Company Name goes hereDocument Name: ISO 20000-1: 2011 Gap Analysis QuestionaireVersion: 1.0Author: Muhammad Usman HamidApproval:

Brief Description Questions

4

4.1.1 1

2

3

4

5 ensuring provision of resources

6 conducting management reviews

7

4.1.2 8

4.1.3 9

10

4.1.4 11 Appointment of MR

12 MR's work (see a to e)

ISO 20000-1:2011 Clause no

Question no

Service Management system/Management Responsibility

Management commitment -Service Policy, scope

Has the management established a service policy and objectives?

Objectives for service management

Are objectives derived from the service policy?

communicating the importance of fulfilling service requirements

How well has the communication on service policy been done?

communicating the importance of fulfilling statutory and legal requirements

What are the means of communicating the regulatory and legal requirements ?

How does the top management provide adequate resources for the establishment of a service management system ?

Have the management reviews been conducted as required by the manual?

Ensuring risks are assessed and managed

How well the process of risk assessment been deployed?

Establishment of service policy as per a to e

Has the service policy been reviewed for adequacy? In what periodicity is it reviewed?

Defining authorities and responsibilities

Is the present organisation chart comprehensive enough to include all responsibilities as envisaged by the standard?

documented procedure for communication

Is a documented procedure for internal communication available?

Has the MR been appointed from the internal staff?

Does MR have the required mandate to carry out his/her responsibilities as defined in the standard?

4.2 13

4.3

4.3.1 14

4.3.2 15 Control of Documents- Procedure

4.3.3 16 Control of Records- procedure

4.4

4.4.1 17

4.4.2 18

19 Training for people

20

21

22 Maintaining records

4.5

Governance of processes under others ( see a to d)

How is the Governance process led by top management? Which are the internal groups and vendors who are covered by the Governance process currently?

Establishing and maintaining documents

is there a master list of documents? Are the release of documents done after due approval? Is there a system for version control?

Is there a procedure for control of documents and is it followed?

Is there a procedure for control of records and is it followed?

Determination of resources and provision

How timely the resources are provided to enable the company to improve service management system and customer satisfaction?

Competency determination for personnel

Is there a process for determining the competency of existing people and providing the necessary training (or taking other actions) to improve them?

is there a structured plan for training people and is it well deployed

evaluation of effectiveness of training

How does the management evaluate the effectiveness of the training programmes ( or other actions taken)?

ensuring awareness of the service management

How does the management ensure that all the associates and service providers are aware of the Service management objectives and contribute to them?

What are the records maintained to demonstrate the achievement of skills by training, education and other actions?

4.5.1 23 scope definition of SMS

4.5.2 24

4.5.3 25 Operation of SMS as per a to f

4.5.4.2 26 Internal audit

4.5.4.3 27 Management review

4.5.5.2 28 Management of Improvements.

5

5.2 29

30

31 Plan for removal of service

5.3 32

33

34 Quality Control Specification

Scope should cover location of customers , location wherefrom service is delivered and the technology used.

service management plan see a to l

In an organisation which is a captive IT dept their service Quality manual will be adequate as a service management plan but for IT organisations which are providing services to the world at large the service management plan is required to be existing.

For the captive IT organisation, this is audited as a part of auditing other requirements of standard. For IT organisations which are providing services to market at large, how well these aspects a to f are understood from customers and customised?

Are internal audits conducted as per plan?

are management reviews conducted as per plan ?

Is there a service improvement plan (or plans?)

Design and transition of new or changed services

Plan new services Introduction see a to j-

How the planning for introduction of a new service go on?

Plan for changed service introduction see a to j -make a demo plan

how the planning has been done for changed service?

How is the planning done for removal of service? Or incase of transitioning to other service providers?

Service specification apply a to k selectively

How is design and development of service carried out?

Service Delivery specification (apply a to k selectively)

5.4 35

6 Service level management

6.1 36 Catalogue of services Is the service catalogue available?

37 SLAs for each service

38 Reviews of SLAs with customer

39

40

41

6.2 42 Service report for each service

6.3.1 43 service continuity requirements

44 service availability requirements

6.3.2 45 service continuity plan

service availability plan

6.3.3 46

47

6.4 48

6.5 49 Capacity management

6.6

6.6.1 50 Information security policy

51 Risk Management

Transition of new/changed service

How does the organisation verify the service before it is launched?

Are SLAS documented for each service individually?

Are these SLAs being reviewed with customer?

Trends of performances against targets

what are the trends ? are targets for the SLAs available?

causal analyses of non conformities

How instances of non conformities in meeting SLAs are dealt with?

Review of other groups' performances

How are other groups' performances reviewed?

How does the IT report about the status of its service to the customers?

6.3 Service continuity and availability management

how has the IT team collected the requirements for service continuity?

How has the IT team collected the requirements for service availability??

what is the plan for service continuity and availability ?

service continuity testing and monitoring

How are the continuity plans getting tested?

service availability testing and monitoring

How are availability plans getting tested?

Procedures for budgeting and accounting

what are the procedures for cost accounting and monitoring budgets?

How is the capacity being planned in advance?

Is there an information security policy?

Is the approach to security risk management defined ?

6.6.2 52

53 Security Objectives Are these objectives for IT security?

54 controls on external organisations

6.6.3 55 change request analysis

56 Incidents register

7 Relationship processes

7.1 57 Account manager allocation list

58

59 complaint management process

7.2 60

61 contract of service

62

63

8 Resolution processes

8.1

Physical security controls on premises

What are the physical security controls?

Are controls defined for external organisations who are involved in service delivery?

How are security risks analysed for changes proposed?

Is there a system for registering security incidents?

Are designated account managers available for key customers?

Review of performance with customers

what is the system for performance review with customers?

How does the organisation manage its complaints? Is there a documented procedure? Is there an agreement with customer on what is a complaint?

List of account managers (supplier wise)

Are designated account managers for key suppliers available?

Does organisation have a documented contract with each supplier?

relationship of lead to subcontracted suppliers

are the relationship between lead supplier and the sub supplier documented?

monitoring of the performance of suppliers

How does the organisation monitor the performance of suppliers? Is here a documented procedure for resolving disputes?

Incident and service request management

8.1 64

65

8.2 66

9 Control processes

9.1 67 Configuration management

68 How are changes to CIs handled?

9.2 69

70 Emergency changes

71

9.3 72 Release and Deployment Policy

73 definition of emergency release

74

procedure for dealing with service incidents

Is there a documented procedure for dealing with incident management ? Does it define major and minor service incidents?

Procedure for dealing with service requests

Is there a documented procedure for dealing with service request ?

Procedure for problem management

is there a documented procedure for resolution management?

Is there a documented procedure for configuration management?

Configuration management-CMDB

Change Management- change requests

is there a documented procedure for change management?

How does the organisation handle emergency changes?

Change management - Deploying the changes

Check whether the deployment of changes is taking place as per the procedure.

Has the organisation formulated a release policy?

Is emergency release defined? Is there a documented procedure?

monitoring success and failure of release

How does the organisation monitor success or failure of its releases?

Answers Evidences

Abbreviations used in checklist:

CMDB Configuration management data base Configuration item

3 ISO International organisation for standardisation4 MR Management Representative5 SIP Service Improvement plan.

SLA Service level agreement.7 SMS Service Management system8 For all terms used, definitions are as per clause no 3 of the ISO 20000-1:2011 standard.

1.       2.  CI

6. 

For all terms used, definitions are as per clause no 3 of the ISO 20000-1:2011 standard.