One of the objectives when creating YaSM® was to provide a service management model which is closely aligned with ISO/IEC 20000 ('ISO 20000').
Frequently, certification according to ISO 20000 is sought because it enables organizations to prove that they are customer-oriented, efficient and effective suppliers of services. The certification can thus be used for marketing purposes, or to gain access to customers and markets which require their service suppliers to be ISO 20000 certified.
Closely aligned with ISO/IEC 20000 - the YaSM model
ISO 20000 does not prescribe how the requirements are to be fulfilled, so there are many possible ways to achieve compliance. In practice, organizations need to define and implement a set of processes which as a whole fulfill all ISO 20000 requirements.
A popular solution is to turn to ITIL® [1] for advice, since ISO 20000 and ITIL® have many principles in common. The alignment of ITIL® and ISO 20000, however, is incomplete in some areas, especially regarding the requirements related to the service management system (section 4 of ISO 20000).
As a result, there was a need for a service management approach which incorporates the established ITIL® principles but offers better alignment with ISO 20000:
The YaSM service management model consists of a tightly focused set of processes, policies and document templates which provide a solution for every ISO 20000 requirement. Implementing the YaSM processes is thus a straightforward approach for obtaining ISO 20000 certification.
ISO 20000 requirements and related service management processes
As YaSM is designed to be well aligned with ISO 20000, there are one or several related YaSM processes for every section in ISO/IEC 20000:2011, Part 1 (Mandatory requirements), as exemplified in the following tables:
A detailed cross-reference between the YaSM processes and every single ISO 20000 requirement is available in the form of the YaSM - ISO 20000 Bridge, an additional component to the YaSM Process Map.
This overview omits sections 1 to 3 of ISO 20000, part 1, as they do not contain actual requirements (sections 1 to 3 cover scope, normative references, as well as terms and definitions).
The following tables are based on ISO/IEC 20000:2011, part 1.
Learn more about the next edition of the ISO 20000 standard, scheduled for publication in Q4/2018:
Processes operated by other parties are identified in the process model, which also documents the interfaces between internally and externally operated processes.
YaSM recommends setting up and managing processes operated by other parties as supporting services, governed by service definitions and service agreements.
This requirement is fulfilled by the main service management policy, the strategic plan, the process model, as well as the various policies and plans related to specific YaSM processes.
YaSM recommends managing documents as configuration items. The applicable authorities, responsibilities and controls can thus be defined for each type of document in the configuration model. Control can be exerted, for example, by appropriately configuring a document management system.
Financial resources are provided through the financial management process, which allocates the required budgets for creating, operating and improving the services and processes.
Once the financial resources are allocated, the service provider is able to acquire the necessary technical and information resources through the various YaSM processes responsible for creating, operating and improving the services and processes.
The scope of the SMS is defined in YaSM's main service management policy. The services to be delivered are defined in the service portfolio.
Instead of one all-encompassing service management plan, YaSM suggests to maintain a number of focused and more manageable plans and documents.
The process for maintaining the SMS includes activities to monitor, audit and review the service management processes and to regularly re-assess the service management policies.
The procedure for improving the SMS and the services is documented in the process model. Opportunities for improvement are documented in a number of ways, for example in the service and process review reports, as well as in the various improvement plans.
Design and transition of services
ISO/IEC 20000 section 5: 'Design and transition of new or changed services'
YaSM advises that the formal service design and build processes be used for all new or significantly changed services, where the service design policy defines the criteria for what constitutes a "significantly changed" service. Any changes required for a new or changed service will be submitted to the change assessment process.
The service build process ensures that configuration information in the CMS is updated as new services are deployed.
The project management and service build processes are responsible for the effective development and transition of the service.
Various YaSM processes contribute to the identification of the service requirements. In particular, these are the strategic process, the customer relationship process and the service design process.
The authorities and responsibilities for service design, development and transition, as well as the activities to be performed, are documented in the organization's policies, especially in the service design, service build and project management policies. Responsibilities for specific service development projects are defined in the project charters and the project plans.
The project plan specifies the design, development, testing and deployment activities in detail, including the timescales and required resources.
5.3 Design and development of new or changed services
The service owners (the individuals with ultimate responsibility for delivering the new or changed services) are identified in the service definitions. Further responsibilities and the activities to be performed for the delivery of the services are specified in the service operation manual.
The service implementation blueprint describes what is required to provide the new services, including technical infrastructure, processes, policies, external supporting services and contracts, documentation, financial resources, as well as skills and human resources.
Customer service agreements determine which services are delivered to particular customers.
The complete range of services managed by the service provider is documented in the service portfolio, which also describes the dependencies between customer services and supporting services.
Service catalogs are specific views of the service portfolio for particular customers which are maintained by the service portfolio manager.
Service quality reports are produced as part of operational activities. The reports include information on targeted vs. achieved service levels, workloads and trends, as well as exceptional events.
Furthermore, the service improvement process produces reports to document the results of service reviews.
6.3 Service continuity and availability management
Service availability and continuity targets are specified in the service definitions attached to customer service agreements.
YaSM does not stipulate an availability plan but recommends managing availability improvements like any other service improvements through service improvement plans.
With regards to service continuity, initiatives to improve service continuity are managed through the continuity improvement plan. Service continuity plans describe how service continuity is ensured for particular types of disasters.
The service operation process includes activities to constantly monitor and report service quality levels, including service availability.
The YaSM process for managing service financials is focused on budgeting and accounting for services. Other financial management processes are not covered.
Costs are budgeted and financial control is exerted through the financial management process, which prepares the financial budget, monitors expenditures and provides budget deviation analyses.
Service capacity and performance requirements are specified in the service definitions attached to customer service agreements.
YaSM does not stipulate a capacity plan but recommends managing service capacity upgrades like any other service improvements through service improvement plans.
The service operation process includes activities to constantly monitor and report workloads and service quality levels, including capacity and performance.
YaSM's process to ensure security does not relate specifically to "information security", since YaSM is a concept which can be applied by all types of organizations providing services (i.e. not only IT service providers).
The process responsible for setting up the service management system produces a set of service management policies, including a security policy. In addition, the security process produces specific supporting security policies.
The security process is specified and documented in the process model. This process includes activities to conduct risk (re-)assessments and security reviews and to identify opportunities for improvement.
YaSM's customer relationship management process contains several communication mechanisms with the customer, in particular customer meetings, customer satisfaction surveys and procedures for handling complaints.
Regular service reviews are performed as part of the service improvement process. Customers are typically invited to take part in the reviews.
YaSM recommends setting up and managing processes operated by external parties as supporting services, governed by external service agreements and defined by service definitions.
The supplier managers responsible for managing the relationships between service provider and suppliers are identified in the external service agreements.
The service operation process contains activities to continually monitor the quality of externally provided services. Services and their suppliers are also submitted to regular reviews.
The process for resolving incidents and service requests is documented in the YaSM process model. Other aspects of incident and service request resolution are documented in the incident and service request policy.
Incident and service request models are provided as guidance to personnel involved in the resolution of incidents and service requests.
There are two specific sub-processes for pro-actively informing customers and monitoring the resolution of incidents and service requests.
The process for resolving problems is documented in the YaSM process model. Other aspects of problem resolution are documented in the problem resolution policy.
The problem resolution process performs data and trend analyses to detect problems. Any identified root causes and solutions are documented in problem records.
If possible, the problem manager will identify workarounds and document them in the problem records and possibly in incident models.
The various CI types managed through the configuration management system are defined in the configuration model. Information for each CI is recorded in CI records.
YaSM refers to a configuration management system (CMS) rather than a CMDB.
YaSM's configuration management process contains the required activities to ensure reliability and accuracy of configuration information.
YaSM recommends submitting all RFCs to the change assessment process.
RFCs may be raised in different contexts, for example as part of service development projects (which typically entail a number of major changes to be implemented through the service design and build processes). Other changes may be required as part of service or process improvement initiatives or operational activities.
Irrespective of the context in which a RFC has been raised, YaSM's change assessment process will assess its potential impact and risks and decide upon the required level of authority for authorizing the proposed change.
For significant initiatives, the project management process is responsible for planning and controlling the deployment of new or changed services or service components. Typically, such initiatives require that requests for change (RFCs) are submitted to the change assessment process.
For changes on a smaller scale, it will be the responsibility of the change owners to obtain authorization for the changes through the change assessment process and to coordinate the change implementation.
YaSM defines a specific procedure for dealing with emergency changes and releases.
[ISO, 2011] International Organization for Standardization: ISO/IEC 20000-1:2011, Information technology - Service management - Part 1: Service management system requirements. - Geneva, Switzerland, April 2011.
Notes
[1] ITIL® is a registered trade mark of AXELOS Limited. - IT Infrastructure Library® is a registered trade mark of AXELOS Limited.
and Stefan Kempter 
