ISO 20k GAQM p004-017

Questions and Answers

ISO/IEC 20000-6 is specifically designed to provide guidelines and requirements for which of the following entities?

• Organizations aiming to integrate ISO/IEC 20000-1 with ISO 9001 and ISO/IEC 27001.
• IT service providers implementing ITIL framework in conjunction with ISO/IEC 20000-1.
• Organizations seeking ISO/IEC 20000-1 certification for their SMS.
• Certification bodies conducting audits of SMS based on ISO/IEC 20000-1. (correct)

Which ISO/IEC 20000 part offers guidance on harmonizing various management systems like ISO 9001, ISO/IEC 27001, and ISO/IEC 20000-1?

• ISO/IEC 20000-7 (correct)
• ISO/IEC 20000-6
• ISO/IEC 20000-11
• ISO/IEC 20000-13

ISO/IEC 20000-11, ISO/IEC 20000-12, and ISO/IEC 20000-13 share a common purpose related to ISO/IEC 20000-1. What is this shared purpose?

• Establishing the auditing processes for organizations implementing ISO/IEC 20000-1.
• Defining the certification requirements for different types of service providers.
• Providing detailed implementation guidance for specific industries.
• Comparing ISO/IEC 20000-1 with other established frameworks and models. (correct)

Several parts in the ISO/IEC 20000 series, specifically parts 4, 8, and 9, are noted as 'missing'. What is the primary reason for these gaps in the numbering sequence?

Their development was cancelled, they were withdrawn, or renumbered. (C)

ISO/IEC 20000-1:2018 is aligned with 'Annex SL'. What is the main benefit of this alignment across different ISO management system standards?

It simplifies the integration of multiple management systems. (D)

An organization already certified to ISO 9001:2015 decides to pursue ISO/IEC 20000-1:2018 certification. How does the Annex SL alignment benefit this organization?

They can reuse some of the work done for ISO 9001 due to structural similarities. (D)

While ISO/IEC 20000-1:2018 and the 2011 edition contain similar requirements, what is a significant difference between them?

The structure and organization of the requirements are significantly different in the 2018 edition. (A)

According to Clause 1 of ISO/IEC 20000-1, the standard is applicable to which scope of services?

To all types of services, including both IT and non-IT services like transport and healthcare. (D)

Which clause in ISO/IEC 20000-1 focuses on defining the environment in which the SMS and services operate?

Clause 4 - Context of the organization (C)

What is the primary focus of Clause 3 in the ISO/IEC 20000-1 standard?

Listing and defining terms used within the standard. (D)

Why is the identification of internal and external stakeholders important in the context of ISO/IEC 20000-1?

To understand their needs and expectations related to the organization's services. (A)

According to the content, what is the significance of ISO/IEC 20000-1 having no normative references in Clause 2?

It can be used as a stand-alone standard. (A)

What is the purpose of defining the scope of the SMS according to Clause 4 of ISO/IEC 20000-1?

To identify the specific parts of the organization and services included in the SMS. (B)

How does ISO/IEC 20000-3 support organizations in defining the scope of their SMS?

By offering guidance on defining the scope in complex cases, such as when using multiple suppliers. (C)

Which of the following is an example of an issue (positive or negative) that an organization should consider when defining the context of their SMS, as per Clause 4?

The availability of skilled staff in the job market. (D)

In the context of Clause 4, what distinguishes 'issues' from 'stakeholder needs' when determining the context of the organization?

Issues are internal and external factors affecting the SMS, while stakeholder needs are the expectations of interested parties. (B)

What is the primary reason for establishing service management objectives across all levels of an organization?

To make certain everyone involved is informed about the SMS goals. (D)

Which of the following best describes the role of a service management plan in an organization?

It documents the SMS structure, services, resources, and success measurement. (B)

At what point in the SMS implementation process should the necessary support for SMS and services be determined?

After establishing service management objectives and gathering relevant information. (D)

What broad categories of resources are identified as essential for supporting all phases of the SMS and service lifecycle?

Human, financial, technical, and informational resources. (D)

What is the primary justification for actively managing and assessing the competency of personnel involved in SMS operations?

To guarantee the SMS and services operate correctly and effectively. (C)

Why is it crucial for all individuals working within the SMS context to have a strong awareness of service management policies and objectives?

To provide direction for their activities, motivation, and effective support. (C)

In the context of SMS, why is it important to carefully plan 'what', 'when', 'how', and 'to whom' to communicate?

To ensure that all stakeholders are informed of their roles and expectations. (C)

How do service management objectives directly contribute to the development and effectiveness of a service management plan?

Objectives provide the foundation for defining success measurement and improvement strategies within the plan. (C)

Why is documentation crucial in service management, even when using an Agile approach?

To prove the SMS is functioning well and provide a foundation for ongoing work. (A)

What is the primary purpose of controlling service documentation related to policies, objectives, processes, and reports?

To have a reference point for the agreed way to develop, support, and improve the SMS and services. (A)

How does knowledge management support the effective operation of the SMS and its services?

By enhancing collaboration and knowledge-sharing among relevant personnel. (C)

Within Clause 8 (Operation), what does 'Operational planning and control' primarily involve?

Controlling all processes necessary to meet SMS and service requirements, including outsourced processes. (B)

How should 'Operational planning and control' be aligned to ensure service requirements are met and service management objectives are achieved?

In alignment with the service management plan and in conjunction with others. (B)

What is the main goal of 'Plan the services' within Clause 8?

To determine service requirements, identify critical services, and align them with the service management policy and objectives. (A)

Why is it important to control parties involved in the service lifecycle, even when services, components, or processes are outsourced?

To retain accountability for the whole SMS and service lifecycle end-to-end. (B)

What is an example of how Service documentation is necessary for customers?

To make use of self-service facilities. (C)

Which of the following is NOT a direct responsibility of an organization implementing a Service Management System (SMS) according to the provided content?

Outsourcing all elements within the scope of the SMS to third-party providers. (D)

A company wants to improve its service offerings and customer satisfaction. Which of the following actions would BEST support this goal through service catalogue management?

Developing multiple service catalogues tailored to different audiences, like internal and customer-facing catalogues. (A)

An organization is implementing asset management practices. Which action BEST exemplifies adherence to the asset management requirements described?

Identifying all assets, including hardware, software, and personnel, required for service provisioning and managing them to meet legal and contractual obligations. (A)

Which of the following best describes the primary objective of service planning in IT service management?

To strategically align IT services with business needs and ensure they are delivered within budget and quality expectations. (C)

In the context of configuration management, what is the PRIMARY purpose of maintaining configuration information for Configuration Items (CIs)?

To provide data that can be utilized by other service management processes like incident and change management. (D)

How does business relationship management, as described, BEST contribute to the success of service management?

By establishing communication channels between the organization and customers to understand and meet their needs and business outcomes. (A)

What is the primary goal of release and deployment management in IT service management?

To ensure that changes are implemented into the live environment in a controlled manner, minimizing disruption to services. (B)

The primary aim of incident management is to:

Restore normal service operation as quickly as possible with minimal disruption to the business. (D)

What is the PRIMARY goal of establishing Service Level Agreements (SLAs) in service level management?

To set up a framework based on agreed service requirements, ensuring agreed service levels can be consistently maintained. (C)

In supplier management, which strategy is MOST effective for ensuring suppliers support the achievement of service levels agreed with customers?

Ensuring performance targets for suppliers align with the SLAs agreed with customers. (C)

Which of the following types of requests are typically handled by service request management?

Routine requests like password resets, information inquiries, and standard access requests. (D)

What is the proactive approach of problem management primarily focused on?

Identifying and eliminating the root causes of incidents to prevent future occurrences. (A)

An organization uses an external vendor for network monitoring, which is critical for meeting its SLAs. To ensure seamless service delivery, what should the organization prioritize in its supplier management practices?

Drafting detailed contracts and documented agreements that align the vendor's performance targets with the organization's customer SLAs. (B)

How does problem management relate to incident management in IT service operations?

Problem management focuses on identifying and resolving the underlying causes of incidents that incident management addresses. (C)

What distinguishes a 'major incident' from a standard incident in IT service management?

Major incidents have a significant impact on the business, requiring greater urgency and visibility, often involving top management. (D)

Release and deployment management is closely associated with which other IT service management process when deploying changes to the live environment?

Change Management (C)

Flashcards

ISO/IEC 20000-1 applicability

ISO/IEC 20000-1 is applicable to organizations of any size, from self-employed consultants to large corporations.

Clause 2 - Normative references

This section may contain a reference to other standards that may have to be used in combination with this one.

Clause 3 - Terms and definitions

A list of terms used in the standard, defining the context of words such as 'organization', 'service', 'incident', etc.

Clause 4 - Context of the organization

This section is mostly based on the default Annex SL requirements, similar to other management system standards.

Internal and external issues

Issues both inside and outside of your organization that may have an impact on how you operate the SMS and the services.

Interested parties

Internal and external stakeholders who have an interest in what your organization does.

Scope of the SMS

Indicates what part of the organization and what services are included within the SMS.

Clause 5 - Leadership

This clause has requirements for the organization's top management

ISO/IEC 20000-6

Specifies requirements for certification bodies auditing a Service Management System (SMS) based on ISO/IEC 20000-1.

ISO/IEC 20000-7

Provides guidance on integrating management systems (e.g., ISO/IEC 20000-1, ISO 9001, ISO/IEC 27001).

ISO/IEC 20000-11

Compares ISO/IEC 20000-1 with the Information Technology Infrastructure Library (ITIL).

ISO/IEC 20000-12

Compares ISO/IEC 20000-1 with the Capability Maturity Model Integration for Services (CMMI-SVC).

ISO/IEC 20000-13

Compares ISO/IEC 20000-1 with Control Objectives for Information Technology (COBIT).

Annex SL

A high-level structure and terminology applied to all management system standards for easier integration.

Scope of ISO/IEC 20000-1

Covers the establishment, implementation, maintenance, and continual improvement of a Service Management System (SMS). Applicable to all types of services.

Clause 1 - Scope

A document that describes what the standard entails and its applicability to various service types (IT and non-IT).

Service Management Objectives

Targets for the SMS and services, regularly assessed and updated.

Service Management Plan

A document outlining services, restrictions, roles, resources, and success measurement for the SMS.

Support for SMS

Encompasses communication, competency, knowledge, resources, and documentation for the SMS and services.

Types of Resources

Financial, technical, informational...

Competency Management

Ensuring individuals have the skills and abilities for their roles in the SMS.

Awareness in SMS

Informing people about the service management policy, objectives, and services.

Communication Planning

Determining what, when, how, and to whom information should be conveyed.

Communication

A vital element for any well-functioning organization- determine what to communicate at what time, as well as how and whom.

Service Documentation

Documentation of policies, objectives, processes, and reports to guide SMS development, support, and improvement.

Knowledge Management

Knowledge needed to support the SMS and services, ensuring it's accessible.

Operational Planning and Control

Processes needed ensuring requirements of the SMS and services are met (including outsourced ones), aligned with plans and objectives.

Service Delivery

Coordinating activities and resources needed to operate the SMS and the services.

Plan the Services

Determining service requirements, aligning services with policies, objectives and requirements.

Control of Parties

Controlling services/processes outsourced to others, while retaining accountability for the SMS and service lifecycle end-to-end.

Why Documentation?

To demonstrate the effectiveness of the SMS (service management system) and to provide a foundation for the work being done.

Service Documentation for Customers

Critical for customers to effectively use self-service options, and ensures the SMS(service management system) is well-operated.

Service Management Purpose

Ensuring processes and services achieve desired outcomes and service management objectives.

Service Catalogue Management

A catalogue listing services, outcomes, and dependencies.

Asset Management

Identifying and managing assets (hardware, software, people, real estate) needed for provisioning services.

Configuration Management

Controlling elements of services throughout their lifecycle (servers, software etc.).

Business Relationship Management

Setting up communications between organization and customers to ensure needs and business outcomes are met.

Service Level Management

Establishing service level agreements (SLAs) between service provider and customers.

Supplier Management

Controlling suppliers to ensure services are provided seamlessly.

Service Level Agreements (SLAs)

Agreements between provider and customer based on agreed service requirements.

Service planning

Determines service requirements, identifies services based on criticality, aligns with budget and agreed service quality. Includes removal/transfer to other providers.

Release and deployment management

Deploying changes into the live environment, often based on approved change requests. Aims to implement new releases without unplanned interruption.

Incident management

Handling interruptions to services by recording, prioritizing, and resolving them to quickly restore service.

Service request management

Activities handled without full change management, like access requests or password resets. Focuses on efficient recording, prioritization, and fulfillment.

Problem management

Identifies and analyzes the root causes of problems to prevent future incidents.

Problem

The cause of one or more actual or potential incidents.

Handling service requests

Activities to handle requests efficiently without change management like information or access requests, or pre-approved changes.

Relationship between Problem and Incident management

Closely related to incident management, and exists to identify and analyse the root causes of problems and make sure they don't create incidents that impact services in the future.

Study Notes

• Services have existed for a long time including legal, transport, and governmental services.
• IT services led to IT Service Management (ITSM) to control services and their costs.
• ITSM has been generalized to Service Management by applying its principles to other services than IT.
• Most services today contain some IT component, such as a payment method or a website.
• The ISO/IEC 20000-1 standard refers to Service Management rather than ITSM to show its applicability to all service types.
• Service management should not be an old-fashioned, rigid framework that slows down positive changes.
• The fast pace of service development, driven by customer needs, makes developers believe traditional service management should give way to newer frameworks like Lean, Agile, and DevOps.
• The ISO/IEC 20000-1 standard supports newer methodologies and traditional approaches to service management.
• The ISO/IEC 20000-1 standard only states what service management processes should conform to, not how processes should be implemented.
• This provides flexibility for organizations to implement processes suitable to their circumstances.
• Frameworks like ITIL can be modified to suit an organization's needs.
• Adapt service management practices to your organization's culture to maximize the outcome.
• ISO/IEC 20000-1 requirements can be adapted to management practices and services.
• It applies to waterfall and continuous delivery practices, depending on service management policy, principles, and organizational culture.
• Service management is valuable because it enables a flexible structure adapted to the organization's culture.
• This structure provides a framework for autonomy and decision-making.
• Customers expect value from services, and management has a structure that promotes efficiency, reduces costs, and keeps customers satisfied.

The ISO/IEC 20000 Standard

• The ISO/IEC 20000 is a series of ten documents.
• The primary standard ISO/IEC 20000-1:2018 is included.
• ISO decided to distinguish these documents as parts of the 20000 series by assigning numbers to them, hence the primary standard is 20000-1..
• ISO/IEC 20000-1: International standard for Service Management System requirements.
• ISO/IEC 20000-10: General series introduction, containing descriptions of aims.
• ISO/IEC 20000 contains all terms and definitions used in the series, parts, and related ISO standards.
• ISO/IEC 20000-2 (Part 2): Larger document providing further guidance on interpreting and implementing requirements of Part 1.
• ISO/IEC 20000-3 (Part 3): Guidance on defining the scope for Part 1 implementation.
• ISO/IEC 20000-5 (Part 5): Implementation plan example for an SMS according to Part 1 with guidance on a business case and templates.
• ISO/IEC 20000-6 (Part 6): Requirements for SMS certification bodies based on ISO/IEC 20000-1 for both the 2011 and 2018 editions.
• ISO/IEC 20000-7 (Part 7): Guidance on integrating management systems based on ISO/IEC 20000-1, ISO 9001 (quality management), and ISO/IEC 27001 (information security management).
• ISO/IEC 20000-11 (Part 11): Comparison between Part 1 and ITIL.
• ISO/IEC 20000-12 (Part 12): Comparison between Part 1 and CMMI-SVC.
• ISO/IEC 20000-13 (Part 13): Comparison between Part 1 and COBIT.
• Parts 4, 8, and 9 are missing due to cancellation, withdrawal, or renumbering.

Structure and Contents of ISO/IEC 20000-1:2018

• ISO/IEC 20000-1 is aligned with the "Annex SL" high-level structure and terminology, an appendix to the ISO Directives.
• The Annex SL structure is applied to all management system standards, including ISO 9001, ISO/IEC 27001, ISO 14001, and ISO/IEC 20000-1.
• This structure results in many identical or similar requirements across standards, easing the integration of multiple management systems.
• Previous ISO 9001:2015 certification work can be re-used for ISO/IEC 20000-1:2018 certification.
• The new structure of ISO/IEC 20000-1:2018 differs from the 2011 edition, with similar requirements in different places.
• Appendix B shows all the changes between the two editions.

Scope

• Clause 1 gives a general description of the standard.
• ISO/IEC 20000-1 covers the establishment, implementation, maintenance, and continual improvement of an SMS.
• The standard is applicable to IT services (like cloud hosting) and non-IT services (like transport or health care).
• The standard is applicable to organizations of all sizes, from self-employed consultants to large corporations.

Normative References

• Clause 2 contains references to other standards for combined use.
• Since ISO/IEC 20000-1 has no references, it can be used as a stand-alone standard.

Terms and Definitions

• Clause 3 lists terms used in the standard with context, such as 'organization', 'service', and 'incident'.
• Many terms come from Annex SL, indicated in Clause 3.1, with others added for ISO/IEC 20000-1 in Clause 3.2.
• The list of terms and definitions in ISO/IEC 20000-1 is identically included in ISO/IEC 20000-10.

Context of the Organization

• Clause 4 describes the actual SMS requirements, is mostly based on default Annex SL requirements, similar to other management system standards.
• Clause 4 asks you perform activities to determine the environment for the SMS and services.
• The process includes identifying internal and external issues that impact the operation, objectives, and customer value.
• These issues can be positive or negative, like competition or staff availability.
• Identify internal and external stakeholders ("interested parties") who have an interest in what your organization does,
• Examples of stakeholders are employees, customers, regulators, HR team, competitors and unions.
• Stakeholders interact with you and have expected needs.
• Define a scope for the SMS, indicating the included part of the organization and services.
• Clause 4 has a following statement: "Tie SMS supporting the utility services provided by Clean Water, Inc. from Jakarta, Indonesia". ISO/IEC 20000-3 helps to define SMS scope in more complex cases, like when using multiple suppliers.

Leadership

• Clause 5 has requirements for the organization's top management.
• Top management is the people accountable for the SMS, who need to back the establishment of the SMS.
• They need to support the SMS and have an appropriate level of involvement to successfully implement and run an SMS that supports the services delivered to the customers.
• Leadership support is key to running a successful SMS.
• Top management needs to explicitly show their involvement in the following areas:
• Ensuring a service management policy (overall direction for the SMS).
• Service management objectives (measurable targets for the SMS).
• A service management plan (implementation and maintenance of the SMS) that are created and communicated to all involved parties.
• Ensuring third parties such as suppliers involved in the SMS are controlled through service level agreements (SLAs).
• Ensuring the SMS meets its objectives and the services meet their outcomes.
• This is done by the measurement of service management objectives and the customer SLAs.
• Making resources available such as staff, information, budgets, and technical resources, to run the SMS and services.
• Assigning roles, authorities and responsibilities to the right people so they can independently make relevant decisions.
• Top management differs from a governing body; the latter is part of larger companies.
• The governing body consists of a board of directors, who have a strategic role rather than a management one.
• A governing body would be responsible for governance, direction and monitoring of the organization.
• Top management would apply implemented methods for them in an operational environment.
• In smaller companies, the roles of the governing body and top management may be fulfilled by the same person(s).
• Governance of IT is covered in ISO/IEC 38500.
• The service management policy is a high-level statement of intention and direction for the SMS and services.
• It should show commitment to satisfy SMS requirements.

Planning

• Clause 6 contains requirements for the planning of the SMS, including risk management, setting service management objectives and planning to create the SMS itself.
• Risk management is required to assess SMS and service risks and opportunities.
• The risks derive from issues and stakeholders identified in Clause 4, and should assessed and treated where required.
• Service management objectives must be set at all organizational levels to make everyone aware of SMS goals.
• Service management objectives state measurable SMS and service targets, being regularly assessed and updated where needed.
• These can be part of regular performance objectives many organizations set annually.
• Based on information gathered in Clauses 4 to 6, you can plan the actual SMS.
• This should be documented in a service management plan, containing:
  • A list of services
  • Restrictions and obligations
  • Assigned SMS support authorities
  • Resources needed
  • Measurement, assessment, and improvement of SMS success.
• This helps personnel understand their purpose and deliver services.

Support

• Clause 7 states that the support needed for the SMS and the services can be determined.
• It includes requirements for communication, competency, knowledge, awareness, providing resources for the SMS and creating and maintaining documentation for it
• Resources need to be available to support all phases of the SMS and services lifecycle (These include human, financial, technical and information resources).
• The competence of people supporting the SMS and services needs to be planned, assessed and managed.
• Education and experience increase where required to have the right person to perform the right job.
• All people working in the context of the SMS recognize the service management policy, objectives and services, for direction, motivation, and understanding for support.
• Communication is vital to any functioning organization.
• Determine when, how, and what to communicate to make relevant stakeholders are aware of expectations.
• Service management, even with an Agile approach, needs some documentation to prove SMS functioning.
• Service documentation relating to policies, objectives, processes and reports needs to be maintained for agreed way to develop, support and improve SMS and services.
• The section's final subject is knowledge to decide what for supporting SMS and services, making sure access by people who need it.
• Knowledge may include documentation, databases with incident tickets, or design specifications.
• This contributes operational efficiencies in SMS/Services.
• Service documentation ensures well-operated, accessible SMS.

Operation

• Clause 8 contains all requirements for the main service management processes.
• It is the standard's largest section, with extensive requirements for the following processes and activities:
• Operational Planning: Control all processes needed to meet SMS/service needs, including those outsourced to third parties.
• Service Delivery: Coordinate the activities and resources needed to operate the SMS and the services.
• Plan the services: Determine requirements, identify services based on criticality and align them with the service management policy, objectives and requirements.
• Service Objectives: Plan the services effectively so both business objectives of the service provider and outcomes of SMS are achieved
• Control of parties involved in the service lifecycle requires you control outsourced services/components, retaining accountability for SMS and service lifecycle end-to-end.
• This is to make certain all Services and processes generate their desired outcomes, and the service management objectives are achieved.
• It is explicit that not all elements in scope of one SMS may be outsourced.
• The requirements in clauses 4 and 5 yourself, may be achieved requirements in clauses 6 to 10 with third parties.
• Service catalogue management includes a creation of services, outcomes and dependencies for the benefit of internal organization and customer expectations.
• Create service catalogues for different audiences, such as a internal one and a customer-facing one.
• Asset management has a requirement to identify assets (people, software, hardware, real estate) so they are managed to meet service requirements and obligations/ legal and contractual requirements.
• Configuration management applies to the elements of services throughout the lifecycle is known as configuration items (CI).
• Examples include software, Be servers, trucks and vital components the service is providing.
• Maintain configuration information for other processes, for incident an change management.
• Business relationship management refers to setting up communications between your organization & customers for service to ensure satisfaction. Reviews should measure customer satisfaction and that customer complaints are handled effectively.
• Service level agreements (SLAs) should be established between customer and service provider to maintain agreed service levels.
• Supplier management includes controlled (internal, external or customers acting as a supplier) for seamless service provision.
• Create contracts, with documented agreements, with both internal and external organizations that act as suppliers.
• Supplier performance objectives should be aligned with customer SLAs because there is a risk of not meeting their performance objectives.
• Budgeting and accounting for services should be part of overall financial management but applied to the services in the SMS.
• The standard keeps you track and control the budget to make informed, based on the financial performance.
• Demand Management: Requires that you monitor the services demand.
• Capacity management means that resources supporting the service should meet short-term and long-term requirements, must be measured, adjusted (bandwidth).
• This would encompass for example; people, computers and resources, linking to clause 5 + 7 requirements.
• Change management is processes that must be controlled to eliminate unwanted outages/quality reduction.
• Change management states the types of changes (standard, emergency, minor, major) as well as best manage their direction.
• It includes who can approve the changes and flexibility, where changes have been initiated, properly evaluated and approved before they are carried out with deployment management.
• This increases the service stability.
• Service design and transition: focuses on managing change requests to new or existing services categorized as the change management policy as per a project. It shows Clause 6.3 conformance and that 6.2 objectives are achieved.
• Service delivery: coordinate activities resources needed to deliver the SMS and services..
• Planning the services: establish quality levels delivered and budgets managed.
• Plan the services: the process involves building and transitioning to a live environment which involves the lifecycle management exercising control.
• It shows that you must delivered them with in agreed service requirements delivered with the service quality in mind.

More on Clause 8

• Release and deployment management: deployed live, based on approved change/service requests, either a single change, or groups of changes batched as single releases.
• These manage a change, ensures releases implemented without unplanned interruptions.
• Incident management: interruptions stem from human/tech reasons, where recording-prioritizing is managed.
• This gets the back up and running, but finds a specific fix, where significant incidents command attention from executive management.
• service request management: is service request activities without the change approval management, such as access data reset, these requests must efficiently fulfill, prioritize which would allow the customers will continue to benefit.
• Problem management: identifies problem incidents where requests should fixes requests, should the requests not work.
• Management of service availability: considers continued use for these and reduce risks/hazarding.
• Continuously monitor/update goals vs. available targets.
• Continuity in the service: manages service to identify continuity issues and manage risks.
• All services generate part of overall business continuity, so that that client can reliably use/maintain service.
• Information Security Management means ISO/IEC 27000 requirements are relatively tight and light in comparison
• A policy on direction + SMS will be to have service, confidentially/available for intended use.
• This helps the assessment of risk setting physical badges and cyber-attacks prevention systems to keep info secure, while incidents should follow that principle.

Performance Evaluation

• Clause 9 covers the SMS evaluation, with reporting, internal audit, and measurement.
• It is based on Annex SL, but has service reporting requirements that monitor, evaluate, analyze so it is organization/effectively-managed.
• Metrics of SMS/service must be assessed + provided, serving it's input, assess a regular meeting, so a chance can assess SMS/service.
• A regular audit is required: providing information for requirements, should they be the case.
• It must be free of influence from people of the audited area.
• Reporting is performed throughout for the correct decisions and to ensure all aspects/features are applied/working.

Improvement

• Clause 10's goal is ways to improve an SMS, where nonconformities can be addressed, ensured and resolved for a quality experience.
• The clause provides corrective plans for all SMS/organizational needs
• To continuously create value for the consumer through customer feedback and meet targets.