Ken Turbitt Blog
Aidan Lawes Blog
Paul Gostick Blog
Dr Jenny Dugmore Blog
Shirley Lacy Blog
Alim Ozcan Blog
Juan Jimenez Blog
Ian Clayton Blog
Nas Ozcan Blog
Aidan Mills Blog

Digital Health Technology Vision 2018
Health organizations are embracing intelligent technologies but must do more to prepare for societal impact...

Ten Strategic Technology Trends for Government
Technologies that enable new service models for digital government must be at the top of the list for government organizations as they prioritize technology investments...


The Robots are Coming: Are CEOs Ready for the Era of Automation?
CEOs agree that robotics is going to make their companies more efficient, with 94% of those who've already adopted robotics saying that it's increased productivity in their business...


The 2015 Chief Digital Officer Study
More companies are appointing a Chief Digital Officer to join their C-suite - but are they doing it quickly enough?...


18th Annual Global CEO Survey
The United States has overtaken China as top target for growth for the first time in five years...

21 April 2009 | Shirley Lacy Blog
Send to a colleague | Add to MY ITP

IT Service Management Assessment Models - Process and Organisational Maturity
This week Shirley looks at the proposed ISO/IEC 20000 Process Reference and Assessment Models for IT Service Management..

  Shirley Lacy

Recently I have been working on different parts of  ISO/IEC 20000, the IT Service management standard. As part of this work we have been developing a Process Reference Model for IT Service Management and Process Assessment Model.

Last week the UK panel for ISO/IEC 20000 assessment models met at the BSI offices in Chiswick. We reviewed the status of various documents in preparation for an ISO SC7 plenary meeting in Hyderabad in May. We went through the target audience for an IT Service Management Process Assessment Model and identified users / target audience as:

  • 3rd party certification assessor
  • External assessor
  • Internal assessor
  • Continual Service Improvement Manager / Service Management Programme Manager
  • Process Owner
  • Quality Manager
  • Due diligence assessor
  • Supplier management  - new suppliers and on-going
  • Transition management and service introduction
  • Release and deployment management
  • Service Assurance Manager

Keen to build on the success of ISO/IEC 20000-1 as an international standard we all want to keep related standards simple, short and concise – this is a great strength of part 1.

We then summarised the requirements for an ISO/IEC 20000 Process Assessment Model as:

  • Ability to do a cheap and effective assessment
  • Target length should be 60 to 80 pages (around £80 to £100)
  • Fit for purpose to use in an assessment (a high level assessment through to a detailed asessment)
  • Simple to use and understand
  • Accessible
  • Easy to see the picture of what the assessment results is telling the assessor
  • Useful for an assessor who knows ISO/IEC 2000-1
  • Needs a good title and needs a strong linkage to ISO/IEC 20000 series and/or be part of ISO/IEC 20000 series.

We then went on to look at the requirements for an IT Service Management Organisational Maturity Model. This thought this would be an easier place to start as ISO/IEC 20000-1 was originally intended to take an organisations to a maturity level of between 3 (established) and 4 (Predictable / Managed). Typically 80% of organisations would be able to this within 2 years. 

We looked at the approach that is used in ISO/IEC TR 15504-7:2008 that describes an Organisational Maturity Model expressed on a scale as follows:

Level 0 Immature

Level 1 Basic

Level 2 Managed

Level 3 Established

Level 4 Predictable

Level 5 Innovating

We had some interesting discussions about the scope of the assessment and what the requirements would be at each level of organisational maturity. We highlighted some difficulties that we had in ITIL – some processes are really practices. A practice may include a core process with inputs that are transformed into outputs but other management and operational activities are also important – capacity management and configuration management were two examples we often used for the ITIL Refresh. When we looked at what happens in practice as a service provide “matures”. From our practical experience, some processes (practices) spanned several levels.

Then we ran out of time – it was late on Friday afternoon so it had been an interesting discussion to keep us all engaged for so long! So let me know if you have anything to add to the discussion…

Since then I have reviewed the proposed revision to 15504. A Study Group was established by ISO SC7 at its plenary meeting in May 2008 with the goal of establishing detailed requirements for the revision of ISO/IEC 15504. The Final Draft of the Study Group Report was released (7 April 2009) for final review prior to the SC7 Plenary meeting in May 2009. Comments need to be submitted by 13 May. The report will be formally issued as the basis for the revision and the next generation of the standard. If you are interested you can access the SPICE User Group to see:

The 15504 Study Group Report

SPICE ITSM IT Service Management PRM and PAM User Group

Any feedback and comments are always welcome!


26th April 2009

Hi Shirley,

Long time no see.  I was just doing my weekly trawl to try and keep up to date and see what was going on in the SM community.  I came across your blog on Process and Organisational maturity and was wondering if CMMI have anything to say on the matter?  Have they been consulted?  I know that CMMI-SV  for services has recently emerged.  It would be a shame if we end up with two different models for Process and Organisational maturity, one from ISO and the other from CMMI.

Keep up the good work. I don’t know where you find the time and energy.


Steve Lawless


Shirley Lacy Email to a colleague | Add to MY ITP

terms & conditions