Document Name:

Version:
Author:
Approval:
ISO 20000-1: 2011 Gap Analysis Questionaire
1.0
Muhammad Usman Hamid
Company Name goes here
ISO 20000-1:2011
Clause no
Question
no
Brief Description Questions
4
Service Management
system/Management
Responsibility
4.1.1 1
Management commitment -
Service Policy, scope
Has the management established a
service policy and objectives?
2
Objectives for service
management
Are objectives derived from the
service policy?
3
communicating the importance of
fulfilling service requirements
How well has the communication on
service policy been done?
4
communicating the importance of
fulfilling statutory and legal
requirements
What are the means of
communicating the regulatory and
legal requirements ?
5 ensuring provision of resources
How does the top management
provide adequate resources for the
establishment of a service
management system ?
6 conducting management reviews
Have the management reviews been
conducted as required by the
manual?
7
Ensuring risks are assessed and
managed
How well the process of risk
assessment been deployed?
4.1.2 8
Establishment of service policy as
per a to e
Has the service policy been reviewed
for adequacy? In what periodicity is it
reviewed?
4.1.3 9
Defining authorities and
responsibilities
Is the present organisation chart
comprehensive enough to include all
responsibilities as envisaged by the
standard?
10
documented procedure for
communication
Is a documented procedure for
internal communication available?
4.1.4 11 Appointment of MR
Has the MR been appointed from the
internal staff?
12 MR's work (see a to e)
Does MR have the required mandate
to carry out his/her responsibilities as
defined in the standard?
4.2 13
Governance of processes under
others ( see a to d)
How is the Governance process led by
top management? Which are the
internal groups and vendors who are
covered by the Governance process
currently?
4.3
4.3.1 14
Establishing and maintaining
documents
is there a master list of documents?
Are the release of documents done
after due approval? Is there a system
for version control?
4.3.2 15 Control of Documents- Procedure
Is there a procedure for control of
documents and is it followed?
4.3.3 16 Control of Records- procedure
Is there a procedure for control of
records and is it followed?
4.4
4.4.1 17
Determination of resources and
provision
How timely the resources are
provided to enable the company to
improve service management system
and customer satisfaction?
4.4.2 18
Competency determination for
personnel
Is there a process for determining the
competency of existing people and
providing the necessary training (or
taking other actions) to improve
them?
19 Training for people
is there a structured plan for training
people and is it well deployed
20
evaluation of effectiveness of
training
How does the management evaluate
the effectiveness of the training
programmes ( or other actions
taken)?
21
ensuring awareness of the service
management
How does the management ensure
that all the associates and service
providers are aware of the Service
management objectives and
contribute to them?
22 Maintaining records
What are the records maintained to
demonstrate the achievement of skills
by training, education and other
actions?
4.5
4.5.1 23 scope definition of SMS
Scope should cover location of
customers , location wherefrom
service is delivered and the
technology used.
4.5.2 24
service management plan see a to
l
In an organisation which is a captive
IT dept their service Quality manual
will be adequate as a service
management plan but for IT
organisations which are providing
services to the world at large the
service management plan is required
to be existing.
4.5.3 25 Operation of SMS as per a to f
For the captive IT organisation, this is
audited as a part of auditing other
requirements of standard. For IT
organisations which are providing
services to market at large, how well
these aspects a to f are understood
from customers and customised?
4.5.4.2 26 Internal audit
Are internal audits conducted as per
plan?
4.5.4.3 27 Management review
are management reviews conducted
as per plan ?
4.5.5.2 28 Management of Improvements.
Is there a service improvement plan
(or plans?)
5
Design and transition of new or
changed services
5.2 29
Plan new services Introduction
see a to j-
How the planning for introduction of
a new service go on?
30
Plan for changed service
introduction see a to j -make a
demo plan
how the planning has been done for
changed service?
31 Plan for removal of service
How is the planning done for removal
of service? Or incase of transitioning
to other service providers?
5.3 32
Service specification apply a to k
selectively
How is design and development of
service carried out?
33
Service Delivery specification
(apply a to k selectively)
34 Quality Control Specification
5.4 35 Transition of new/changed service
How does the organisation verify the
service before it is launched?
6 Service level management
6.1 36 Catalogue of services Is the service catalogue available?
37 SLAs for each service
Are SLAS documented for each
service individually?
38 Reviews of SLAs with customer
Are these SLAs being reviewed with
customer?
39
Trends of performances against
targets
what are the trends ? are targets for
the SLAs available?
40
causal analyses of non
conformities
How instances of non conformities in
meeting SLAs are dealt with?
41
Review of other groups'
performances
How are other groups' performances
reviewed?
6.2 42 Service report for each service
How does the IT report about the
status of its service to the customers?
6.3
Service continuity and availability
management
6.3.1 43 service continuity requirements
how has the IT team collected the
requirements for service continuity?
44 service availability requirements
How has the IT team collected the
requirements for service availability??
6.3.2 45 service continuity plan
what is the plan for service continuity
and availability ?
service availability plan
6.3.3 46
service continuity testing and
monitoring
How are the continuity plans getting
tested?
47
service availability testing and
monitoring
How are availability plans getting
tested?
6.4 48
Procedures for budgeting and
accounting
what are the procedures for cost
accounting and monitoring budgets?
6.5 49 Capacity management
How is the capacity being planned in
advance?
6.6
6.6.1 50 Information security policy
Is there an information security
policy?
51 Risk Management
Is the approach to security risk
management defined ?
6.6.2 52
Physical security controls on
premises
What are the physical security
controls?
53 Security Objectives Are these objectives for IT security?
54 controls on external organisations
Are controls defined for external
organisations who are involved in
service delivery?
6.6.3 55 change request analysis
How are security risks analysed for
changes proposed?
56 Incidents register
Is there a system for registering
security incidents?
7 Relationship processes
7.1 57 Account manager allocation list
Are designated account managers
available for key customers?
58
Review of performance with
customers
what is the system for performance
review with customers?
59 complaint management process
How does the organisation manage its
complaints? Is there a documented
procedure? Is there an agreement
with customer on what is a
complaint?
7.2 60
List of account managers (supplier
wise)
Are designated account managers for
key suppliers available?
61 contract of service
Does organisation have a
documented contract with each
supplier?
62
relationship of lead to
subcontracted suppliers
are the relationship between lead
supplier and the sub supplier
documented?
63
monitoring of the performance of
suppliers
How does the organisation monitor
the performance of suppliers? Is here
a documented procedure for
resolving disputes?
8 Resolution processes
8.1
Incident and service request
management
8.1 64
procedure for dealing with service
incidents
Is there a documented procedure for
dealing with incident management ?
Does it define major and minor
service incidents?
65
Procedure for dealing with service
requests
Is there a documented procedure for
dealing with service request ?
8.2 66
Procedure for problem
management
is there a documented procedure for
resolution management?
9 Control processes
9.1 67 Configuration management
Is there a documented procedure for
configuration management?
68 Configuration management-CMDB How are changes to CIs handled?
9.2 69
Change Management- change
requests
is there a documented procedure for
change management?
70 Emergency changes
How does the organisation handle
emergency changes?
71
Change management - Deploying
the changes
Check whether the deployment of
changes is taking place as per the
procedure.
9.3 72 Release and Deployment Policy
Has the organisation formulated a
release policy?
73 definition of emergency release
Is emergency release defined? Is
there a documented procedure?
74
monitoring success and failure of
release
How does the organisation monitor
success or failure of its releases?
Answers Evidences
Abbreviations used in checklist:
1. CMDB Configuration management data base
2. CI Configuration item
3 ISO International organisation for standardisation
4 MR Management Representative
5 SIP Service Improvement plan.
6. SLA Service level agreement.
7 SMS Service Management system
8 For all terms used, definitions are as per clause no 3 of the ISO 20000-1:2011 standard.
For all terms used, definitions are as per clause no 3 of the ISO 20000-1:2011 standard.