20000-2005 ITSM chk

ISO 20000-1 2005 ITSM Implementation Checklist

ISO 20000-1 2005 ITSM Implementation ChecklistInterviewee: ____________________

Designation: ____________________

Interviewer: ____________________

Date: ____________________

Instructions on Use:

1. The purposes for this implementation / interview checklist are to:

a) Gauge the level of compliance to ISO20000-1:2005 requirements by your group / dept / division

b) Facilitate the provision of information necessary for ISO20000-1:2005 implementation

c) Serve as a training materials for understanding the ISO20000-1:2005 requirements

2. Please spend about 2 hours going through the checklists, answering the questions to the best of your knowledge. The Interviewer will go through the questions with you to help you to answer some of the questions during the interview session.

3. Please also provide a copy (where available) of the following:

a) Documentation, records, procedures, flow-charts relating to the questions posed in this interview checklist.

4. Areas covered in this implementation / interview checklist include:

a) 3. General Requirements for Mgmt System (Include 3.1 Mgmt Responsibility, 3.2 Documentation Requirements, 3.3 Competency, Training & Awareness)

b) 4. Planning and Implementating IT Service Mgmt (Include 4.1 Plan Svc Mgmt, 4.2 Implement Svc Mgmt, 4.3 Monitor, Measure & Review, 4.4 Continual Improvement)

c) 5. Planning and Implementing New or Changed Service s

d) 6. Service Delivery Process (Include 6.1 Service Level Mgmt, 6.2 Service Reporting, 6.3 Service Continuity & Availability Mgmt, 6.4 Budgeting & Accounting For IT Services, 6.5 Capacity Mgmt, 6.6 Information Security Mgmt)

e) 7. Relationship Mgmt (Include 7.1 Biz Relationship Mgmt and 7.2 Supplier Mgmt)

f) 8. Resolution Processes (Include 8.1 Incident Mgmt, 8.2 Problem Mgmt)

g) 9. Control Processes (Include 9.1 Configuration Mgmt, 9.2 Change Mgmt)

h) 10. Release Process

document.doc (Jun 2007) Page 1 of 20




ISO 20000-1 Clauses Yes No Partial N.A.

3 Requirements For Mgmt SystemIs there a mgmt system, including policies and a framework to enable effective mgmt and implementation of all IT services? (List all key IT services provided & answer this

question for each of the key IT services provided)

3.1 Mgmt Responsibility

a) Is there leadership and actions by top/executive mgmt to provide evidence on the commitment to the development, implementation and improvement of its service mgmt capability, within the context of the organisation ‘s business and customer requirements?

Remarks (if any):

b) Do mgmt staff (especially your mgr): Establish the service mgmt policy, objectives and

plan? Communicate the importance of meeting service

mgmt objectives and the need for continual improvements?

Ensure customer requirements are determined and are met with the aim of improving customer satisfaction?

Appoint a member of mgmt responsible for the co-ordination and management of all services?

Determine and provide resources to plan, implement, monitor, review and improve service delivery and mgmt? (e.g. recruit appropriate staff, manage staff turnover)

Manage risks to service mgmt organisation and services?

Conduct review of service mgmt, at planned intervals, to ensure continual suitability, adequacy and effectiveness

Remarks (if any):

3.2 Documentation Requirementsa) Are there documentation and records to ensure

effective planning, operation and control of service



ISO 20000-1 Clauses Yes No Partial N.A.mgmt? Do these include: Documented service mgmt policies and plans? Documented service level agreements? Established procedures and responsibilities for the

creation, review, approval, maintenance, disposal and control of various types of documents and records?

Remarks (if any):

Documented processes and procedures required by this standard: 2.6 Document : Examples of documents include

policy statements, plans, procedures, service level agreements and contracts

2.13 Service Level Agreement (SLA) - written agreement between a service provider and a customer that documents services and agreed service levels

3.2 Documentation Requirements : Service providers shall provide documentation to ensure effective planning, operation and control of service management such as documented service management policies and plans, and documented service level agreements

4.1 Plan Service Mgmt : Documented responsibilities for reviewing, authorising, communicating, implementing and maintaining the service mgmt plans

4.2 Implement Service Management and Provide the Services: Documenting and maintaining the policies, plans, procedures and definitions for each process or set of processes

4.4 Continual Improvement : Process in place to identify, measure, report and manage improvement activities on an on-going basis

6.1 Service Level Mgmt : Each service provided shall be defined, agreed and documented in one or more service level agreements (SLAs)

6.6 Info Security Mgmt : Security controls shall be documented. The documentation shall describe the risks to which the controls relate, and the manner of operation and maintenance of the controls

7.1 Business Relationship Mgmt : The service provider shall identify and document the stakeholders and customers of the services



ISO 20000-1 Clauses Yes No Partial N.A. 7.2 Supplier Mgmt : The service provider shall

have documented supplier management processes and shall name a contract manager responsible for each supplier

The requirements, scope, level of service and communication processes to be provided by the supplier(s) shall be documented in SLAs or other documents and agreed by all parties

The interfaces between processes used by each party shall be documented and agreed

8.1 Incident Mgmt : Procedures shall define the recording, prioritization, business impact, classification, updating, escalation, resolution and formal closure of all incidents

8.2 Problem Mgmt : Procedures shall be adopted to identify, minimize or avoid the impact of incidents and problems. They shall define the recording, classification, updating, escalation, resolution and closure of all problems

9.1 Configuration Mgmt : There shall be a policy on what is defined as a configuration item and its constituent components

Configuration audit procedures shall include recording deficiencies and instigating corrective actions and reporting on the outcome

9.2 Change Mgmt : Service and infrastructure changes shall have a clearly defined and documented scope

10.1 Release Mgmt : The release policy stating the frequency and type of releases shall be documented and agreed

Remarks (if any):

Records required by this standard : 2.3 Change record : record containing details of

which configuration items (see 2.4) are affected and how they are affected by an authorized change

2.9 Record : Records are distinguished from documents by the fact that they function as evidence of activities, rather than evidence of intentions

Examples of records include audit reports, requests for change, incident reports, individual training records and invoices sent to customers



ISO 20000-1 Clauses Yes No Partial N.A. 3.2 Documentation Requirements : Service

providers shall provide records to ensure effective planning, operation and control of service management

7.1 Business Relationship Mgmt: Meetings btw service provider and customer of the services shall be documented

4.3 Monitoring, Measuring and Reviewing : The objective of service management reviews, assessments and audits shall be recorded together with the findings of such audits and reviews and any remedial actions identified

4.4 Continual Improvements : All suggested service improvements shall be assessed, recorded, prioritized and authorized

6.1 Service Level Mgmt : Objective - To define, agree, record and manage levels of service

The full range of services to be provided together with the corresponding service level targets and workload characteristics shall be agreed by the parties and recorded

SLAs, together with supporting service agreements, third party contracts and corresponding procedures, shall be agreed by all relevant parties and recorded

6.3 Availability and Service Continuity Management: Availability shall be measured and recorded. All continuity tests shall be recorded and test failures shall be formulated into action plans

6.6 Info Security Mgmt : Security incidents shall be reported and recorded in line with incident management procedure as soon as possible

7.1 Business Relationship Mgmt : All formal service complaints shall be recorded by the service provider, investigated, acted upon, reported and formally closed

A process shall exist for obtaining and acting upon feedback from regular customer satisfaction measurements. Actions for improvement identified during this process shall be recorded and input into the service improvement plan

7.2 Supplier Mgmt : Performance against service level targets shall be monitored and reviewed. Actions for improvement identified during this process shall be recorded and input



ISO 20000-1 Clauses Yes No Partial N.A.into the service improvement plan

8.1 Incident Mgmt : All incidents shall be recorded

8.2 Problem Mgmt : All identified problems shall be recorded.

Problem management shall be responsible for ensuring up-to-date information on known errors and corrected problems is available to incident management. Actions for improvement identified during this process shall be recorded and input into the service improvement plan

9.1 Config Mgmt : There shall be a policy on what is defined as a configuration item and its constituent components. The information to be recorded for each item shall be defined and shall include the relationships and documentation necessary for effective service management

All configuration items shall be uniquely identifiable and recorded in a CMDB to which update access shall be strictly controlled

9.2 Change Mgmt : All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor

All requests for change shall be recorded and classified, e.g. urgent, emergency, major, minor. Actions for improvement identified from change management shall be recorded and input into the service improvement plan

10.1 Release Mgmt : Plans shall record the release dates and deliverables and refer to related change requests, known errors and problems. They shall be communicated to incident management

Remarks (if any):

3.3 Competency, Training & Awarenessa) Are service management roles and responsibilities

defined and maintained with the competencies to execute them effectively?

b) Are staff competency and training needs reviewed and managed to enable staff to perform their role effectively

c) Are employees aware of the relevance and importance of their activities and how they contribute to the achievement of the service mgmt objectives

Remarks (if any):




4 Planning & Implementing Service Mgmt4.1 Plan Service Mgmt (Plan)

a) Is there a service mgmt plan? Does it define: The scope of the service mgmt within the

organisation The objectives and requirements that are to be

achieved The processes that are to be executed The framework of mgmt roles and

responsibilities, including process owner and mgmt of 3rd party suppliers

The interfaces btw svc mgmt processes and manner in which activities are to be co-ordinated

The approach to be taken in identifying, assessing and managing issues and risks to the achievement of defined objectives

The approach for interfacing to projects that are creating or modifying services

The tools as appropriate to support the processes How the quality of service will be managed,

audited and improved

Remarks (if any):

4.2 Implement Service Mgmt & Provide the Svc (Do) a) Does the organisation implement the Service Mgmt

Plan to manage and deliver the service, including: Allocation of funds and budgets Allocation of roles & responsibilities Documenting and maintaining the policies, plan,

procedures and definitions for each process or set of processes

Identification and management of risks to the service

Managing teams, e.g. recruiting and developing appropriate staff and managing staff continuity

Managing of facilities and budget Managing the teams including service desk and

operations Reporting progress against the plans Co-ordination of service mgmt processes

Remarks (if any):

4.3 Monitoring, Measuring and Reviewing (Check)




a) Does the organisation apply suitable methods for monitoring and measurement of the service mgmt processes?

b) Do these methods demonstrate the ability of the processes to achieved planned results?

c) Are mgmt reviews conducted at planned intervals to determine whether the service mgmt requirements Conform with the Service Mgmt Plan and to the

requirements of the ISO20000-1 standard Are effectively implemented and maintained

d) Is an audit planned, taking into the consideration the status and importance of the processes and areas to be audited, as well as results of previous audits?

e) Is the audit criteria, scope, frequency and methods defined in a procedure?

f) Are the selection of auditors and conducts of audits done to ensure objectivity and impartiality of the audit process?

g) Are auditors auditing their own area of work? – not allowed

h) Are the objectives of the service mgmt reviews, assessment and audits recorded with the findings of such audits and reviews, and are remedial actions identified

i) Are significant areas of non-compliance or concern communicated to relevant parties?

Remarks (if any):

4.4 Continual Improvement (Act)

a) 4.4.1 Policy : Is there are published policy on service improvement?

b) Are non-compliances to ISO 20000-1 or service mgmt plans remedied?

c) Are roles and responsibilities for service improvement activities clearly defined?

d) 4.4.2 Mgmt of Improvements : Are all suggested service improvements assessed, recorded, prioritised and authorised?

e) Is there a plan used to control this activity?

f) Does the organisation has a process in place to




identify, measure, report and manage improvement activities on an on-going basis? Does this include Improvements of individual processes that can be

implemented by the process owner with the usual staff resources

Improvements across the organisation or across more than one process?

g) 4.4.3 Improvement Activities : Are the following activities performed? Collect and analyse data to baseline and

benchmark the organisation’s capability to manage and deliver service mgmt?

Identify, plan and implement improvements Consult with all parties involved? Set targets for improvements in quality, costs and

resource utilisation Consider relevant inputs about improvements from

all the service level mgmt processes Measure, report and communicate the service

improvements Revise the service mgmt policies, plans and

procedures where necessary Ensure that all approved actions are delivered and

that they achieve their intended objectives

h) Does the service improvement plan include inputs from: 6.1 Service Level Mgmt 6.6 Information Security Mgmt 7.1 Business Relationship Mgmt 7.2 Supplier Mgmt 8.2 Problem Mgmt 9.2 Change Mgmt 10.1 Release Mgmt

Remarks (if any):

5 Planning & Implementing New or Changed Svcsa) Are new services and changes to services managed

to ensure that these are delivered at the right cost and service quality?

b) Is cost, organisational, technical and commercial impact considered in the proposal for new or change services?

c) Are implementations of new and change services, including closure of a service planned and approved



ISO 20000-1 Clauses Yes No Partial N.A.through formal change mgmt?

d) Are adequate funding and resources provided for the planning, implementation, service delivery and mgmt of the new or changed services?

e) Does the plan for new or change services include: The roles and responsibilities for implementing,

operating and maintaining the new or changed services, including activities performed by the customers and 3rd party suppliers

Changes to the existing mgmt framework and services

Communication to relevant parties New or changed contracts and agreements to align

to changes in business need Manpower and recruitment requirements Skill and training requirements (e.g. for users,

technical support, etc.) Processes, measures, methods and tools to be used

in conjunction with new or changed service (e.g. capacity and financial mgmt)

Budget and time-scales Service acceptance criteria The expected outcome from operating the new

service expressed in measurable termsf) Are new or changed services accepted by the service

provider before being implemented in the live environment

g) Are outcomes achieved by the new or changed services reported against those planned following its implementation?

h) Is a post implementation review comparing the actual outcomes against those planned performed through the change mgmt process and the results reported to relevant parties?

Remarks (if any):

6 Service Delivery Process6.1 Service Level Mgmt

a) Are levels of service defined, agreed, recorded and managed?

b) Is the full range of services to be provided together with the corresponding service level targets and workload characteristics agreed with relevant parties and recorded?

c) Is each service to be provided defined, agreed and documented in one or more service level agreements?

d) Are SLAs, together with service agreements, 3rd party



ISO 20000-1 Clauses Yes No Partial N.A.contracts and corresponding procedures agreed with relevant parties and recorded

e) Are the SLAs under control of the change mgmt system?

f) Are the SLAs maintained through regular reviews by relevant parties to ensure that they are up-to-date and remain effective over time

g) Are service levels monitored and reported against targets, showing both current and trend information

h) Are reason(s) for non-conformance reported, reviewed?

i) Are actions for improvements identified during this process recorded and used as inputs for improving the service?

Remarks (if any):

6.2 Service Reportinga) Are agreed, timely, reliable and accurate reports

produced for informed decision-making and effective communication

b) Are there a clear description of each service report, including its identity, purpose, audience and details of the data source?

c) Are service reports produced to meet identified needs and customer requirements

d) Does the service reporting include: Performance against service level targets Non-compliance and issues (e.g. against SLA,

security breach, etc.) Workload characteristics (e.g. volume, resource

utilisation) Performance reporting following major events

(e.g. major incidents and changes) Trend information Satisfaction analysis

e) Are findings in the service reports taken into consideration for mgmt decisions and corrective actions and are these communicated to relevant parties?

Remarks (if any):

6.3 Service Continuity & Availability Mgmta) Can all agreed obligations to customers be met in all

circumstances?b) Are availability and service continuity



ISO 20000-1 Clauses Yes No Partial N.A.requirements identified on the basis of business plans, SLA and risk assessments?

c) Does the availability and service continuity requirements include: Access rights Response times End-to-end availability of system components?

d) Are availability and service continuity plans developed and reviewed at least annually to ensure that requirements are met as agreed in all circumstances from normal through a major loss of service?

e) Are these plans maintained to ensure that they reflect agreed changes required by the business?

f) Is the impact of any change on the availability and service continuity plan assessed by the change mgmt process?

g) Are system availability measured and recorded?h) Are unplanned non-availability investigated and

appropriate actions taken?i) Are potential issues predicted and preventive actions

taken? (where possible)j) Are service continuity plans, contact lists and

configuration mgmt database available when normal office access is prevented?

k) Does the service continuity plan include the return to normal working?

l) Is the service continuity plans tested in accordance with business needs?

m) Are all continuity tests recorded and test failures formulated into actions plans?

Remarks (if any):

6.4 Budgeting and Accounting For IT Servicesa) Is the cost of service provision budgeted and

accounted for?b) Where charging is in use, is the mechanism for doing

so fully defined and understood by all parties?c) Is the accounting practices aligned to the wider

accountancy practices for the organisation?d) Are there clear policies and procedures for

Budgeting and accounting for all components, including IT assets, shared resources, overheads, third-party supplied service, people, insurance and licenses?

Apportioning and allocating all indirect costs to relevant services



ISO 20000-1 Clauses Yes No Partial N.A. Effective financial control and authorisation

e) Are costs budgeted in sufficient details to enable effective financial control and decision-making?

f) Are the costs against budget monitored and reported and financial forecast reviewed and costs managed accordingly?

Remarks (if any):

6.5 Capacity Mgmta) Does the organisation has sufficient capacity to meet

the current and future agreed demands of the business at all times?

b) Is a capacity management plan produced and maintained?

c) Does it include: The current and predicted capacity and

performance requirements Identified time-scale, thresholds and costs for the

service upgrade Evaluation of effects of anticipated service

upgrades, requests for change, new technologies and techniques on capacity

Predicted impact of external changes (e.g. legislative)

Data and processes to enable predictive analysisd) Are methods, procedures and techniques identified to

monitor service capacity, time service performance and provide adequate capacity?

Remarks (if any):

6.6 Information Security Mgmta) Are information security effectively managed for all

service activities?b) Is there an information security policy approved by

mgmt with appropriate authority and communicated to all relevant personnel and customers where appropriate?

c) Are there appropriate security controls to: Implement the requirements of the information

security policy Manage risks associated to access to the services

and systemsd) Are security controls documented?e) Does the documentation describe the:

Risks to which the control relate to



ISO 20000-1 Clauses Yes No Partial N.A. Manner of operations and maintenance of the

control?f) Are arrangements that involves 3rd party access to

information systems and services based on a formal agreement that defines all necessary security requirements

g) Are security incidents shall be reported and recorded in accordance with the incident management procedures as soon as possible?

h) Are procedures in place to ensure that all security incidents are investigated and management action taken?

i) Are mechanisms in place to enable the types, volumes and impacts of security incidents and malfunctions are quantified and monitored and also to provide input to the service improvement plan?

Remarks (if any):

7 Relationship Processes7.1 Business Relationship Mgmt (Btw Provider & Customer)

a) Is a good relationship between the service provider and customer established and maintained based on understanding the customer and their business drivers?

b) Are the stakeholders and customers of the services identified and documented by the service provider?

c) Is a service review attended at least annually by the service provider and customer to discuss: Any changes to the service scope The SLA, contract or business needs?

d) Are interim meetings held to discuss performance, achievements and actions plans?

e) Are these meeting documented?f) Are other stakeholders to the services invited to these

meetings?g) Does the service provider remain aware of business

needs and major changes in order to prepare to respond to these needs & changes?

h) Is there a complaint procedure?i) Is the definition of a formal service complaint

agreed with the customer?j) Are all formal service complaints recorded by the

service provider, investigated, acted upon, reported and formally closed?

k) Is an escalation available to the customer when a



ISO 20000-1 Clauses Yes No Partial N.A.complaint is not resolved through the normal channels?

l) Does the service provide has a named individual or individuals who are responsible for managing customer satisfaction and the whole business relationship process?

m) Is there a process for obtaining and acting upon feedback from regular customer satisfaction measurements?

n) Are actions for improvements during this process recorded and input into the service improvement plan?

Remarks (if any):

7.2 Supplier Mgmt (Btw Provider & Sub-contractor)a) Are 3rd party suppliers managed to ensure the

provision of seamless quality services?b) Does the service provider have a documented

supplier mgmt processes?c) Is there a named contract manager for each supplier?d) Are the requirements, scope, level of service and

communication processes to be provided by the service provider documented in the SLA or other documents and agreed by all parties?

e) Are SLAs for the suppliers aligned with the SLAs with the business?

f) Are the interfaces btw processes used by each party documented and agreed?

g) All roles and relationships between lead and sub-contracted suppliers clearly documented?

h) Are lead suppliers able to demonstrate processes to ensure subcontracted suppliers meet contractual requirements?

i) Is there a major review of the control or formal agreement at least annually to ensure the business needs and contractual obligations are still being met?

j) Are changes to the contracts and SLAs initiated as appropriate after this review?

k) Are changes subject to change mgmt process?l) Is there is formal process that exist to deal with

contractual disputes?m) Is there a process in place to deal with the expected

end of service, early end of service or transfer of service to another party?

n) Is performance against target service levels monitored and reviewed?



ISO 20000-1 Clauses Yes No Partial N.A.o) Are actions for improvements identified, recorded

and input into a plan for improving the service?

Remarks (if any):

8 Resolution Processes8.1 Incident Mgmt

a) Are agreed services to the business restored as soon as possible to respond to service requests?

b) Are all incidents recorded?c) Are there procedures adopted to manage the impact of

the service incidents?d) Are there procedures to define the recording,

prioritisation, business impact, classification, updating, escalation, resolution and formal closure of all incidents?

e) Are customers kept informed of the progress of their reported incidents or service request and alerted if their service levels cannot be met and an action agreed?

f) Are all staff involved in incident mgmt able to access relevant information such as known errors, problem resolutions and configuration mgmt database (CMDB)

g) Are major incidents classified and managed according to a defined process?

Remarks (if any):

8.2 Problem Mgmta) Is there a proactive identification and analysis of the

cause of service incidents and managing problems to closure to minimize disruptions to the business?

b) Are all identified problems recorded?c) Are there adopted procedures to define, minimize or

avoid the impact of incidents and problems?d) Do these procedures define the recording,

classification, updating, escalation, resolution and closure of all problems?

e) Are preventive actions taken to reduce potential problems? (e.g. following analysis of incident volume and types)

f) Are changes required in order to correct underlying cause of problems passed to the change mgmt process?

g) Are problem resolution monitored, reviewed and



ISO 20000-1 Clauses Yes No Partial N.A.reported on for effectiveness?

h) Is problem mgmt responsible for ensuring up-to-date information on known errors and corrected problems is available to incident mgmt?

i) Are actions for improvements identified during this process recorded and input into a plan for improving the service?

Remarks (if any):

9 Control Processes9.1 Configuration Mgmt

a) Note: Financial asset accounting falls outside the scope of this section

b) Are components of the service and infrastructure defined and controlled and accurate configuration information maintained?

c) Is there an integrated approach to change and configuration mgmt planning?

d) Is the interface to financial asset accounting processing defined by the service provider?

e) Is there a policy on what is defined as a configuration item and its constituent components?

f) Configuration Information: Is the information to be recorded for each item defined? Does the information to be recorded include relationship and documentation necessary for effective service mgmt?

g) Are mechanisms provided by configuration mgmt for identifying, controlling and tracking versions of identifiable components of the service and infrastructure?

h) Is the degree of control sufficient to meet business needs, risks of failures and service criticality

i) Is information provided by configuration mgmt to change mgmt on the impact of a requested change on the service and infrastructure configurations?

j) Are changes to configuration items traceable and auditable where appropriate (e.g. changes and movements of h/w and s/w)?

k) Do the configuration control procedures ensure that the integrity of systems, services and service components are maintained?

l) Are baseline of appropriate configuration items taken before a release to the live environment?



ISO 20000-1 Clauses Yes No Partial N.A.m) Are master copies of digital configuration items

controlled in secure physical or electronic libraries?n) Do master copies of digital configuration items

reference the relevant configuration records (e.g. s/w, testing products, and support documents)?

o) Are all configuration items uniquely identifiable and recorded in a CMDB to which update access is strictly controlled?

p) Is the CMDB actively managed and verified to ensure its reliability and accuracy?

q) Are status to configuration items, their versions, location, related changes & problems, and associated documentation visible to those who require it?

r) Are there configuration audit procedures which include recording deficiencies, instigating corrective actions and reporting on the outcome?

s) Does the configuration items include: Services, systems, hardware, software, testing

products, support documents?

Remarks (if any):

9.2 Change Mgmta) Are all changes assessed, approved, implemented

and reviewed in a controlled manner?b) Do service and infrastructure changes have a

clearly defined and documented scope?c) Are all requests for change recorded and classified?

(e.g. urgent, emergency, major, minor)d) Are requests for change assessed for their risk,

impact and business benefitse) Is the manner in which the change is reversed or

remedied if un-successful included in the change mgmt process?

f) Are changes approved, then checked and implemented in a controlled manner?

g) Are all changes reviewed for success and any actions taken after implementation?

h) Are there policies and procedures to control the authorisation and implementation of emergency changes?

i) Are the schedule implementation dates of changes used as a basis for change and release scheduling?

j) Is a forward schedule of change maintained and communicated to relevant parties?

k) Are change records analysed regularly to detect



ISO 20000-1 Clauses Yes No Partial N.A.increasing level of changes, frequently recurring types, emerging trends and other relevant information?

l) Are the results and conclusions from the change analysis recorded?

m) Are actions for improvements identified from change mgmt recorded and input into a plan for improving the service?

Remarks (if any):

10 Release Process10.1Release Mgmt

a) Are one or more changes in a release into the live environment delivered, distributed and tracked?

b) Is the release policy stating the frequency and types of releases documented and agreed?

c) Is the release of the services, systems, s/w and hardware planned by the service provider with the business?

d) Are plans on how to roll out the release agreed and authorised by all relevant parties? (e.g. customers, users, operations, & support staff)

e) Does the release roll-out process include the manner in which the release shall be back-tracked or remedied if unsuccessful?

f) Do plans record the release dates and deliverables and also refer to related change requests, known errors and problems?

g) Are these information communicated to incident mgmt?

h) Are requests for change assessed for their impact on release plans?

i) Do the release mgmt procedures include the updating and changing of configuration information and change records?

j) Are emergency releases managed according to a defined process that interfaces to the emergency change mgmt process?

k) Is there a controlled acceptance test environment established to build and test all releases prior to distribution?

l) Are releases and distribution designed and implemented in a manner that the integrity of the h/w and s/w is maintained during installation, handling, packing and delivery?



ISO 20000-1 Clauses Yes No Partial N.A.m) Are success and failures of releases measured?n) Are incidents related to a release monitored during

the period following a release?o) Does the analysis include assessment on the impact

on the business, IT operations and support staff resources?

p) Is the result of the analysis used as the input to a plan to improve service?

Remarks (if any):


Documents

20000-2005 ITSM chk