Requirements for plans
There are several specific requirements for plans in ISO/IEC 20000-1. These are:
Service management plan (clause 4.5.2)
The service management (SM) plan is the main overarching document for ISO/IEC 20000-1 detailing the scope, objectives, service requirements and other items. It is explained in clause 4.5.2 which states that the plan must be created, implemented, reviewed and maintained taking into account the SM policy, service requirements and requirements of ISO/IEC 20000-1. A list of contents is provided for the plan. The contents can be in the plan or referenced from the plan.
All process specific plans need to be aligned with the SM plan.
Service continuity plan (clause 6.3.2)
It is important to note that the requirement in ISO/IEC 20000-1 is for a service continuity plan and not a business continuity plan. A service continuity plan is often a subset of a business continuity plan.
This plan must be tested against the service continuity requirements and re-tested after major changes to the service environment (e.g. change of data centre, move to a new office) or after the plan is invoked. It must contain or reference at least:
- procedures to be implemented in the event of a major loss or service
- availability targets when the plan is invoked
- recovery requirements e.g. which sequence to recover services
- approach for return to normal working conditions.
Availability plan (clause 6.3.2)
The availability plan can be separate from or combined with the service continuity plan. This plan must be tested against the availability requirements and re-tested as for the service continuity plan. It must contain or reference at least availability requirements and targets. Some organisations have these 2 items in other documents and not in a separate availability plan.
Capacity plan (clause 6.5)
The creation of the capacity plan needs to take into consideration human, technical, information and financial resources and agreed capacity and performance requirements. Clause 6.5 contains a list of contents for the plan.
Many organisations have the human and financial resource plans in the annual organisational plans. Information capacity can cover technical capacity for data storage and for storage of documents and records. Technical capacity will cover the networks, hardware, storage etc. facilities.
There are many other requirements in ISO/IEC 20000-1 for planning activities which may lead to the production of plans. These are in clauses as below:
- 5.4.2 internal audit programme and planning of audits
- 5.5.2 planning of improvements
- 2 planning of new or changed services
- 2/9.3 planning of the schedule of change
- 2/9.3 planning for reverse or remedy of failed changes/releases
- 3 planning the deployment of releases.
ISO20000-1 requires 4 specific plans and has other requirements for planning.
Lynda Cooper, an independent consultant and trainer, is one of the first people in the world to hold the ITIL Master qualification. Lynda chairs the BSI committee for IT service management (ITSM). Lynda sits on various ISO/IEC committees representing the UK and is the project editor for ISO/IEC 20000-1 and ISO/IEC 90006.