Free ISO 20000 Gap Analysis Tool

Find out your level of compliance with ISO 20000

Save my progress and resume later | Resume a previously saved form

Resume Later

In order to be able to resume this form later, please enter your email and choose a password.

Your Email:

A Password:

Confirm Password:

Password must contain the following:

12 Characters
1 Uppercase letter
1 Lowercase letter
1 Number
1 Special character

* Please use a different unique password every time you are saving your progress and intend to resume later.

PROCESSES:

SERVICE MANAGEMENT SYSTEMINCIDENT AND SERVICE REQUEST MANAGEMENTPROBLEM MANAGEMENTCONFIGURATION MANAGEMENTCHANGE MANAGEMENTRELEASE AND DEPLOYMENT MANAGEMENTDESIGN AND TRANSITION OF NEW OR CHANGED SERVICESSERVICE LEVEL MANAGEMENTSERVICE REPORTINGSERVICE CONTINUITY AND AVAILABILITY MANAGEMENTBUDGETING AND ACCOUNTING FOR SERVICESCAPACITY MANAGEMENTINFORMATION SECURITY MANAGEMENTBUSINESS RELATIONSHIP MANAGEMENTSUPPLIER MANAGEMENT

SERVICE MANAGEMENT SYSTEM (SMS)

Can you provide evidence of top management's commitment to planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the SMS and the services?

YesNo

Do you have SMS in place?

YesNo

Do you have a SMS policy in place?

YesNo

Do you have implemented documented procedures for communication?

YesNo

Does your top management appoint a member of the service provider's management who has the overall responsibility for the SMS?

YesNo

Do you have a procedure for document and record control?

YesNo

Do you have records of education, training, skills and experience of your human resources needed to establish, implement and maintain the SMS and the services?

YesNo

Do you have a defined scope of the SMS?

YesNo

Do you have a SMS plan in place?

YesNo

Do you have methods for monitoring and measuring the SMS and the services?

YesNo

Do these methods include internal audits and management reviews?

YesNo

Do you document nonconformities to the SMS and define corrective actions?

YesNo

Is Management review performed at planned intervals?

YesNo

Is there a policy on continual improvement of the SMS and the services?

YesNo

Is there a documented procedure including the authorities and responsibilities for identifying, documenting, evaluating, approving, prioritizing, managing, measuring and reporting of improvements?

YesNo

Are opportunities for improvement, including corrective and preventive actions, documented?

YesNo

Your score for this process is:

Your readiness for this process is:

INCIDENT AND SERVICE REQUEST MANAGEMENT

Is the Incident and Service Request Management process set, so that process steps, interfaces to other processes, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Does a documented procedure for managing incidents and service request exists?

YesNo

Does documented procedure for all incidents and service requests define:

- recording

YesNo

- allocation of priority

YesNo

- classification

YesNo

- updating of records

YesNo

- escalation

YesNo

- resolution

YesNo

- closure

YesNo

Is prioritization (i.e. allocation of priority in scope of the process) of incidents and service requests based on:

- impact

YesNo

- urgency

YesNo

Can personnel involved in the incident and service request management process access all information resources that are required (Service request management procedures, Known errors, Problem resolutions, CMDB)?

YesNo

Are customers informed of the progress of their reported incident or service request?

YesNo

Does documented and agreed definition of a major incident exist with every customer?

YesNo

Your score for this process is:

Your readiness for this process is:

PROBLEM MANAGEMENT

Is the Problem Management process set, so that process steps, interfaces to other processes, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Does a documented procedure for managing problems exist?

YesNo

Documented procedure for all problems defines:

- identification

YesNo

- recording

YesNo

- allocation of priority

YesNo

- classification

YesNo

- updating of records

YesNo

- escalation

YesNo

- resolution

YesNo

- closure

YesNo

Are data and trends on incidents and problems analyzed to identify known errors, root causes and their potential preventive actions?

YesNo

Are problems requiring changes to a CI resolved by raising a request for change?

YesNo

Your score for this process is:

Your readiness for this process is:

CONFIGURATION MANAGEMENT

Is the Configuration Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Are Configuration Items (CIs) defined and is a Configuration Management Database (CMDB) in place?

YesNo

Is a definition of each type of CI documented?

YesNo

Are all CIs recorded and uniquely identified by:

a) description of the CI;

YesNo

b) relationship(s) between the CI and other CIs;

YesNo

c) relationship(s) between the CI and service components;

YesNo

d) status;

YesNo

e) version;

YesNo

f) location;

YesNo

g) associated requests for change;

YesNo

h) associated problems and known errors?

YesNo

Is a documented procedure for recording, controlling and tracking versions of CIs in place?

YesNo

Are records stored in the CMDB audited at planned intervals?

YesNo

Is a configuration baseline of the affected CIs taken before deployment of a release into the live environment?

YesNo

Are master copies of CIs recorded in the CMDB stored in secure physical or electronic libraries referenced by the configuration records (this includes at least documentation, license information, software and, where available, images of the hardware configuration)?

YesNo

Your score for this process is:

Your readiness for this process is:

CHANGE MANAGEMENT

Is the Change Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Is the Change Management policy in place?

YesNo

Does a definition of change to a service with the potential to have a major impact exist?

YesNo

Is there a documented procedure for requests for change?

YesNo

Does procedure define:

- recording of changes

YesNo

- change classification

YesNo

- change assessment

YesNo

- change approval?

YesNo

Is a definition of an emergency change documented and agreed with the customer(s)?

YesNo

Is a request for change in place?

YesNo

Are all changes to a service or service component raised using a request for change?

YesNo

Are all requests for change:

- recorded

YesNo

- classified?

YesNo

Are approved changes developed and tested?

YesNo

Does a schedule of change exist?

YesNo

Do you review changes for effectiveness and take actions if needed?

YesNo

Your score for this process is:

Your readiness for this process is:

RELEASE AND DEPLOYMENT MANAGEMENT

Is the Release and Deployment Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Is a release policy established and agreed with customers?

YesNo

Is deployment of new or changed services and service components into the live environment planned with the customer and interested parties?

YesNo

Is planning also coordinated with the change management process?

YesNo

Does planning include:

- references to the related requests for change

YesNo

- known errors and problems which are being closed through the release

YesNo

- the dates for deployment of each release, deliverables and methods of deployment?

YesNo

Does a definition of an emergency release exist and is it documented and agreed with the customer?

YesNo

Are emergency releases managed according to a documented procedure that interfaces to the emergency change procedure?

YesNo

Are releases built and tested prior to deployment?

YesNo

Are activities required to reverse or remedy an unsuccessful deployment of a release planned and (where possible) tested?

YesNo

Are unsuccessful releases investigated and agreed actions taken?

YesNo

Your score for this process is:

Your readiness for this process is:

DESIGN AND TRANSITION OF NEW OR CHANGED SERVICES

Is the Design and Transition of New or Changed Services process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Do all new services and changes to services with the potential to have a major impact on services or the customer use this process?

YesNo

Does the Change Management process control assessment, approval, scheduling and reviewing of new or changed services in the scope of Design and Transition of New or Changed Services process?

YesNo

Is planning for the new or changed services agreed with the customer and interested parties?

YesNo

Is the plan for the removal of the service(s) made (valid for services that are to be removed)?

YesNo

Are new or changed services designed and documented?

YesNo

Are new or changed services tested to verify that they fulfill the service requirements and documented design?

YesNo

Are new or changed services verified against service acceptance criteria agreed in advance by the service provider and interested parties?

YesNo

Is the release and deployment management process used to deploy approved new or changed services into the live environment?

YesNo

Your score for this process is:

Your readiness for this process is:

SERVICE LEVEL MANAGEMENT

Is the Service Level Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Are services to be delivered agreed with the customer?

YesNo

Is the catalogue of services agreed with the customer?

YesNo

Does the catalogue of services include the dependencies between services and service components?

YesNo

Is one or more SLAs agreed with the customer for each service delivered?

YesNo

Are service requirements taken into consideration when creating SLAs?

YesNo

Do SLAs include:

- agreed service targets

YesNo

- workload characteristics

YesNo

- exceptions?

YesNo

Are services and SLAs reviewed with the customer at planned intervals?

YesNo

Do you monitor:

- trends

YesNo

- and performance

YesNo

against service targets at planned intervals?

Do you have a documented agreement to define the activities and interfaces between the two parties for service components provided by an internal group or the customer, which is developed, agreed, reviewed and maintained?

YesNo

Is performance of the internal group or the customer against agreed service targets and other agreed commitments monitored, at planned intervals?

YesNo

Your score for this process is:

Your readiness for this process is:

SERVICE REPORTING

Is a description of each service report documented and agreed with interested parties?

YesNo

Does it include identity, purpose, audience, frequency and details of the data source(s)?

YesNo

Does service reporting include at least:

- performance against service targets

YesNo

- relevant information about significant events, including at least major incidents, deployment of new or changed services and the service continuity plan being invoked

YesNo

- workload characteristics including volumes and periodic changes in workload

YesNo

- trend information

YesNo

- customer satisfaction measurements

YesNo

- service complaints?

YesNo

Your score for this process is:

Your readiness for this process is:

SERVICE CONTINUITY AND AVAILABILITY MANAGEMENT

Is the Service Continuity and Availability Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are risks to service continuity and availability assessed and documented?

YesNo

Are service continuity and availability requirements identified and agreed with the customer and interested parties?

YesNo

Do the agreed requirements take into consideration applicable business plans, service requirements, SLAs and risks?

YesNo

Are service continuity and availability plan(s) created, implemented and maintained?

YesNo

Does the service continuity plan(s) include at least:

- procedures to be implemented in the event of a major loss of service, or reference to them;

YesNo

- availability targets when the plan is invoked;

YesNo

- recovery requirements;

YesNo

- approach for the return to normal working conditions?

YesNo

Does the availability plan(s) include at least:

- availability requirements

YesNo

- availability targets?

YesNo

Is availability of services monitored, are the results recorded and compared with agreed targets?

YesNo

Are service continuity and availability plans tested against the service continuity requirements and are appropriate actions taken?

YesNo

Are service continuity and availability plans re-tested after major changes to the service environment in which the service provider operates?

YesNo

Your score for this process is:

Your readiness for this process is:

BUDGETING AND ACCOUNTING FOR SERVICES

Is the Budgeting and Accounting for Services process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Is there a policy and documented procedure for Budgeting and Accounting for Services components?

YesNo

Does it include at least:

-- assets — including licenses — used to provide the services,

YesNo

-- shared resources,

YesNo

-- overheads,

YesNo

-- capital and operating expenses,

YesNo

-- externally supplied services,

YesNo

-- personnel,

YesNo

-- facilities?

YesNo

Is there effective financial control and approval in place?

YesNo

Is there in place:

- monitoring and reporting of costs against the budget,

YesNo

- review of the financial forecasts

YesNo

- and costs management?

YesNo

Your score for this process is:

Your readiness for this process is:

CAPACITY MANAGEMENT

Is the Capacity Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Are capacity and performance requirements identified and agreed with the customer and interested parties?

YesNo

Is the capacity plan created, implemented and maintained?

YesNo

Are the following resources taken into consideration:

- human,

YesNo

- technical,

YesNo

- information

YesNo

- and financial

YesNo

Are changes to the capacity plan controlled by the change management process?

YesNo

Does the capacity plan include at least:

- current demand for services;

YesNo

- forecasted demand for services;

YesNo

- time-scales, thresholds and costs for upgrades to service capacity;

YesNo

- potential impact of statutory, regulatory, contractual or organizational changes;

YesNo

- potential impact of new technologies and new techniques;

YesNo

- procedures to enable predictive analysis, or reference to them?

YesNo

Is there in place monitoring of capacity usage, analysis of capacity data and tuning of performance?

YesNo

Is there sufficient capacity to fulfil agreed capacity and performance requirements?

YesNo

Your score for this process is:

Your readiness for this process is:

INFORMATION SECURITY MANAGEMENT

Is the Information Security Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Is there an information security policy in place?

YesNo

Does management with appropriate authority take the following into consideration while approving an information security policy:

- the service requirements,

YesNo

- statutory and regulatory requirements

YesNo

- and contractual obligations?

YesNo

Does management communicate the information security policy and the importance of conforming to the policy to:

-- appropriate personnel within the service provider,

YesNo

-- appropriate personnel within customers

YesNo

-- appropriate personnel within suppliers?

YesNo

Are information security controls implemented and operated on a physical, administrative and technical level?

YesNo

Is effectiveness of information security controls reviewed and necessary actions and reports taken?

YesNo

Are external organizations that have a need to access, use or manage the organization's information or services identified?

YesNo

Are requests for change assessed to identify new or changed information security risks and potential impact on the existing information security policy and controls?

YesNo

Are information security incidents managed using the incident management procedures, with a priority appropriate to the information security risks?

YesNo

Your score for this process is:

Your readiness for this process is:

BUSINESS RELATIONSHIP MANAGEMENT

Is the Business Relationship Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Is there a designated individual who is responsible for managing the customer relationship and customer satisfaction for each customer?

YesNo

Are communication mechanisms with the customer established?

YesNo

Is performance of the services reviewed at planned intervals, with the customer?

YesNo

Are changes to the documented service requirements controlled by the Change Management process?

YesNo

Are changes to the SLAs coordinated with the Service Level Management process?

YesNo

Is the definition of a service complaint agreed with the customer?

YesNo

Is there a documented procedure to manage service complaints from the customer?

YesNo

Where a service complaint is not resolved through the normal channels, is escalation provided to the customer?

YesNo

Do you measure customer satisfaction at planned intervals based on a representative sample of the customers and users of the services?

YesNo

Are the results analyzed and reviewed to identify opportunities for improvement?

YesNo

Your score for this process is:

Your readiness for this process is:

SUPPLIER MANAGEMENT

Is the Supplier Management process set, so that process steps, interfaces to other processes and functions inside the organization, roles and responsibilities are defined?

YesNo

Are measurement and reporting set and regularly carried out?

YesNo

Is there, for each supplier, a designated individual who is responsible for managing the relationship, the contract and performance of the supplier?

YesNo

Do you agree on a documented contract with the supplier?

YesNo

Does the contract contain or include a reference to:

- scope of the services to be delivered by the supplier;

YesNo

- dependencies between services, processes and the parties;

YesNo

- requirements to be fulfilled by the supplier;

YesNo

- service targets;

YesNo

- interfaces between service management processes operated by the supplier and other parties;

YesNo

- integration of the supplier's activities within the SMS;

YesNo

- workload characteristics;

YesNo

- authorities and responsibilities of the service provider and the supplier;

YesNo

- reporting and communication to be provided by the supplier;

YesNo

- basis for charging?

YesNo

Do you agree with the supplier service levels to support and align with the SLAs between the service provider and the customer?

YesNo

Do you verify that lead suppliers are managing their sub-contracted suppliers to fulfil contractual obligations?

YesNo

Is performance of the supplier monitored at planned intervals?

YesNo

Your score for this process is:

Your readiness for this process is:

Report of your readiness:

SEE REPORT[To see a complete report of your inputs, please open all the processes that you entered.]

REPORT

PROCESS	Score	Readiness
SERVICE MANAGEMENT SYSTEM
INCIDENT AND SERVICE REQUEST MANAGEMENT
PROBLEM MANAGEMENT
CONFIGURATION MANAGEMENT
CHANGE MANAGEMENT
RELEASE AND DEPLOYMENT MANAGEMENT
DESIGN AND TRANSITION OF NEW OR CHANGED SERVICES
SERVICE LEVEL MANAGEMENT
SERVICE REPORTING
SERVICE CONTINUITY AND AVAILABILITY MANAGEMENT
BUDGETING AND ACCOUNTING FOR SERVICES
CAPACITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
BUSINESS RELATIONSHIP MANAGEMENT
SUPPLIER MANAGEMENT

NOTE: Results presented in this report do not imply readiness for ISO 20000 certification. It gives you an overview regarding where the most weak points are. For ISO 20000 readiness, all requirements specified in ISO 20000-1 must be fulfilled.

NOTE: Please open all the elements that you want to be emailed to you.

Enter your e-mail address

[The results will be sent to entered e-mail address]

Save my progress and resume later | Resume a previously saved form

Contact Information

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what your rights are, see this Privacy Notice.

Branimir Valentic
Lead ISO 20000 expert

Have any question about any step?

Talk with our consultants for free

SCHEDULE FREE CONSULTATION

English

Deutsch
Español

Products

Conformio

Toolkits

Training

Experta

Company Training Academy
Resources

Articles

Webinars

Courses

Free Downloads

Tools

Live Consultations

Consultant Directory
Standards & Regulations

ISO 27001

ISO 22301

ISO 13485

ISO 9001

ISO 14001

ISO 45001

ISO 20000

ISO 17025

NIS 2

DORA

EU GDPR

EU MDR

IATF 16949

AS9100

Compliance in general
Advisera

About Us

For Consultants

Contact Sales

Terms of Use
Help

Help Center

Contact Support

Partnerships

Products by framework:

By Type

Where to Start

Other

Solutions for industries:

Branimir Valentic

Free ISO 20000 Gap Analysis Tool

Find out your level of compliance with ISO 20000

Have any question about any step?

Products

Resources

Standards & Regulations

Advisera

Help