, related best practices, standards and schemes
D
a)

This defines an independent Registered Certification Body. Ref. PG 2.3 (or APMG 20k
supp. 4.2)

b)

This is the definition of a customer ISO/IEC 20000-1, 3.7

c)

This refers to an external organization giving advice to a service provider. Ref. PG 2.3 (or
APMG 20k supp. 4.2)

d)

This is the definition of a service provider. ISO/IEC 20000-1, 3.32

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

MS01.3 - Service Management System General Requirements


A

a)

The Deming Cycle is the common name for the Plan/Do/Check/Act methodology. Ref.
PG 3.2 (or APMG 20k supp. 3.2)

b)

The supply chain is the name for relationships between customers, the service provider
and suppliers. ISO/IEC 20000-1, figure 3

c)

The 4-step improvement methodology is a name which does not exist although the
PDCA cycle may be described in this way. Ref. PG 3.2 (or APMG 20k supp. 3.2)

d)

ISO 9001 is a quality management system standard. ISO/IEC 20000-1, Introduction

MS02.7 - Service Management System General Requirements


C

a)

There shall be a policy on continual improvement of both the SMS and services.
ISO/IEC 20000-1, 4.5.5.1

b)

There shall be a policy on continual improvement of both the SMS and services. ISO/IEC
20000-1, 4.5.5.1

c)

There shall be a policy on continual improvement of the SMS and services. ISO/IEC
20000-1, 4.5.5.1

d)

There are requirements that there shall be a policy on continual improvement of both the
SMS and services. ISO/IEC 20000-1, 4.5.5.1

OV02.2 - Overview of ISO 20000, related best practices, standards and schemes
B
a)

Incorrect because there are no guarantees stated within ISO/IEC 20000. ISO/IEC
20000-1, 1

b)

ISO/IEC 20000 Part 1 specifies the requirements for the service provider to plan,
establish, implement, operate, monitor, review maintain and improve an SMS. ISO/IEC
20000-1, 1

c)

ISO/IEC 20000 specifies the WHAT, not the HOW. IT does not refer to anything being
the best approach. ISO/IEC 20000-1, 1

d)

Part 1 specifies minimum requirements, not a level of quality to aspire to and does not
state that it is a quality benchmark. ISO/IEC 20000-1, 1

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

10

MS02.6 - Service Management System General Requirements


D

11

a)

The Registered Certification Body audits a service provider who wishes to be certified
under the APMG International ISO/IEC 20000 Certification Scheme. There is a specific
requirement for top management to conduct reviews. ISO/IEC 20000-1, 4.5.4.3

b)

There is a specific requirement for top management to conduct reviews. ISO/IEC 200001, 4.5.4.3

c)

The standard does not state that a consultancy organization shall review the service
management but is specific that top management shall conduct reviews. ISO/IEC
20000-1, 4.5.4.3

d)

Top management shall review the SMS and services at planned intervals. ISO/IEC
20000-1, 4.5.4.3

NC01.1 - Design and Transition of Services, Resolution and Control Processes


A

12

a)

This describes the objective of clause 5, design and transition of new or changed
Services. Ref. PG 1.2 (or APMG 20k supp. 3.4)

b)

This only covers part of the overall process. It is performed as part of change
management. It is not the objective. Ref. PG 1.2 (or APMG 20k supp 3.4)

c)

This only covers part of the overall process. The costing is done as part of planning the
new of changed services. It is not the objective. Ref. PG 1.2 (or APMG 20k supp. 3.4)

d)

This only covers part of the overall process during transition. It is not the objective. Ref.
PG 1.2 (or APMG 20k supp 3.4)

DR02.1 - Service Delivery and Relationship Processes


C
a)

SLAs shall include agreed service targets, workload characteristics and exceptions.
ISO/IEC 20000-1, 6.1

b)

SLAs shall include agreed service targets, workload characteristics and exceptions.
ISO/IEC 20000-1, 6.1

c)

SLAs shall include agreed service targets, workload characteristics and exceptions.
ISO/IEC 20000-1, 6.1

d)

SLAs shall include agreed service targets, workload characteristics and exceptions.
ISO/IEC 20000-1, 6.1

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

13

DR02.5 - Service Delivery and Relationship Processes


C

14

a)

The Standard states that business plans, SLAs and risks shall be taken into
consideration. This option can be ruled out because incident trend analysis cant be
used to determine requirements. Ref ISO/IEC 20000-1, 6.3.1

b)

The Standard states that business plans, SLAs and risks shall be taken into
consideration. This option is a list of possible constraints that may affect availability or
continuity but they wont help determine requirements. Ref ISO/IEC 20000-1, 6.3.1

c)

The Standard states that business plans, SLAs and risks shall be taken into
consideration. Ref ISO/IEC 20000-1, 6.3.1

d)

The Standard states that business plans, SLAs and risks shall be taken into
consideration. This option can be ruled out because supplier contracts are irrelevant. Ref
ISO/IEC 20000-1, 6.3.1

DR02.3 - Service Delivery and Relationship Processes


B

15

a)

Identity shall be included in the description of each service report documented and
agreed by the service provider and interested parties. Author may be useful but it is not
a requirement. ISO/IEC 20000-1, 6.2

b)

Identity shall be included in the description of each service report documented and
agreed by the service provider and interested parties. ISO/IEC 20000-1, 6.2

c)

Identity shall be included in the description of each service report documented and
agreed by the service provider and interested parties. Size of report may be useful but it
is not a requirement. ISO/IEC 20000-1, 6.2

d)

Identity shall be included in the description of each service report documented and
agreed by the service provider and interested parties. Format may be useful but it is not
a requirement. ISO/IEC 20000-1, 6.2

DR01.2 - Service Delivery and Relationship Processes


C
a)

Testing of the service continuity and availability plans is part of the process
requirements, but not the overall objective. PG 1.2 (or APMG 20k supp. 3.3)

b)

This is an activity often associated with the process, but not the overall objective. PG
1.2 (or APMG 20k supp. 3.3)

c)

This is the objective described. The others may be part of the process requirements or
activities but not the overall objective. PG 1.2 (or APMG 20k supp. 3.3)

d)

This is part of the process requirements, but not the overall objective. The agreed
requirements for service continuity and availability shall take into consideration service
level agreements. PG 1.2 (or APMG 20k supp. 3.3)

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

16

DR02.1 - Service Delivery and Relationship Processes


A

17

a)

The service provider shall document, agree and implement information security controls
with these external organizations. Ref ISO/IEC 20000-1, 6.6.2

b)

The service provider shall document, agree and implement information security controls
with these external organizations. Ref ISO/IEC 20000-1, 6.6.2

c)

The service provider, not the lead supplier, shall document, agree and implement
information security controls with these external organizations. Ref ISO/IEC 20000,
6.6.2

d)

The service provider, not the business relationship manager, shall document, agree and
implement information security controls with these external organizations. Ref ISO/IEC
20000-1, 6.6.2

MS02.3 - Service Management System General Requirements


C

18

a)

Personnel performing the work shall be competent on the basis of appropriate education,
training, skill and experience. There is no mandatory requirement for all staff to have
formal training and qualifications. ISO/IEC 20000-1, 4.4.2

b)

Personnel performing the work shall be competent on the basis of appropriate education,
training, skill and experience. There is no mandatory requirement for senior staff to have
formal training and qualifications. ISO/IEC 20000-1, 4.4.2

c)

Personnel performing the work shall be competent on the basis of appropriate education,
training, skill and experience. ISO/IEC 20000-1, 4.4.2

d)

There is a specific requirement that personnel performing the work shall be competent
on the basis of appropriate education, training, skill and experience. ISO/IEC 20000-1,
4.4.2

DR02.9 - Service Delivery and Relationship Processes


D
a)

Forecasts for future demand for services shall be included in a capacity plan. Ref
ISO/IEC 20000-1, 6.5

b)

Costs of service capacity upgrades shall be included in a capacity plan. Ref ISO/IEC
20000-1, 6.5

c)

Current demand for services shall be included in a capacity plan. Ref ISO/IEC 20000-1,
6.5

d)

Service level agreements are a specific type of document, and would not be included in
a capacity plan. (There may be some mention of service level targets and achievements
in a capacity plan, but these are not the same thing as a service level agreement). Ref
ISO/IEC 20000-1, 6.5

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

19

MS02.4 - Service Management System General Requirements


B

20

a)

The service requirements shall be included in the service management plans. Ref
ISO/IEC 20000-1, 4.5.2

b)

This is just information to be communicated; it is not related to planning service


management. Ref ISO/IEC 20000-1, 4.5.2

c)

The resource required for service management shall be included in the service
management plans. Ref ISO/IEC 20000-1, 4.5.2

d)

The technology used to support the SMS shall be included in the service management
plans. Ref ISO/IEC 20000-1, 4.5.2

NC02.7 - Design and Transition of Services, Resolution and Control Processes


A

21

a)

Frequency and type of releases is the only requirement for the release policy. ISO/IEC
20000-1, 9.3

b)

A release policy does not include service level targets. These are contained in SLAs,
not policies. ISO/IEC 20000-1, 9.3 and 6.1

c)

A release policy does not include the specific changes to be included in a release;
these are included in the release plan. ISO/IEC 20000-1, 9.3

d)

A release policy does not include specific back-out actions for a release; these are
included in the release plan. ISO/IEC 20000-1, 9.3

DR02.13 - Service Delivery and Relationship Processes


C
a)

The service provider shall review the performance of services at planned intervals. There
is no requirement for monthly reviews. ISO/IEC 20000-1, 7.1

b)

The service provider shall review the performance of services at planned intervals. There
is no requirement for annual reviews. ISO/IEC 20000-1, 7.1

c)

The service provider s shall review the performance of services at planned intervals.
ISO/IEC 20000-1, 7.1

d)

The service provider shall review the performance of services at planned intervals. There
is no requirement for reviews to be dependent on customer satisfaction results. ISO/IEC
20000-1, 7.1

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

22

DR02.15 - Service Delivery and Relationship Processes


A

23

a)

The lead supplier is responsible for managing its subcontracted suppliers. ISO/IEC
20000-1, 7.2

b)

The lead supplier is responsible for managing its subcontracted suppliers. The service
provider does not have a direct relationship with the sub-contractor. ISO/IEC 20000-1,
7.2

c)

The lead supplier is responsible for managing its subcontracted suppliers. The service
provider does not have a direct relationship with the sub-contractor. ISO/IEC 20000-1,
7.2

d)

The lead supplier is responsible for managing its subcontracted suppliers. The service
provider does not have a direct relationship with the sub-contractor. ISO/IEC 20000-1,
7.2

NC02.1 - Design and Transition of Services, Resolution and Control Processes


D

24

a)

Assessment, approval, scheduling and reviewing of new or changed services in the


scope of clause 5 shall be controlled by the change management process, not the
capacity management process. ISO/IEC 20000-1, 5.1

b)

Assessment, approval, scheduling and reviewing of new or changed services in the


scope of clause 5 shall be controlled by the change management process, not the
release and deployment process. ISO/IEC 20000-1, 5.1

c)

Assessment, approval, scheduling and reviewing of new or changed services in the


scope of clause 5 shall be controlled by the change management process, not the
budgeting and accounting process. ISO/IEC 20000-1, 5.1

d)

Assessment, approval, scheduling and reviewing of new or changed services in the


scope of clause 5 shall be controlled by the change management process. ISO/IEC
20000-1, 5.1

NC02.9 - Design and Transition of Services, Resolution and Control Processes


A
a)

Top management shall ensure that a designated individual responsible for managing the
major incident is appointed. ISO/IEC 20000-1, 8.1

b)

The requirement within incident and service request management is that After the
agreed service has been restored, major incidents shall be reviewed to identify
opportunities for improvement. ISO/IEC 20000-1, 8.1

c)

The service provider shall document and agree with the customer the definition of a
major incident. ISO/IEC 20000-1, 8.1

d)

It is not a requirement to record the root cause when the incident is created. ISO/IEC
2000-1, 8.1

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

ISO/IEC 20000 Foundation Examination

25

OV01.3 - Overview of ISO 20000, related best practices, standards and schemes
B

26

a)

There is no requirement for a service provider to use ITIL. ISO/IEC 20000 is intentionally
independent of specific guidance. ISO/IEC 20000-1, introduction

b)

ISO/IEC 20000 is intentionally independent of specific guidance. ISO/IEC 20000-1,


Introduction.

c)

There is no requirement for the service provider to use best practice, or to be certified for
it. ISO/IEC 20000 is intentionally independent of specific guidance. ISO/IEC 20000-1,
introduction

d)

There is no requirement for suppliers to be certified to ISO/IEC 20000. ISO/IEC 20000 is


intentionally independent of specific guidance. ISO/IEC 20000-1, introduction, 7.2

MS02.1 - Service Management System General Requirements


D

27

a)

This is a specific top management responsibility. ISO/IEC 20000-1, 4.1.1

b)

This is a specific top management responsibility. ISO/IEC 20000-1, 4.1.1

c)

This is a specific top management responsibility. ISO/IEC 20000-1, 4.1.1

d)

There are no requirements about communicating service management policies to the


customers. ISO/IEC 20000-1,4..1.1

NC02.11 - Design and Transition of Services, Resolution and Control Processes


D
a)

Problem management would identify the actions but change management would
process them. ISO/IEC 20000-1, 9.2

b)

Incident and service request management is likely to have passed information to


problem management but are not required to be involved in error correction. ISO/IEC
20000-1, 9.2

c)

Service continuity and availability management will investigate any unplanned nonavailability the error may cause but it will be change management that will correct the
error. ISO/IEC 20000-1, 9.2

d)

Problems requiring changes to a CI shall be resolved by raising a request for change,


i.e. changes required in order to correct the underlying cause of problems shall be
controlled by the change management process. ISO/IEC 20000-1, 9.2

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

10

ISO/IEC 20000 Foundation Examination

28

MS01.2 - Service Management System General Requirements


D

29

a)

Supplier management is not contained within the SMS general requirements. ISO/IEC
20000-1, 4

b)

Information security management is not contained within the SMS general requirements.
ISO/IEC 20000-1 4

c)

Design and transition of new or changed services is not within the SMS general
requirements. ISO/IEC 20000-1, 4

d)

Documentation management is one of areas within the SMS general requirements.


ISO/IEC 20000-1, 4.3

MS02.2 - Service Management System General Requirements


C

30

a)

Documentation management is required to define controls for the disposal of records.


Release and deployment is not involved in this. ISO/IEC 20000-1, 4.3.3

b)

Documentation management is required to define controls for the disposal of records.


Information security management is not involved in this. ISO/IEC 20000-1, 4.3.3

c)

Documentation management is required to define controls for the disposal of records.


ISO/IEC 20000-1, 4.3.3

d)

Documentation management is required to define controls for the disposal of records.


Change management is not involved in this. ISO/IEC 20000-1, 4.3.3

NC02.5 - Design and Transition of Services, Resolution and Control Processes


D
a)

This is not a restriction imposed by ISO/IEC 20000. The requirement is that there shall
be a documented procedure to manage emergency changes. ISO/IEC 20000-1, 9.2

b)

This is not a requirement of ISO/IEC 20000. The requirement is that there shall be a
documented procedure to manage emergency changes. ISO/IEC 20000-1, 9.2 .

c)

This is not a requirement of ISO/IEC 20000. The requirement is that there shall be a
documented procedure to manage emergency changes. ISO/IEC 20000-1, 9.2

d)

there shall be a documented procedure to manage emergency changes. ISO/IEC


20000-1, 9.2

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

11

ISO/IEC 20000 Foundation Examination

31

AC02.6 - Achieving ISO/IEC 20000 certification


B

32

a)

All processes and requirements must be met. There can be no exclusions. ISO/IEC
20000-1, 1.2

b)

All processes and requirements must be met. There can be no exclusions. ISO/IEC
20000-1, 1.2

c)

All processes and requirements must be met. There can be no exclusions. ISO/IEC
20000-1, 1.2

d)

All processes and requirements must be met. There can be no exclusions. ISO/IEC
20000-1, 1.2

MS02.8 - Service Management System General Requirements


B

33

a)

Supplier management is used when suppliers operate some parts of the service
management processes. An internal group is not a supplier suppliers are external to
the organization. ISO/IEC 20000-1 7.2, 3.14, 3.35

b)

The service provider shall manage internal groups who are operating parts of the
processes through the service level management process. ISO/IEC 20000-1, 4.2.

c)

There is no requirement for service continuity and availability management to manage


internal groups. ISO/IEC 20000-1, 6.3

d)

There is no requirement for resource management to manage internal groups. ISO/IEC


20000-1, 4.4

AC02.4 - Achieving ISO/IEC 20000 certification


C
a)

Processes are evidence of intention but not a definition of the type of documents to be
produced at an audit. Documents that describe intent are required to be shown at an
audit. Process descriptions will be one such document. ISO/IEC 20000-1, 3.8 and 3.22,
PG 2.5, section on evidence (or APMG 20k supp. 7.3)

b)

Plans are evidence of intention but not a definition of the type of documents to be
produced at an audit. Documents that describe intent are required to be shown at an
audit. Plans will be one such document. ISO/IEC 20000-1, 3.8 and 3.22, PG 2.5,
section on evidence (or APMG 20k supp. 7.3)

c)

The two types of documentation required to be produced at an audit are those showing
evidence of intention and those that are records of achievement or activities performed.
ISO/IEC 20000-1, 3.8 and 3.22, PG 2.5, section on evidence (or APMG 20k supp. 7.3)

d)

Controls are evidence of intention but not a definition of the type of documents to be
produced at an audit. Documents that describe intent are required to be shown at an
audit. Controls will be one such document. ISO/IEC 20000-1, 3.8 and 3.22, PG 2.5,
section on evidence (or APMG 20k supp. 7.3)

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

12

ISO/IEC 20000 Foundation Examination

34

OV02.1 - Overview of ISO 20000, related best practices, standards and schemes
C

35

a)

Wrong way around, other parts provide supporting advice, Part 1 contains mandatory
requirements. PG 1.1 (or APMG 20k supp. 2)

b)

Both Parts 1 and 2 align with ITIL. PG 3.5 para 2 (or APMG 20k supp. 6.2)

c)

The other parts provide supporting advice for Part 1 which is the only Part to contain
mandatory requirements. PG 1.1 (or APMG 20k supp. 2)

d)

The other parts provide supporting advice for Part 1 which is the only Part to contain
mandatory requirements. PG 1.1 (or APMG 20k supp. 2)

AC02.5 - Achieving ISO/IEC 20000 certification


B

36

a)

The names of suppliers are not one of the factors to be included or considered for the
scope statement. ISO/IEC 20000-1, 4.5.1

b)

The geographical location(s) from which the service provider delivers the service and the
customer locations shall be considered when defining the scope. ISO/IEC 20000-1,
4.5.1

c)

As all processes in ISO/IEC 20000-1 are required in the scope with no exclusions, there
is no need to specify which processes are in the scope. ISO/IEC 20000-1, 4.5.1 and
1.2

d)

The resources necessary to achieve the service management objectives will be


established when planning the SMS. It is irrelevant to the scope statement. ISO/IEC
20000-1, 4.5.1

AC02.11 - Achieving ISO/IEC 20000 certification


A
a)

Effective governance of processes operated by other parties and supplier management


controls are requirements of Clause 4.2. ISO/IEC 20000-1, 4.2, ISO/IEC 20000-3, 5.2
(or PG 2.4.2, paragraph on Governance of processes)

b)

This will not make an organization ineligible for ISO/IEC 20000 certification provided the
service provider can demonstrate governance of processes operated by the data centre
provider. ISO/IEC 20000-1, 4.2, ISO/IEC 20000-3, 5.2 (or PG 2.4.2, paragraph on
Governance of processes)

c)

There is no reason why the service desk must remain in-house provided the service
provider can demonstrate governance of processes operated by the service desk
provider. ISO/IEC 20000-1, 4.2, ISO/IEC 20000-3, 5.2 (or PG 2.4.2, paragraph on
Governance of processes)

d)

This will not make an organization ineligible for ISO/IEC 20000 certification provided the
service provider can demonstrate governance of processes operated by the data centre
provider. ISO/IEC 20000-1, 4.2, ISO/IEC 20000-3, 5.2 (or PG 2.4.2, paragraph on
Governance of processes)

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

13

ISO/IEC 20000 Foundation Examination

37

AC01.2 - Achieving ISO/IEC 20000 certification


B

38

a)

Any auditor can identify observations and non-conformities. PG 2.7 (or APMG 20k
supp. 7.1)

b)

An observation is a recommendation for potential improvement and cannot lead to noncertification. They can be noted by internal or external auditors and are different from
non-conformities because they are not mandatory to be remedied. PG 2.7 (or APMG
20k supp. 7.1)

c)

Observations and nonconformities are completely different therefore observations cannot


accumulate to become a non conformity. PG 2.7 (or APMG 20k supp. 7.1)

d)

An observation is optional to remedy, and cannot lead to non-certification so it is


irrelevant whether or how long an observation takes to be remedied. PG 2.7 (or APMG
20k supp. 7.1)

AC02.2 - Achieving ISO/IEC 20000 certification


C

39

a)

Certificates are valid for three years. PG 2.5 (or APMG 20k supp. 7.2)

b)

Certificates are valid for three years. PG 2.5 (or APMG 29k supp. 7.2)

c)

Certificates are valid for three years. PG 2.5 (or APMG 20k supp. 7.2)

d)

Certificates are valid for three years. PG 2.5 (or APMG 20k supp 7.2)

AC02.2 - Achieving ISO/IEC 20000 certification


C
a)

Recertification audits are required to be carried out every three years. PG 2.5 (or APMG
20k supp. 7.2)

b)

There are no requirements concerning a gap analysis audit. PG 2.5 (or APMG 20k supp.
7.2)

c)

The APMG International ISO/IEC 20000 Certification Scheme requires a surveillance


audit to be carried out by the RCB at least annually. PG 2.5 (or APMG 20k supp. 7.2)

d)

An RCB could not carry out an internal audit. PG 2.5 (or APMG 20k. supp. 7.2)

The APM Group Ltd 2014


This paper remains the property of The APM Group (APMG).This document is not to be re-produced or re-sold without express permission from The
APM Group Ltd.
ISO/IEC 20000:1-Rationale-4001-GBISOFSample1-120120SamplePaper1

14

ISO/IEC 20000 Foundation Examination

40

AC02.3 - Achieving ISO/IEC 20000 certification


B
a)

The service provider conducts the internal audit; the RCB conducts the surveillance and
re-certification audits. ISO/IEC 20000-1, 4.5.4.2, PG 2.5 (or APMG 20k supp. 7.2)

b)

The RCB conducts both the surveillance and re-certification audits. The service provider
conducts the internal audits. ISO/IEC 20000-1, 4.5.4.2, PG 2.5 (or APMG 20k supp.
7.2)

c)

The service provider conducts the internal audit, the RCB conducts the surveillance and
re-certification audits. ISO/IEC 20000-1, 4.5.4.2, PG 2.5 (or APMG 20k supp. 7.2)

d)

The service provider conducts the internal audit, not the customer. ISO/IEC 20000-1,
4.5.4.2, PG 2.5 (or APMG 20k supp. 7.2)