ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 40 develops and facilitates the development of international standards, technical reports, and technical specifications within the fields of IT service management and IT governance, with a focus in IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance.[1] The international secretariat of ISO/IEC JTC 1/SC 40 is Standards Australia (SA), located in Australia.[2]
History
ISO/IEC JTC 1/SC 40 was formed at the November 2013, 28th JTC 1 Plenary held in Perros-Guirec, France. The subcommittee was established via Resolution 21 from this meeting, and its scope, secretariat, and possible liaisons determined.[3] The new subcommittee combines the work of ISO/IEC JTC 1/WG 8 Governance of IT, ISO/IEC JTC 1/SC 7/WG 25 IT service management, and ISO/IEC JTC 1/SC 7/WG 27 IT enabled services/BPO (ITES/BPO).[1]
Scope
The scope of ISO/IEC JTC 1/SC 40 is:[3][4][5][6]
"Standardization of IT Service Management and IT Governance"
Develop standards, tools, frameworks, best practices and related documents for IT Service Management and IT Governance, including areas of IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance, but excluding subject matter covered under the scope and existing work programs of JTC 1/SC 27 and JTC 1/SC 38.
The work will initially cover:
- Governance of IT, including the development of the ISO/IEC 38500 series standards and related documents.
- Operational aspects of Governance of IT, including ISO/IEC 30121 Information Technology — Governance of digital forensic risk framework, and interfaces with the management of IT as well as the role of governance in the area of business innovation.
- All aspects relating to IT service management, including the development of the ISO/IEC 20000 series standards and related documents.
- All aspects relating to IT-Enabled Services — Business Process Outsourcing, including the development of the ISO/IEC 30105 series standards and related documents.
Structure
ISO/IEC JTC 1/SC 40 is made up of three working groups (WGs), three study groups (SGs), and one advisory group (AG), each of which carries out specific tasks in standards development within the field of IT Service Management and IT Governance. The focus of each working group is described in the group’s terms of reference. The working groups, study groups, and advisory group of ISO/IEC JTC 1/SC 40 are:[7]
Working Group | Title |
---|---|
ISO/IEC JTC 1/SC 40/WG 1 | Governance of Information Technology |
ISO/IEC JTC 1/SC 40/WG 2 | IT Service Management |
ISO/IEC JTC 1/SC 40/WG 3 | IT Enabled Services - Business Process Outsourcing |
ISO/IEC JTC 1/SC 40/SG 1 | General Study Group on Future Work |
ISO/IEC JTC 1/SC 40/SG 2 | Study Group on Service Maintenance (complete) |
ISO/IEC JTC 1/SC 40/SG 3 | Study Group on the governance and service management of IT and IT-enabled business services provided by multiple service providers |
ISO/IEC JTC 1/SC 40/CAG 1 | Chairman Advisory Group |
Collaborations
ISO/IEC JTC 1/SC 40 works in close collaboration with a number of other organizations or subcommittees, both internal and external to ISO or IEC, in order to avoid conflicting or duplicative work. Organizations internal to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 40 include:[8]
- ISO/IEC JTC 1/SC 7, Software and systems engineering
- ISO/IEC JTC 1/SC 27, IT security techniques
- ISO/IEC JTC 1/SC 38, Distributed application platforms and services (DAPS)
- ISO/TC 171, Document management applications
- ISO/TC 258, Project, programme and portfolio management
- ISO/PC 259, Outsourcing
Organizations external to ISO or IEC that collaborate with or are in liaison to ISO/IEC JTC 1/SC 40 include:
- Institute of Electrical and Electronics Engineers (IEEE)
- Information Systems Audit and Control Association (ISACA)
- Organization for the Advancement of Structured Information Standards (OASIS)
- The IT Service Management Forum International Limited (itSMFI)
- International Accreditation Forum (IAF)
Member countries
Countries pay a fee to ISO to be members of subcommittees.[9][10]
The 28 "P" (participating) members of ISO/IEC JTC 1/SC 40 are: Australia, Brazil, Canada, China, Côte d'Ivoire, Denmark, Finland, France, Germany, India, Italy, Japan, Republic of Korea, Luxembourg, Netherlands, New Zealand, Peru, Poland, Portugal, Romania, Russian Federation, Rwanda, Singapore, South Africa, Spain, Sweden, United Kingdom, and United States of America[2]
The 10 "O" (observing) members of ISO/IEC JTC 1/SC 40 are: Argentina, Austria, Belgium, Czech Republic, Hong Kong, Islamic Republic of Iran, Ireland, Kenya, Switzerland, and Uruguay.
Standards
ISO/IEC JTC 1/SC 40 currently has 11 published standards, as well as various other standards or technical reports under development within the field of IT service-management and IT governance. These include:[11][12]
ISO/IEC Standard | Title | Status | Description |
---|---|---|---|
ISO/IEC 20000-1 | Information technology – Service management – Part 1: Service management system requirements | Published (2011) | Specifies the requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain, and improve a service management system (SMS)[13] |
ISO/IEC 20000-2 | Information technology – Service management – Part 2: Guidance on the application of service management systems | Published (2012) | Provides guidance on the application of SMS based on the requirements of ISO/IEC 20000-1[14] |
ISO/IEC 20000-3 | Information technology – Service management – Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 | Published (2012) | Provides guidance on scope definition, applicability and demonstration of conformity to the requirements in ISO/IEC 20000-1. Guidance on the different types of conformity assessment and assessment standards is included. [15] |
ISO/IEC TR 20000-4 | Information technology – Service management – Part 4: Process reference model | Published (2010) | The purpose of ISO/IEC TR 20000-4:2010 is to facilitate the development of a process assessment model according to ISO/IEC 15504 process assessment principles. [16] |
ISO/IEC TR 20000-5 | Information technology – Service management – Part 5: Exemplar implementation plan for ISO/IEC 20000-1 | Published (2013) | Provides guidance on how to implement an SMS to fulfill the requirements of ISO/IEC 20000-1[17] |
ISO/IEC 20000-6 [18] | Information Technology -- Service Management -- Part 6: Requirements for bodies providing audit and certification of service management systems | Under Development | Part 6: Requirements for bodies providing audit and certification of service management systems |
ISO/IEC 20000-8 [19] | Information technology -- Service management -- Part 8: Guidance on the application of service management systems for smaller organizations | Under Development | Part 8: Guidance on the application of service management systems for smaller organizations |
ISO/IEC TR 20000-9 | Information technology – Service management – Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services | Published (2015) | Provides guidance on the use of ISO/IEC 20000‑1:2011 for service providers delivering cloud services[20] |
ISO/IEC TR 20000-10 | Information technology – Service management – Part 10: Concepts and terminology | Published (2013) | Provides an overview of the concepts and terminology of ISO/IEC 20000 and establishes a common framework for helping organizations understand the purpose of the parts of ISO/IEC 20000 and the relationships between the parts[21] |
ISO/IEC TR 20000-11 [22] | Information technology -- Service management -- Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks | Under Development | Part 11: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks |
ISO/IEC TR 20000-12 [23] | Information technology -- IT Service management -- Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC | Under Development | Part 12: Guidance on the relationship between ISO/IEC 20000-1:2011 and service management frameworks: CMMI-SVC |
ISO/IEC 30105-1[12] | IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard | Published (2016) | Part 1: Process Reference Model (PRM) |
ISO/IEC 30105-2[12] | IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard | Published (2016) | Part 2: Process Assessment Model |
ISO/IEC 30105-3[12] | IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard | Published (2016) | Part 3: Process measurement framework and organization maturity model |
ISO/IEC 30105-4[12] | IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard | Published (2016) | Part 4: Terms and concepts |
ISO/IEC 30105-5[12] | IT Enabled Services / Business Process Outsourcing Lifecycle Processes ITESBPO Standard | Published (2016) | Part 5: Guidelines |
ISO/IEC 30121 | System and software engineering – Information technology – Governance of digital forensic risk framework | Published (2015) | Provides a framework for governing bodies of organizations on the best way to prepare an organization for digital investigations, before they occur[24] |
ISO/IEC 38500[25] | Information Technology – governance of IT – For the Organization | Published (2015) | Provides guiding principles for members of governing bodies of organizations on the effective, efficient, and acceptable use of information technology (IT) within their organizations |
ISO/IEC TS 38501[26] | Information Technology – Corporate Governance of IT Implementation Guide | Published (2015) | Provides guidance on how to implement arrangements for effective governance of IT within an organization |
ISO/IEC TR 38502 | Information technology – Governance of IT – Framework and model | Published (2014) | provides guidance on the nature and mechanisms of governance and management together with the relationships between them, in the context of IT within an organization[27] |
ISO/IEC 38505-1 | Information Technology -- Governance of IT -- Part 1: The application of ISO/IEC 38500 to the governance of data | Under Development | Part 1: The application of ISO/IEC 38500 to the governance of data |
ISO/IEC TR 38503 [28] | Information technology -- governance of IT -- Guidance on the audit of the governance of IT | Under Development | |
ISO/IEC TR 38504 [29] | Information technology -- The structure of principles-based standards in the governance of IT | Under Development |
See also
References
- 1 2 ANSI (2013-12-20). "ISO/IEC JTC 1 Holds 28th Plenary Meeting in France". Retrieved 2013-12-30.
- 1 2 ISO. "ISO/IEC JTC 1/SC 40". Retrieved 2013-12-30.
- 1 2 ISO/IEC JTC 1 (2013-11-13). "Resolutions Adopted at the 28th Meeting of ISO/IEC JTC 1, 4-9 November 2013 in Perros-Guirec, France" (PDF): 8. Retrieved 2013-12-30.
{{cite journal}}
: Cite journal requires|journal=
(help)CS1 maint: numeric names: authors list (link) - ↑ "ISO/IEC JTC 1/SC 40". Retrieved 2013-12-30.
- ↑ IEC. "ISO/IEC JTC 1/SC 40 Scope". Retrieved 2013-12-30.
- ↑ ISO/IEC JTC 1/SC 40 (2014-10-13). 2013-2014 Business Plan (Report).
{{cite report}}
: CS1 maint: numeric names: authors list (link) - ↑ "ISO/IEC JTC 1/SC 40 Structure". ISO. Retrieved 2015-07-20.
- ↑ "ISO/IEC JTC 1/SC 40". Retrieved 2013-12-30.
- ↑ ISO (June 2012). "III. What Help Can I Get from the ISO Central Secretariat?". ISO Membership Manual (PDF). ISO. pp. 17–18. Retrieved 2013-07-12.
- ↑ "ISO/IEC JTC 1/SC 40 Participation". ISO. Retrieved 2015-07-20.
- ↑ ISO. "Standards Catalogue (Published): ISO/IEC JTC 1/SC 40". Retrieved 2013-12-30.
- 1 2 3 4 5 6 ISO. "Standards Catalogue (Under Development): ISO/IEC JTC 1/SC 40". Retrieved 2014-01-02.
- ↑ ISO (2011-04-12). "ISO/IEC 20000-1:2011" (2 ed.). Retrieved 2013-12-30.
- ↑ ISO (2012-02-14). "ISO/IEC 20000-2:2012" (2 ed.). Retrieved 2013-12-30.
- ↑ ISO (2012-08-14). "ISO/IEC 20000-3:2012" (1 ed.). Retrieved 2015-07-20.
- ↑ ISO (2014-02-24). "ISO/IEC 20000-4:2010" (1 ed.). Retrieved 2015-07-20.
- ↑ ISO (2013-10-30). "ISO/IEC TR 20000-5:2013" (2 ed.). Retrieved 2013-12-30.
- ↑ "ISO/IEC CD 20000-6". ISO. Retrieved 2015-08-26.
- ↑ "ISO/IEC WD 20000-8". ISO. Retrieved 2015-08-26.
- ↑ ISO (2015-02-16). "ISO/IEC TR 20000-9:2015" (1 ed.). Retrieved 2015-07-20.
- ↑ ISO (2013-10-30). "ISO/IEC TR 20000-10:2013" (1 ed.). Retrieved 2013-12-30.
- ↑ "ISO/IEC TR 20000-11". ISO. Retrieved 2015-08-26.
- ↑ "ISO/IEC TR 20000-12". ISO. Retrieved 2015-08-26.
- ↑ ISO (2015-03-17). "ISO/IEC 30121:2015" (2 ed.). Retrieved 2015-07-20.
- ↑ ISO (2015-02-11). "ISO/IEC 38500" (2 ed.). Retrieved 2015-07-20.
- ↑ ISO (2015-04-20). "ISO/IEC TR 38501" (2 ed.). Retrieved 2015-07-20.
- ↑ ISO (2014-01-21). "ISO/IEC TR 38502" (1 ed.). Retrieved 2015-07-20.
- ↑ "ISO/IEC TR 38503". ISO. Retrieved 2015-08-26.
- ↑ "ISO/IEC TR 38504". ISO. Retrieved 2015-08-26.