ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 40 develops and facilitates the development of international standards, technical reports, and technical specifications within the fields of IT service management and IT governance, with a focus in IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance.[1] The international secretariat of ISO/IEC JTC 1/SC 40 is Standards Australia (SA), located in Australia.[2]

History

edit

ISO/IEC JTC 1/SC 40 was formed at the November 2013, 28th JTC 1 Plenary held in Perros-Guirec, France. The subcommittee was established via Resolution 21 from this meeting, and its scope, secretariat, and possible liaisons determined.[3] The new subcommittee combines the work of ISO/IEC JTC 1/WG 8 Governance of IT, ISO/IEC JTC 1/SC 7/WG 25 IT service management, and ISO/IEC JTC 1/SC 7/WG 27 IT enabled services/BPO (ITES/BPO).[1]

Scope

edit

The scope of ISO/IEC JTC 1/SC 40 is:[3][4][5][6]

"Standardization of IT Service Management and IT Governance"

Develop standards, tools, frameworks, best practices and related documents for IT Service Management and IT Governance, including areas of IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance, but excluding subject matter covered under the scope and existing work programs of JTC 1/SC 27 and JTC 1/SC 38.

The work will initially cover:

  • Governance of IT, including the development of the ISO/IEC 38500 series standards and related documents.
  • Operational aspects of Governance of IT, including ISO/IEC 30121 Information Technology — Governance of digital forensic risk framework, and interfaces with the management of IT as well as the role of governance in the area of business innovation.
  • All aspects relating to IT service management, including the development of the ISO/IEC 20000 series standards and related documents.
  • All aspects relating to IT-Enabled Services — Business Process Outsourcing, including the development of the ISO/IEC 30105 series standards and related documents.

Structure

edit

ISO/IEC JTC 1/SC 40 is made up of three working groups (WGs), three study groups (SGs), and one advisory group (AG), each of which carries out specific tasks in standards development within the field of IT Service Management and IT Governance. The focus of each working group is described in the group’s terms of reference. The working groups, study groups, and advisory group of ISO/IEC JTC 1/SC 40 are:[7]

Working Group Title
ISO/IEC JTC 1/SC 40/WG 1 Governance of Information Technology
ISO/IEC JTC 1/SC 40/WG 2 IT Service Management
ISO/IEC JTC 1/SC 40/WG 3 IT Enabled Services - Business Process Outsourcing
ISO/IEC JTC 1/SC 40/SG 1 General Study Group on Future Work
ISO/IEC JTC 1/SC 40/SG 2 Study Group on Service Maintenance (complete)
ISO/IEC JTC 1/SC 40/SG 3 Study Group on the governance and service management of IT and IT-enabled business services provided by multiple service providers
ISO/IEC JTC 1/SC 40/CAG 1 Chairman Advisory Group

Collaborations

edit

ISO/IEC JTC 1/SC 40 works in close collaboration with a number of other organizations or subcommittees, both internal and external to ISO or IEC, in order to avoid conflicting or duplicative work. Organizations internal to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 40 include:[8]

  • ISO/IEC JTC 1/SC 7, Software and systems engineering
  • ISO/IEC JTC 1/SC 27, IT security techniques
  • ISO/IEC JTC 1/SC 38, Distributed application platforms and services (DAPS)
  • ISO/TC 171, Document management applications
  • ISO/TC 258, Project, programme and portfolio management
  • ISO/PC 259, Outsourcing

Organizations external to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 40 include:

Member countries

edit

Countries pay a fee to ISO to be members of subcommittees.[9][10]

The 28 "P" (participating) members of ISO/IEC JTC 1/SC 40 are: Australia, Brazil, Canada, China, Côte d'Ivoire, Denmark, Finland, France, Germany, India, Italy, Japan, Republic of Korea, Luxembourg, Netherlands, New Zealand, Peru, Poland, Portugal, Romania, Russian Federation, Rwanda, Singapore, South Africa, Spain, Sweden, United Kingdom, and United States of America[2]

The 10 "O" (observing) members of ISO/IEC JTC 1/SC 40 are: Argentina, Austria, Belgium, Czech Republic, Hong Kong, Islamic Republic of Iran, Ireland, Kenya, Switzerland, and Uruguay.

Standards

edit

ISO/IEC JTC 1/SC 40 currently has 11 published standards, as well as various other standards or technical reports under development within the field of IT service-management and IT governance. These include:[11][12]

ISO/IEC Standard Title Status Description
ISO/IEC 20000-1 Information technology – Service management – Part 1: Service management system requirements Published (2011) Specifies the requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain, and improve a service management system (SMS)[13]
ISO/IEC 20000-2 Information technology – Service management – Part 2: Guidance on the application of service management systems Published (2012) Provides guidance on the application of SMS based on the requirements of ISO/IEC 20000-1[14]
ISO/IEC 20000-3 Information technology – Service management – Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 Published (2012) Provides guidance on scope definition, applicability and demonstration of conformity to the requirements in ISO/IEC 20000-1. Guidance on the different types of conformity assessment and assessment standards is included. [15]
ISO/IEC TR 20000-4 Information technology – Service management – Part 4: Process reference model Published (2010) The purpose of ISO/IEC TR 20000-4:2010 is to facilitate the development of a process assessment model according to ISO/IEC 15504 process assessment principles. [16]
ISO/IEC TR 20000-5 Information technology – Service management – Part 5: Exemplar implementation plan for ISO/IEC 20000-1 Published (2013) Provides guidance on how to implement an SMS to fulfill the requirements of ISO/IEC 20000-1[17]
ISO/IEC 20000-6 [18] Information Technology -- Service Management -- Part 6: Requirements for bodies providing audit and certification of service management systems Under Development Part 6: Requirements for bodies providing audit and certification of service management systems
ISO/IEC 20000-8 [19] Information technology -- Service management -- Part 8: Guidance on the application of service management systems for smaller organizations Under Development Part 8: Guidance on the application of service management systems for smaller organizations
ISO/IEC TR 20000-9 Information technology – Service management – Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services Published (2015) Provides guidance on the use of ISO/IEC 20000‑1:2011 for service providers delivering cloud services[20]
ISO/IEC TR 20000-10 Information technology – Service management – Part 10: Concepts and terminology Published (2013) Provides an overview of the concepts and terminology of ISO/IEC 20000 and establishes a common framework for helping organizations understand the purpose of the parts of ISO/IEC 20000 and the relationships between the parts[21]
ISO/IEC TR 20000-11 [22] Information technology -- Service management -- Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks Under Development Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks
ISO/IEC TR 20000-12 [23] Information technology -- IT Service management -- Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC Under Development Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC
ISO/IEC 30105-1[12] IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard Published (2016) Part 1: Process Reference Model (PRM)
ISO/IEC 30105-2[12] IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard Published (2016) Part 2: Process Assessment Model
ISO/IEC 30105-3[12] IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard Published (2016) Part 3: Process measurement framework and organization maturity model
ISO/IEC 30105-4[12] IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard Published (2016) Part 4: Terms and concepts
ISO/IEC 30105-5[12] IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard Published (2016) Part 5: Guidelines
ISO/IEC 30121 System and software engineering – Information technology – Governance of digital forensic risk framework Published (2015) Provides a framework for governing bodies of organizations on the best way to prepare an organization for digital investigations, before they occur[24]
ISO/IEC 38500[25] Information Technology – governance of IT – For the Organization Published (2015) Provides guiding principles for members of governing bodies of organizations on the effective, efficient, and acceptable use of information technology (IT) within their organizations
ISO/IEC TS 38501[26] Information Technology – Corporate Governance of IT Implementation Guide Published (2015) Provides guidance on how to implement arrangements for effective governance of IT within an organization
ISO/IEC TR 38502 Information technology – Governance of IT – Framework and model Published (2014) provides guidance on the nature and mechanisms of governance and management together with the relationships between them, in the context of IT within an organization[27]
ISO/IEC 38505-1 Information Technology -- Governance of IT -- Part 1: The application of ISO/IEC 38500 to the governance of data Under Development Part 1: The application of ISO/IEC 38500 to the governance of data
ISO/IEC TR 38503 [28] Information technology -- governance of IT -- Guidance on the audit of the governance of IT Under Development
ISO/IEC TR 38504 [29] Information technology -- The structure of principles-based standards in the governance of IT Under Development

See also

edit

References

edit
  1. ^ a b ANSI (2013-12-20). "ISO/IEC JTC 1 Holds 28th Plenary Meeting in France". Retrieved 2013-12-30.
  2. ^ a b ISO. "ISO/IEC JTC 1/SC 40". Retrieved 2013-12-30.
  3. ^ a b ISO/IEC JTC 1 (2013-11-13). "Resolutions Adopted at the 28th Meeting of ISO/IEC JTC 1, 4-9 November 2013 in Perros-Guirec, France" (PDF): 8. Retrieved 2013-12-30. {{cite journal}}: Cite journal requires |journal= (help)CS1 maint: numeric names: authors list (link)
  4. ^ "ISO/IEC JTC 1/SC 40". Retrieved 2013-12-30.
  5. ^ IEC. "ISO/IEC JTC 1/SC 40 Scope". Retrieved 2013-12-30.
  6. ^ ISO/IEC JTC 1/SC 40 (2014-10-13). 2013-2014 Business Plan (Report).{{cite report}}: CS1 maint: numeric names: authors list (link)
  7. ^ "ISO/IEC JTC 1/SC 40 Structure". ISO. Retrieved 2015-07-20.
  8. ^ "ISO/IEC JTC 1/SC 40". Retrieved 2013-12-30.
  9. ^ ISO (June 2012). "III. What Help Can I Get from the ISO Central Secretariat?". ISO Membership Manual (PDF). ISO. pp. 17–18. Retrieved 2013-07-12.
  10. ^ "ISO/IEC JTC 1/SC 40 Participation". ISO. Retrieved 2015-07-20.
  11. ^ ISO. "Standards Catalogue (Published): ISO/IEC JTC 1/SC 40". Retrieved 2013-12-30.
  12. ^ a b c d e f ISO. "Standards Catalogue (Under Development): ISO/IEC JTC 1/SC 40". Retrieved 2014-01-02.
  13. ^ ISO (2011-04-12). "ISO/IEC 20000-1:2011" (2 ed.). Retrieved 2013-12-30.
  14. ^ ISO (2012-02-14). "ISO/IEC 20000-2:2012" (2 ed.). Retrieved 2013-12-30.
  15. ^ ISO (2012-08-14). "ISO/IEC 20000-3:2012" (1 ed.). Retrieved 2015-07-20.
  16. ^ ISO (2014-02-24). "ISO/IEC 20000-4:2010" (1 ed.). Retrieved 2015-07-20.
  17. ^ ISO (2013-10-30). "ISO/IEC TR 20000-5:2013" (2 ed.). Retrieved 2013-12-30.
  18. ^ "ISO/IEC CD 20000-6". ISO. Retrieved 2015-08-26.
  19. ^ "ISO/IEC WD 20000-8". ISO. Retrieved 2015-08-26.
  20. ^ ISO (2015-02-16). "ISO/IEC TR 20000-9:2015" (1 ed.). Retrieved 2015-07-20.
  21. ^ ISO (2013-10-30). "ISO/IEC TR 20000-10:2013" (1 ed.). Retrieved 2013-12-30.
  22. ^ "ISO/IEC TR 20000-11". ISO. Retrieved 2015-08-26.
  23. ^ "ISO/IEC TR 20000-12". ISO. Retrieved 2015-08-26.
  24. ^ ISO (2015-03-17). "ISO/IEC 30121:2015" (2 ed.). Retrieved 2015-07-20.
  25. ^ ISO (2015-02-11). "ISO/IEC 38500" (2 ed.). Retrieved 2015-07-20.
  26. ^ ISO (2015-04-20). "ISO/IEC TR 38501" (2 ed.). Retrieved 2015-07-20.
  27. ^ ISO (2014-01-21). "ISO/IEC TR 38502" (1 ed.). Retrieved 2015-07-20.
  28. ^ "ISO/IEC TR 38503". ISO. Retrieved 2015-08-26.
  29. ^ "ISO/IEC TR 38504". ISO. Retrieved 2015-08-26.
edit